The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) announced that it will use discretion for HIPAA compliance of telehealth communications tools from 17 of March 2020 during the coronavirus pandemic.
Communication technologies may not fully comply with HIPAA requirements, but OCR will not impose penalties for noncompliance because of the critical need to provide telehealth during the COVID-19 nationwide public health emergency. This applies to telehealth provided for any reason, regardless of whether the telehealth service is related to the diagnosis and treatment of health conditions related to COVID-19.
“We are empowering medical providers to serve patients wherever they are during this national public health emergency,” said Roger Severino, OCR Director. Special focus is to provide medical service for older persons and persons with disabilities.
Telehealth providers are temporarily allowed to use applications such as Apple FaceTime, Facebook Messenger video chat, Google Hangouts video or Skype. The patients should be notified about privacy risks of such non HIPAA compliant apps.
But the agency also specifies that Facebook Live, Twitch, TikTok, other public-facing video communication “should not be used in the provision of telehealth.”
Wherever possible, healthcare providers should use HIPAA compliant communication tools such as Skype for Business, Updox, VSe, Zoom for Healthcare, Doxy.me and Google G Suite Hangouts Meet and sign business associate agreements with technology vendors.