As more healthcare providers pivot to telehealth appointments to mitigate the spread of COVID-19 coronavirus, the Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS) will let providers use tech that may not be compliant with the Health Insurance Portability and Accountability Act (HIPAA) to communicate with patients.
OCR said that it will exercise “enforcement discretion” and avoid imposing penalties for HIPAA noncompliance to providers using “good faith” telehealth tech during the pandemic. Effective immediately, healthcare providers can now use any audio or visual non-public facing remote communication tech to provide virtual patient care.
Popular examples of tech that count under this provision include Apple FaceTime, Facebook Messenger video chat, Google Hangouts, and Skype. HHS encourages healthcare providers to notify patients of the potential privacy risks of using these third-party apps and recommends enabling all encryption and privacy features available. Public facing video communication tech such as Facebook Live, Twitch, and TikTok will still be subject to HIPAA enforcement.
Under this guidance, patients and providers may use telehealth for any medical check-up whether it is related to the COVID-19 coronavirus or not. By encouraging use of telehealth, the agency hopes it will allow health care providers to “assess a greater number of patients while limiting the risk of infection of other persons who would be exposed from an in-person consultation.”