Blog Series: Staying HIPAA Compliant During COVID-19
Sarah Badahman, CHPSE, Founder/CEO, HIPAAtrek, St. Louis
Bethany Baty, Digital Marketing Director, HIPAAtrek, St. Louis
Margaret Scavotto, JD, CHC, President, MPA, St. Louis
Today is day five of a five day blog series on HIPAA issues that are relevant during COVID-19. Our goal is to help you remain compliant during these challenging times. ~ MPA and HIPPAtrek.
Using telehealth safely
On March 17, the Office for Civil Rights (OCR) issued a Notification of Enforcement Discretion for Telehealth Remote Communications during the COVID-19 Nationwide Public Health Emergency. In this Notification, the OCR announced that it will NOT impose HIPAA penalties against covered health care providers using telehealth, in good faith, during COVID-19.
Who is covered by this guidance?
The guidance applies to all covered health care providers.
What programs can providers use for telehealth?
The OCR expressly stated that the following NON-PUBLIC FACING applications may be used for telehealth during COVID-19:
- Facebook Messenger video chat
- Google Hangouts video
What CAN’T be used for telehealth?
Providers CANNOT use PUBLIC-FACING applications such as Facebook Live, Twitch, and TikTok.
What else do providers need to do?
- Notify patients of privacy risks.
- Enable encryption and privacy modes.
- Get a business associate agreement (BAA) from any service providers involved, whenever possible.
The OCR also compiled a list of FAQ related to telehealth use during COVID-19.