Breaking Compliance News Blog

HIPAA & COVID-19: telehealth

Posted by Margaret Scavotto, JD, CHC on 3/27/20 12:00 AM

Find me on:

Blog Series: Staying HIPAA Compliant During COVID-19

Sarah Badahman, CHPSE, Founder/CEO, HIPAAtrek, St. Louis 

Bethany Baty, Digital Marketing Director, HIPAAtrek, St. Louis

Margaret Scavotto, JD, CHC, President, MPA, St. Louis 

***To help providers with HIPAA compliance during the COVID-19 pandemic, all MPA HIPAA Tool Kits are now marked down to 50% off. 
A HIPAA & COVID-19 Telehealth policy was added to the Privacy and Security Tool Kits on 3/24***

Today is day five of a five day blog series on HIPAA issues that are relevant during COVID-19. Our goal is to help you remain compliant during these challenging times. ~ MPA and HIPPAtrek.


Using telehealth safely

cdn2.hubspot.nethubfs378557Woman at Computer-1

On March 17, the Office for Civil Rights (OCR) issued a Notification of Enforcement Discretion for Telehealth Remote Communications during the COVID-19 Nationwide Public Health Emergency. In this Notification, the OCR announced that it will NOT impose HIPAA penalties against covered health care providers using telehealth, in good faith, during COVID-19.

Who is covered by this guidance?

The guidance applies to all covered health care providers.

What programs can providers use for telehealth?

The OCR expressly stated that the following NON-PUBLIC FACING applications may be used for telehealth during COVID-19:

            • FaceTime
            • Facebook Messenger video chat
            • Google Hangouts video
            • Skype

What CAN’T be used for telehealth?

Providers CANNOT use PUBLIC-FACING applications such as Facebook Live, Twitch, and TikTok.

What else do providers need to do?

  • Notify patients of privacy risks.
  • Enable encryption and privacy modes.
  • Get a business associate agreement (BAA) from any service providers involved, whenever possible.

The OCR also compiled a list of FAQ related to telehealth use during COVID-19.

MPA updated its HIPAA Privacy and Security Tool Kits with a HIPAA & COVID-19 Telehealth Policy – subscribers have been emailed a download link to this policy. If you would like to purchase a license to MPA’s HIPAA Tool Kits, click here


MCS Signature November 2018

missing hipaa policies snip

Topics: HIPAA, data breach, security, COVID-19, privacy

    Privacy Policy           Terms of Use