Your COVID-19 HIPAA Guide: Navigating Telehealth, Compliance Changes, and a Remote Workforce
As we come to grips with our new reality during the Coronavirus, the healthcare industry has begun to adapt to its new role. Accessing patients during a time of “social distancing” can be challenging, but we are armed with the tech and the innovation to accommodate these unprecedented times.
With that being the case, medical and dental practices have been forced to change with this rapidly evolving situation. Accessing patient data, consultations, and patient disclosures may not be in compliance with the previous HIPAA guidelines but will be expanded for the purposes of this public health emergency.
Administration Eases the Restrictions on HIPAA
The Health and Human Services Office for Civil Rights (OCR) announced on Tuesday (March 17, 2020) that during the Coronavirus pandemic it will use discretion when enforcing HIPAA-compliance for communications tools.
During a White House Press Conference on Tuesday, Seema Verma, administrator of the Centers for Medicare and Medicaid Services said, “We are doing a dramatic expansion of what’s known as telehealth for our 62 million Medicare beneficiaries, who are amongst the most vulnerable to the coronavirus.”
Given the seriousness of the spread of this virus and the desire to keep as many Americans quarantined as possible, live audio and video telehealth options will now be included as acceptable forms of healthcare under the strict HIPAA regulations.
During this time of public health emergency, the OCR, the privacy watchdog group of the Health and Human Services Administration, will not impose penalties on providers who use non-HIPAA-compliant remote communications technology. This is a critical component of keeping the most vulnerable from being required to be seen in-person at a doctor's office during this pandemic.
What Does This Mean for You or Your Practice?
For the average American, this means that a few things may change in regard to your access to healthcare. In order to keep you a safe distance from other patients, especially patients that may be exhibiting symptoms of COVID-19, you may find the following changes:
- Doctors and other medical personnel will not face OCR penalties for noncompliance with the regulatory requirements under the HIPAA Rules against covered health care providers in connection with the good faith provision of telehealth during the COVID-19 nationwide public health emergency.
- Patients may be able to conference either via live audio or video telehealth methods directly with a doctor.
- Doctors may be able to use their smartphones to “meet” with patients as needed.
- Medical providers will continue to implement reasonable safeguards to protect patient information against intentional or unintentional impermissible uses and disclosures.
- Medical professionals will be able to access patients using video chat applications but are asked to avoid public-facing applications such as Facebook, Tik-Tok, and Twitch to safeguard patient confidentiality.
Given these unprecedented times, it is still important for patients who have issues unrelated to the Coronavirus to maintain good health. Here are a few resources and videos to help you understand these complex issues health care providers are facing.
Frequently Asked Questions
- Download the OCR bulletin advising covered entities of further flexibilities available to them as well as obligations that remain in effect under HIPAA as they respond to crises or emergencies
- View guidance on BAAs, including sample BAA provisions
- Additional information about HIPAA Security Rule safeguards
- View HealthIT.gov for guidelines and technical assistance on telehealth
- Download the CDC Coronavirus fact sheet
- Electronic Signature
- Password Management
- Keeping Electronic Medical Records (EMR) and Electronic Health Records (EHR) Safe
- Coronavirus Phishing and Hacking Scams on the Rise
- What is the Most Common Cause of Data Breaches?
- Top HIPAA Violations
- Protecting Your Business from Phishing Scams
- Top 5 Most Common HIPAA Compliance Issues