HIPAA & Telehealth Technology – from Joan Usher

As we are considering telehealth visits to reduce person to person contact we must also follow HIPAA guidelines for our communications with patients.

A covered entity (health care provider) that wants to use audio or video communication technology to provide telehealth to patients during the COVID-19 nationwide public health emergency can use any non-public facing remote communication product that is available to communicate with patients.

Telehealth or Video Conferencing Applications Allowed by Office of Civil Rights to comply with HIPAA.

  • Apple FaceTime
  • Facebook Messenger video chat
  • Google Hangouts video
  • Skype

Providers should notify patients that these third-party applications could potentially introduce privacy risks, and providers should enable all available encryption and privacy modes when using such applications.

Business Associate Agreements – The list below also includes some vendors that represent that they provide HIPAA-compliant video communication products and will enter into a HIPAA BAA.

  • Skype for Business
  • Updox
  • VSee
  • Zoom for Healthcare
  • me
  • Google G Suite Hangouts Meet

Telehealth or Video Conferencing Applications Not Acceptable under HIPAA

  • Facebook Live
  • Twitch
  • TikTok
  • similar video communication applications which are public facing

These types of transmissions should NOT be used in the provision of telehealth by covered entities’.

Note: OCR will not impose penalties against covered health care providers for the lack of a BAA with video communication vendors or any other noncompliance with the HIPAA Rules that relates to the good faith provision of telehealth services during the COVID-19 nationwide public health emergency. 

Source: March 18, 2020 OCR Notification of Enforcement Discretion for Telehealth Remote Communications during the COVID-19 Nationwide Public Health Emergency https://www.hhs.gov/sites/default/files/february-2020-hipaa-and-novel-coronavirus.pdf

Joan L. Usher, BS, RHIA, HCS-D, ACE

JLU Health Record Systems