As we are considering telehealth visits to reduce person to person contact we must also follow HIPAA guidelines for our communications with patients.
A covered entity (health care provider) that wants to use audio or video communication technology to provide telehealth to patients during the COVID-19 nationwide public health emergency can use any non-public facing remote communication product that is available to communicate with patients.
Telehealth or Video Conferencing Applications Allowed by Office of Civil Rights to comply with HIPAA.
- Apple FaceTime
- Facebook Messenger video chat
- Google Hangouts video
Providers should notify patients that these third-party applications could potentially introduce privacy risks, and providers should enable all available encryption and privacy modes when using such applications.
Business Associate Agreements – The list below also includes some vendors that represent that they provide HIPAA-compliant video communication products and will enter into a HIPAA BAA.
- Skype for Business
- Zoom for Healthcare
- Google G Suite Hangouts Meet
Telehealth or Video Conferencing Applications Not Acceptable under HIPAA
- Facebook Live
- similar video communication applications which are public facing
These types of transmissions should NOT be used in the provision of telehealth by covered entities’.
Note: OCR will not impose penalties against covered health care providers for the lack of a BAA with video communication vendors or any other noncompliance with the HIPAA Rules that relates to the good faith provision of telehealth services during the COVID-19 nationwide public health emergency.
Source: March 18, 2020 OCR Notification of Enforcement Discretion for Telehealth Remote Communications during the COVID-19 Nationwide Public Health Emergency https://www.hhs.gov/sites/default/files/february-2020-hipaa-and-novel-coronavirus.pdf