Read about this HIPAA guidance for audio-only telehealth visits and how covered entities can provide these services while complying with the HIPAA Rules.
On June 13, the U.S. Department of Health and Human Services (HHS) issued guidance for healthcare providers and health plans. The document stated how healthcare professionals can use remote communication technologies to provide audio-only telehealth services. These include the COVID-19 public health emergency.
The Office of Civil Rights (OCR) issued a notification stating that the institution would not impose penalties for HIPAA noncompliance on covered healthcare providers or entities for using non-public-facing remote products to communicate with patients, even when the technology and its use do not fully comply with HIPAA rules.
The new guidance helps covered entities understand how to use remote communication technologies for audio-only telehealth in compliance with the HIPAA Rules. This includes when OCR’s Notification of Enforcement Discretion for Telehealth Remote Communications is no longer effective.
Here are some key takeaways you should know for audio-only telehealth visits:
1. The HIPAA Security Rule does not apply to audio-only telehealth services provided using a standard telephone line because the information transmitted is not electronic.
2. A Covered Entity (CE) communicating with patients via telephone is not required to enter a Business Associate (BA) agreement with a telecommunication service provider.
3. The security rule applies when a CE uses electronic communication technologies, such as Voice over Internet Protocol, or mobile devices that use electronic media, such as the Internet, intranets and extranets, cellular networks, and Wi-Fi networks.
4. A BA agreement is required if the service provider has a hand in creating, receiving, or maintaining the information on behalf of the CE. Read more about this on our blog How to make sure your BAs are HIPAA Compliant.
According to the Office of Civil Rights (OCR) Director, Lisa J. Pino, “audio telehealth is an important tool to reach patients in rural communities, individuals with disabilities, and others seeking the convenience of remote options.” Therefore, it is important to have guidance to ensure the privacy and security of health information. Read the full guidance here.
Being HIPAA Compliant is vital for practices. Protecting your information and implementing reasonable safeguards to prevent violations and avoid sanctions is important. Read more about this on our blog 4 steps to reduce HIPAA breaches within your medical practice.
Stay tuned for this and more industry news through our June 2022 newsletter. Subscribe to our monthly newsletter and our Health Prime Blog for ongoing leading industry medical practice articles and policy updates.
