by Margaret Young Levi and Kathie McDonald-McClure
Federal and state governments have relaxed restrictions on telehealth to encourage and empower medical providers to serve patients at home during the novel coronavirus (COVID-19) national public health emergency (PHE). Both medical providers and patients have embraced this new way of connecting due to its convenience and, as a result, the expanded use of telehealth is likely here to stay. The use of audio and video conferencing for patient care, while convenient, risks an unauthorized disclosure of sensitive information if it is used without due regard for whether the connections are secure.
Following expansion by the U.S. Department of Human Health Services’ Office for Civil Rights (OCR) and the Centers for Medicare and Medicaid Services (CMS) of federal telehealth services and relaxation of certain requirements during the COVID-19 PHE, Kentucky Medicaid followed suit. See our previous post about Kentucky Medicaid’s expansion of coverage for telehealth.
OCR Relaxes HIPAA enforcement for telehealth during COVID-19 PHE. OCR, the agency responsible for enforcement of HIPAA, issued guidance on its enforcement discretion with regard to certain telehealth practices under HIPAA. This guidance makes it clear that OCR will not enforce penalties for the use of technology that is not HIPAA compliant, when used in the good faith provision of telehealth services.
Under this Notice, covered health care providers may use popular applications that allow for video chats, including Apple FaceTime, Facebook Messenger video chat, Google Hangouts video, or Skype, to provide telehealth without risk that OCR might seek to impose a penalty for noncompliance with the HIPAA Rules related to the good faith provision of telehealth during the COVID-19 PHE.