OCR will waive HIPAA violations for telehealth consultations during COVID-19 pandemic
As social distancing efforts ramp up to slow the spread of the novel coronavirus (COVID-19), healthcare providers are turning to telehealth as a viable mode of communication with patients, who are being discouraged from making in-person visits to healthcare facilities when possible.
On March 17, the HHS Office for Civil Rights (OCR) announced that it will waive penalties for HIPAA violations that “serve patients in good faith through everyday communications technologies.”
For now, healthcare providers are permitted to use various video and audio technologies to communicate with patients in lieu of in-person visits during the nationwide public health emergency. These technologies are not required to be HIPAA compliant, although providers are encouraged by OCR to seek out secure technology.
Video conferences can be used for patients exhibiting symptoms of COVID-19 or patients dealing with any number of non-emergency medical situations. OCR lists sprained ankle, dental consultation, or psychological evaluation as examples.
Medicare will pay for office, hospital, and other visits furnished via telehealth across the country and including in patient’s places of residence, according to CMS. This is retroactively effective starting March 6, 2020.
Covered entities (CE) are permitted to use “any non-public facing remote communication product that is available” to communicate with patients, according to HHS. This includes applications such as Apple FaceTime, Facebook Messenger video chat, Google Hangouts video, and Skype. Public-facing technologies such as Facebook Live, Twitch, Slack, and TikTok should not be used, according to OCR.
Currently, there is no deadline for the expiration of the waiver. OCR will issue a notice to the public when it is no longer exercising enforcement discretion.