On March 17, 2020 the Department of Health and Human Services, Office for Civil Rights (“OCR”) announced that it would “exercise its enforcement discretion and will waive any potential penalties for HIPAA violations” for health care providers who are serving patients using “everyday communications technologies.” The OCR issued this guidance to ensure providers could make use of available technologies and communication apps in order to facilitate virtual visits with patients.
Specifically, the guidance provides (emphasis added):
A covered health care provider that wants to use audio or video communication technology to provide telehealth to patients during the COVID-19 nationwide public health emergency can use any non-public facing remote communication product that is available to communicate with patients. OCR is exercising its enforcement discretion to not impose penalties for noncompliance with the HIPAA Rules in connection with the good faith provision of telehealth using such non-public facing audio or video communication products during the COVID-19 nationwide public health emergency. This exercise of discretion applies to telehealth provided for any reason, regardless of whether the telehealth service is related to the diagnosis and treatment of health conditions related to COVID-19.
The waiver allows providers to have more discretion in working with patients, including those that may potentially have COVID-19 and those who may have another condition (so that they can stay away from a waiting room with potential COVID-19 patients). Note however, the exception does not extend to public facing video chats, examples of which are provided by the OCR guidance.
Epstein Becker Green is regularly publishing updates on telehealth-related issues and invite you to read previously-issued updates:
Blog Editors
Authors
General Counsel / Chief Privacy Officer
