Using non-traditional technology for telehealth during COVID-19 Pandemic

Issue Brief for implementing commercial applications for telehealth consistent with March 2020 OCR Guidance

Health and Human Services’ Office of Civil Rights (OCR), the entity responsible for enforcing regulations under HIPAA, stated, effective immediately, it will exercise enforcement discretion and will not impose penalties for HIPAA violations against covered healthcare providers if patients are served on a good faith basis during the COVID-19 nationwide public health emergency. OCR has clarified that, during this public health emergency, these technologies can be used for any services, not only those specific to COVID-19. OCR’s guidance states, “covered healthcare providers may use popular applications that allow for video chats, including Apple FaceTime, Facebook Messenger video chat, Google Hangouts video, or Skype, to provide telehealth without risk that OCR might seek to impose a penalty for noncompliance with the HIPAA Rules.” Providers should ensure communication products are non-public facing.

Using one of these technologies should be a last resort, secondary to using traditional telehealth, such as traditional telehealth modalities have healthcare-specific features and security. OCR stresses the importance of using HIPAA-compliant telehealth applications whenever possible from vendors who will enter into Business Association Agreements (BAAs).

Download the resource below for Issue Brief to support implementation of this guidance, including at-a-glance reference of acceptable and unacceptable apps as well as list of Dos and Don'ts.