X
GO
Resource Overview

In order to effectively protect health IT systems, Health Center IT leadership needs to consider not only the physical and technical measures of protection for their site, but also the human and workflow measures required to provide the highest levels of privacy and security available throughout their organization.

Resources provided in this section include a set of curated best practices and gold standards for protecting  and effectively responding to health IT system threats. 

Health IT Privacy & Security Best Practices
Using non-traditional technology for telehealth during COVID-19 Pandemic

Using non-traditional technology for telehealth during COVID-19 Pandemic

Issue Brief for implementing commercial applications for telehealth consistent with March 2020 OCR Guidance

Health and Human Services’ Office of Civil Rights (OCR), the entity responsible for enforcing regulations under HIPAA, stated, effective immediately, it will exercise enforcement discretion and will not impose penalties for HIPAA violations against covered healthcare providers if patients are served on a good faith basis during the COVID-19 nationwide public health emergency. OCR has clarified that, during this public health emergency, these technologies can be used for any services, not only those specific to COVID-19. OCR’s guidance states, “covered healthcare providers may use popular applications that allow for video chats, including Apple FaceTime, Facebook Messenger video chat, Google Hangouts video, or Skype, to provide telehealth without risk that OCR might seek to impose a penalty for noncompliance with the HIPAA Rules.” Providers should ensure communication products are non-public facing.

Using one of these technologies should be a last resort, secondary to using traditional telehealth, such as traditional telehealth modalities have healthcare-specific features and security. OCR stresses the importance of using HIPAA-compliant telehealth applications whenever possible from vendors who will enter into Business Association Agreements (BAAs).

Download the resource below for Issue Brief to support implementation of this guidance, including at-a-glance reference of acceptable and unacceptable apps as well as list of Dos and Don'ts.

Documents to download

Previous Article Focus: PHI
Next Article COVID-19 and CYBER SECURITY RISKS
Print
34268

Acknowledgements

This resource collection was cultivated and developed by the HITEQ team with valuable suggestions and contributions from HITEQ Project collaborators.

Quick Feedback Request
Highlighted Resources & Events
Need Assistance?
Would you like more assistance regarding Privacy and Security strategies or support in using any of the included resource sets?

  Request Support

 

Upcoming Events
The Quadruple Aim
Quadruple Aim

A Conceptual Framework

Improving the U.S. health care system requires four aims: improving the experience of care, improving the health of populations, reducing per capita costs and improving care team well-being. HITEQ Center resources seek to provide content and direction aligned with the goals of the Quadruple Aim

Learn More