Telehealth, HIPAA Compliance, and COVID-19
The Office for Civil Rights at the Department of Health and Human Services will be exercising its discretion in enforcement of HIPAA compliance during the nationwide public health emergency created by COVID-19. Physicians acting in good faith and using professional judgment to communicate with patients and provide telehealth services will not be subject to penalties for noncompliance with HIPAA requirements. Covered entities may request to examine a patient exhibiting COVID- 19 symptoms or treat other medical conditions using a video chat application connecting the provider’s or patient’s phone or desktop computer in order to assess a greater number of patients while limiting the risk of exposure to others. Covered entities may use FaceTime, Facebook Messenger video chat, Google Hangouts video, Zoom, or Skype to provide telehealth without risk of penalty for noncompliance with the HIPAA Rules, subject to a good faith provision of telehealth during the COVID-19 nationwide public health emergency. Providers should inform patients of the potential privacy risks and enable all security settings possible. Cover entities SHOULD NOT USE Facebook Live, Twitch, TikTok, or video communication applications that are public facing to provide telehealth services.