COVID-19 waivers for HIPAA noncompliance: Telehealth services

Many healthcare providers are on the front lines of the current pandemic. For them, a lot of things are uncertain, particularly how to best help patients and the public while complying with the Health Insurance Portability and Accountability Act’s (HIPAA) rules on protecting confidential patient information. Healthcare professionals in North Carolina and many parts of the United States are faced with a reality: freer access to patient information may save lives.

But violating HIPAA rules could result in exorbitant fines and ruined reputations for noncompliant healthcare providers. Given the ongoing crisis, however, quick and appropriate responses to combat the outbreak are taking precedence over following HIPAA rules. Just recently, the Department of Health and Human Services (HHS), HIPAA’s governing body, announced waivers of penalties for noncompliance, such as in telehealth services.

What is a good faith use and disclosure of patient information?
On March 17, 2020, the HHS and its privacy watchdog, the Office of Civil Rights (OCR), partially suspended the enforcement of HIPAA penalties for good faith uses and disclosures of patient information.

By law, a good faith effort is defined as what a reasonable person understands as an honest and diligent attempt to do something. Under the current circumstances, a good faith use and disclosure of patient information is meant to prevent the spread of COVID-19 by boosting the healthcare system’s efforts in curbing the pandemic. In other words, enforcement of rules pertaining to patient confidentiality will be relaxed.

The HSS’s waiver for good faith use and disclosure is meant to encourage providers to serve patients and protect public safety, unhindered by penalties regarding patient information. This will create freer health information exchange between organizations, such as federal agencies and hospitals, and improve the coordinated pandemic response between the public and private sectors. Here are some specific scenarios.

  • Expedite patient care by allowing the Centers for Medicare & Medicaid Services (CMS) to speedily process medical payments with easier access to medical records
  • Enable federal and public health agencies to directly request coronavirus-related data from hospitals, without getting permission from patients
  • Free up hospitals to make decisions for patient and public safety, even if these would violate HIPAA, such as declining a patient’s request to opt out of their care facilities

What are telehealth services?
With social distancing urgently needed to flatten the curve, one outstanding result of these developments will be the increased use of telehealth services. Telehealth, as the name suggests, involves the use of everyday audio or video communications technology to serve patients. These services can facilitate providing virtual care to patients, thereby lessening the risk of the virus spreading.

Telehealth would normally breed problems in patient information use and disclosure, such as when communication equipment isn’t properly vetted for compliance with HIPAA rules on patient privacy.

However, at this time, the OCR will not be imposing noncompliance or breach of privacy penalties on telehealth services providers, regardless of whether the services are the diagnosis and treatment of coronavirus-related health conditions.

Telehealth services can be administered by physicians, nurse practitioners, clinical psychologists, and clinical social workers from any healthcare facility, as well as from homes. They can use audio or video communication applications, such as Facebook messenger, Zoom for Healthcare, and Microsoft Office 365’s Skype for Business, so long as these platforms meet the following conditions:

  • Communication products should be non-public-facing apps — that is, not readily accessible to the public. Popular public-facing communication apps include Instagram Live, Facebook Live, Twitch, and Tiktok.
  • Providers should inform patients that communicating over these apps for consultation pose privacy risks.
  • Providers must demonstrate efforts to secure communications with patients by enabling measures such as encryption and privacy modes.

With the advantages it offers, SpectrumWise’s Voice over Internet Protocol (VoIP) communication system is particularly suited to telehealth. Its superior call quality will ensure that your patients have good consultation experiences and receive accurate information. It offers other numerous communication options delivered smoothly via a dedicated line, while best practices and solutions in secure communications are implemented by our experts.

It’s important to remember that the crisis has not completely done away with the need for HIPAA compliance. As a healthcare provider at this time, you need a technology partner that will ensure your IT systems comply with HIPAA regulations on billing practices, data security, and patient safety. Let us take care of that. Partnering with SpectrumWise will allow you to focus on where you’re needed the most — helping people in need. Talk to us today.


Contact Us

"*" indicates required fields

This field is for validation purposes and should be left unchanged.