Navigating COVID-19: Understanding Relaxed HIPAA Security and Privacy Guidelines for Healthcare Providers

Relaxation of HIPAA Rules by the Office for Civil Rights

Overview of Changes

The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services has announced a temporary relaxation of HIPAA regulations for covered entities and business associates involved in COVID-19 testing site operations. This adjustment includes the waiver of HIPAA penalties for healthcare providers practicing telehealth through third-party applications like Skype and Facebook Messenger. In light of the national health emergency, the OCR is exercising its discretion to modify certain HIPAA provisions related to telehealth services.

Context and Support

During the ongoing pandemic, these measures are seen as essential for enabling healthcare professionals to provide necessary services. New York Governor Andrew Cuomo has been a prominent figure throughout this crisis, offering daily updates on the evolving situation. The OCR’s enforcement discretion, communicated in an April 9 press release, underscores their commitment to combatting the spread of COVID-19 and supporting the recovery efforts.

Statement from the OCR Director

Roger Severino, the Director of OCR, emphasized the need to empower medical practitioners to serve patients across the nation during this public health emergency, particularly focusing on the health of vulnerable populations, including older Americans and individuals with disabilities.

Reasons Behind the Relaxation of HIPAA Rules

Immediate Assistance for Healthcare Providers

The relaxation of HIPAA rules aims to provide immediate assistance to healthcare providers, including major pharmaceutical companies, participating in community-wide testing operations, officially known as Community-Based Testing Sites (CBTS). These sites may include mobile, drive-through, and walk-up facilities for widespread COVID-19 testing.

Flexibility in Telehealth Regulations

Prior to the pandemic, telehealth services were required to adhere strictly to HIPAA Privacy and Security Guidelines. However, the widespread nature of COVID-19 has necessitated a temporary relaxation of these regulations, allowing for greater flexibility in response to the public health crisis.

Support for Overburdened Healthcare Workers

With healthcare professionals overwhelmed by the influx of patients, administrative burdens can exacerbate their challenges. Consequently, the Centers for Medicare & Medicaid Services (CMS) and OCR have implemented these changes to alleviate some of the pressures faced by providers.

Guidelines for Safe Telehealth Communication

Permissible Communication Tools

Providers can utilize various applications for telehealth communications, including Facebook Messenger, Skype, Apple FaceTime, Google Hangouts, and Zoom, as long as they are not public-facing software.

Restricted Applications

Certain applications, such as TikTok, Twitch, and Facebook Live, are categorized as public-facing and are therefore prohibited for telehealth use. Providers should ensure they select applications from the permitted category before delivering care.

Enforcement Discretion in Telehealth Services

As healthcare demand surges, OCR is exercising enforcement discretion to facilitate access to telehealth services across the country. This means that providers will not face penalties for non-compliance with HIPAA regulations during this period.

Choosing HIPAA Compliant Technology Vendors

Importance of Compliance

In times of crisis, the potential for malpractices increases, making it essential for providers to select HIPAA-compliant technology vendors who are willing to enter into a business associate agreement (BAA). This agreement ensures that any audio or video communications conducted through these vendors will protect patient health information (PHI).

Recommended Technology Vendors

The following vendors offer secure telehealth services and are HIPAA compliant, ready to enter into a BAA with healthcare providers:

– Skype for Business / Microsoft Teams
– Updox
– VSee
– Zoom for Healthcare
– Google G Suite Hangouts Meet
– Cisco Webex Meetings/Webex Teams
– Amazon Chime
– GoToMeeting
– Spruce Health Care Messenger

Conclusion and Disclaimer from OCR

OCR does not endorse or certify the applications listed, but suggests their use for guidance purposes only. The agency has not reviewed the BAAs associated with these vendors. Other HIPAA-compliant vendors may exist, and the list provided does not imply any affiliation with the mentioned products.

As a business associate, P3 is also obligated to comply with HIPAA regulations. We aim to support healthcare providers during this challenging time by leveraging HIPAA provisions, including conducting security risk analyses and ensuring compliant medical billing practices.

For more insights, follow us on Instagram: @p3healthcaresolutions.

All Health Conditions

Cancer

Chronic Pain

Chronic Systemic Conditions

Healthcare

Mens Health

Women's Health

All Wellness Topics

Age Well

Eat Well

Live Well

Well Body

All Clinical Trials

In The Pipeline

Magazine Archive

Patient Information

Pre Clinical Research

Category 1

Category 2

Category 3

Category 4

Category A

Category B

Category C

Category X

Category Y

All Medicine

Allergology and Immunology

Cardiology

Complementary and Alternative Medicine

Dentistry

Environmental Health

Gastroenterology