Enhanced Telehealth Services and Laid-Back HIPAA Enforcement Throughout the Coronavirus Public Health Emergency

In seeking to avoid the spreading of the 2019 novel coronavirus, patients alleged of having been exposed to the virus and persons with indications of COVID-19 were instructed to self-quarantine by staying at home. It is necessary for contact to be avoided with persons at an increased risk, especially aged people and persons with health issues.

Telehealth services, which include video calls, are handy tools for medical specialists when evaluating and treating patients at a distance to lower the possibility of getting infected by the coronavirus. Telehealth services could also be employed to keep contact with patients who opt not to head over to the healthcare facilities because of the probability of virus exposure.

On March 16, 2020, the Trump Government announced the enhanced telehealth services for Medicare beneficiaries. Prior to this pronouncement, physicians were merely able to ask for payment for telehealth services offered to individuals residing in rural regions and no access to local healthcare facilities and for patients with determined relationships with medical billing providers.

Now Medicare beneficiaries all over the country irrespective of where they are living can now receive many services through telehealth without the need to leave home. The services could also be made available in nursing facilities and hospital outpatient units.

Beginning March 6, 2020, Medicare will compensate a number of healthcare providers for clinic and telehealth appointments, which include nurse practitioners, social workers, and clinical psychologists. Compensation will be at an equal rate as face-to-face consultations.

Laid Back Enforcement of Noncompliance with HIPAA

Telehealth services are covered by HIPAA laws. The technologies utilized, including cell phone and communications systems, have to abide by HIPAA guidelines and have safety measures available to make sure the confidentiality, availability, and integrity of ePHI. In a public health situation, for instance, a disease outbreak, the HIPAA Security Rule remains in effect. Healthcare specialists that give telehealth services would, under ordinary situations, not be authorized to employ some video conferencing programs like Facetime or Skype, since the services aren’t totally compliant with HIPAA.

The HHS’ Office for Civil Rights declared on March 17, 2020 that it is having a more laid-back position on HIPAA observance of noncompliance with specific HIPAA terms correlated to telehealth services. According to OCR’s Notification of Enforcement Discretion for telehealth, OCR is going to use its discretion in enforcement and is not imposing penalties for noncompliance with the HIPAA regulations against covered medical care providers under the good faith provision of telehealth throughout the COVID-19 national public health emergency. This notice is effective at once.

OCR verified that during the coronavirus public health crisis, healthcare staff are authorized to utilize any non-public facing remote communication service that is on hand to converse with patients in association with good faith provision of telehealth. The discretion in enforcement likewise is employed to telehealth services associated with the examination and treatment of health issues not connected to COVID-19. Though enforcement has been laid back, it is still crucial for covered entities to maintain the implementation of proper safety measures to safeguard patient information against deliberate or unintentional impermissible uses and disclosures.

Though OCR won’t endorse the usage of specific products, it was mentioned that healthcare providers may employ Facebook Messenger video chat, Google Hangouts video, Apple FaceTime, or Skype. Public-facing chat and communications programs including Facebook Live, Tiktok and Twitch are not acceptable for telehealth practices.

OCR advised covered entities that they could acquire more privacy protections through employing HIPAA-compliant video communications services and ought to have a signed business associate agreement. Vendors of platforms that sign BAAs and offer a HIPAA compliant service are Skype for Business, TigerConnect, Updox, VSee and Zoom for Healthcare.

OCR won’t impose penalties against covered health care staff for not having a BAA with video communication companies or any other noncompliance with the HIPAA Rules that correlates to the good faith provision of telehealth services while in the COVID-19 national public health emergency. As soon as the public health emergency ceases, penalties should apply if there’s no BAA and non-HIPAA compliant communications platforms are utilized.