How did the Public Health Emergency impact HIPAA? At the start of the PHE, the HHS Office for Civil Rights (OCR) issued a Notification of Enforcement Discretion to all health care providers that are covered by HIPAA and provide telehealth services during an emergency. What it has meant is that covered health care providers would not be subject to penalties for violations of the HIPAA Privacy, Security and Breach Notification Rules that occur in the good faith provision of telehealth during the PHE. But the PHE will be coming to an end on May 11, 2023. OCR provided a 90-calendar day transition period for covered health care providers to come into compliance with the HIPAA Rules with respect to their provision of telehealth. This transition period ended on August 9, 2023
How did things change after August 9, 2023? It is of utmost importance for all providers to understand the intersection between Telehealth and HIPAA! To start with, check out this article we wrote on "Preparing for the End of the PHE and the End of HIPAA Enforcement Discretion".
The Center for Connected Health Policy (CCHP) has created this video on how telehealth works with HIPAA and health privacy laws.
What Do I Need to Do to Make Sure I am in Compliance?
- HIPAA & Telehealth : A Stepwise Guide to Compliance:
- HIPAA Guidelines on Telemedicine
- HIPAA and Telehealth FAQs
- Guide to Privacy and Security of Electronic Health Information
- HIPAA Compliance Roadmap
- HIPAA Security Risk Assessment Tool
- NIST Implementing the HIPAA Security Rule: A Cybersecurity Resource Guide
What Do I Need to Know About VOIP and Audio-Only Telehealth and HIPAA?
- Guidance on HIPAA Rules for Audio-Only Telehealth
- VOIP and HIPAA
- HIPAA Considerations When Using VOIP
What Do I Need to Tell My Telehealth Patients?
What Do I Need to Know About Business Associates and BAAs?
What Do I Need to Know About Risks Related to Online Tracking Technologies Found on Websites and Mobile Applications?
What Do I Need to Know About Texting and HIPAA?
