Healthcare providers furnishing care via telehealth or in-person must comply with federal and state laws regarding privacy and security of patient healthcare information (e.g. Health Insurance Portability and Accountability Act, HIPAA.) During the COVID-19 PHE, the Office of Civil Rights (OCR) issued a public notice stating it would not impose penalties for noncompliance with regulatory requirements under the HIPAA rules for “…healthcare providers that serve patients in good faith through everyday communications technologies, such as FaceTime or Skype…” Additionally, states may have laws that exceed the requirements and may not necessarily have been waived during the pandemic.
Source
Policy Recommendations
- Providers
- Stay apprised of policy changes during a pandemic.
- Keep team informed/trained to stay compliant.
- Policymakers
- Following PHE, remove enforcement discretion to reinstate pre-COVID HIPAA policies.