Regulatory Leniency for Telehealth Services

Notification from the Office of Civil Rights at the Department of Health and Human Services

Effective March 17, 2020, the Office of Civil Rights (OCR) at the Department of Health and Human Services (DHHS) will offer its enforcement discretion for covered entities on the use of remote connections to communicate with patients. This announcement comes in the wake of the COVID-19 pandemic. Providers will be allowed to utilize more options for telehealth communications, even if the platform or application does not fully comply with Health Insurance Portability and Accountability Act (HIPAA) regulations. The OCR’s enforcement discretion will be to not impose regulatory sanctions or penalties for the use of noncompliant telehealth platforms as long as covered health care providers avoid the use of public-facing applications to communicate with patients. As always, professional judgement must be exercised, and providers should act in “good faith” to inform patients of their medical privacy rights.

Although the notice is enacted to limit the exposure of COVID-19, covered health care providers are not limited to utilizing the leniency on telehealth communications for patients exhibiting COVID-19 symptoms.

Information technology (IT) departments for covered entities should evaluate technology solutions provided to its providers to ensure HIPAA compliance is maintained while keeping providers and patients safe.

For clarification, see the lists of vendors below:

  • HIPAA Compliant Applications / Services (covered entities should seek a Business Associate Agreement)
    • Skype for Business
    • Updox
    • VSee
    • Zoom for Healthcare
    • Doxy.me
    • Google G Suite Hangouts Meet
  • Acceptable Applications / Services (non-public facing)
    • Apple FaceTime
    • Facebook Messenger video chats
    • Google Hangouts video
    • Skype
  • Unacceptable Applications / Services (public facing)
    • Facebook Live
    • Twitch
    • TikTok
About DHG IT Advisory

DHG IT Advisory works with companies to manage technology risk while maintaining data integrity, protecting privacy and complying with regulations. From project management and regulatory compliance assistance to digital forensics and incident response, DHG is equipped to meet your IT advisory needs that drive your business.

About DHG Healthcare

DHG Healthcare is ranked by Modern Healthcare as the tenth largest, privately-held consulting practice in the nation. Spanning the broader healthcare ecosystem, our clients share the common challenge of successfully navigating the unparalleled amount of federal, state, and market-driven reform underway in the U.S. Our services in the consulting, assurance and tax domains are purposefully designed to assist our clients in their journey to risk capability. Creating institutional value is a critical focus as our clients define their strategic approach, execute on transformational plans, and manage the financial health and sustainability of their organizations. Learn more about the services and people of DHG Healthcare at dhg.com/healthcare.