Throughout the COVID-19 pandemic, CMS and government agencies provided flexibilities to health care companies to use popular technology and applications to better engage with their patients. One example is the Department of Health and Human Services’ Office of Civil Rights (OCR), which issued a notice that it will allow health care providers to use widely-available communications software without fear of violating HIPAA, even if the software does not meet the HIPAA privacy and security requirements. This enforcement discretion allows a covered entity to deliver care via ‘non-public facing’ audio or video communication technology. In this article, we covered such communication channels allowed during extended COVID-19 PHE for telehealth services/technologies.
Communication Channels for Telehealth During Extended COVID-19 PHE
HIPAA Flexibilities During COVID-19
The U.S. Department of Health and Human Services Office for Civil Rights issued a Notification of Enforcement Discretion to empower covered health care providers to use widely available communications applications without the risk of penalties imposed by the U.S. Department of Health and Human Services Office for Civil Rights for violations of Health Insurance Portability and Accountability Act of 1996 (HIPAA) rules for the good faith provision of telehealth services. For more information, read FAQs on Telehealth and HIPAA during the COVID-19 nationwide public health emergency or visit HIPAA and COVID-19.
Non-Public Facing Remote Communication
A ‘non-public facing’ remote communication product is one that, as a default, allows only the intended parties to participate in the communication. Non-public facing remote communication products would include, for example, platforms such as Apple FaceTime, Facebook Messenger video chat, Google Hangouts video, Whatsapp video chat, Zoom, or Skype. Such products also would include commonly used texting applications such as Signal, Jabber, Facebook Messenger, Google Hangouts, Whatsapp, or iMessage. Typically, these platforms employ end-to-end encryption, which allows only an individual and the person with whom the individual is communicating to see what is transmitted. The platforms also support individual user accounts, logins, and passcodes to help limit access and verify participants. In addition, participants are able to assert some degree of control over particular capabilities, such as choosing to record or not record the communication or to mute or turn off the video or audio signal at any point.
In contrast, public-facing products such as TikTok, Facebook Live, Twitch, or a public chat room are not acceptable forms of remote communication for telehealth because they are designed to be open to the public or allow wide or indiscriminate access to the communication. For example, a provider that uses Facebook Live to stream a presentation made available to all its patients about the risks of COVID-19 would not be considered the reason private provision of telehealth services. A provider that chooses to host such a public-facing presentation would not be covered by the Notification and should not identify patients or offer individualized patient advice in such a Livestream.
Under this notice, covered health care providers that seek additional privacy protections should use technology vendors that are HIPAA compliant and will enter into HIPAA business associate agreements in connection with the provision of their video communication products. The list below includes some vendors that say they provide HIPAA-compliant video communication products and that they will enter into a HIPAA business associate agreement. Although it’s always important to confirm, examples of vendors who say they meet HIPAA requirements include Skype for Business/Microsoft Teams; Updox; VSee; Zoom for Healthcare; Doxy.me; Google G Suite Hangouts Meet; Cisco Webex Meetings / Webex Teams; Amazon Chime; GoToMeeting; and Spruce Health Care Messenger.
We shared HIPAA flexibilities for telehealth applicable during extended COVID-19 PHE for reference purposes only, you can refer to TELEHEALTH.HHS.GOV for detailed information. Medical Billers and Coders (MBC) is a leading medical billing company providing complete revenue cycle services. We can assist you in Telehealth billing for receiving accurate reimbursements from private and government payers. To know more about our Telehealth billing services, contact us at email@example.com/ 888-357-3226