The privacy watchdog won’t impose penalties on providers who use non-HIPAA-compliant remote communications technology during the public health emergency.

The HHS Office for Civil Rights announced on Tuesday that during the coronavirus pandemic it will use discretion when enforcing HIPAA-compliance for telehealth communications tools.

Why It Matters

Even though some of those technologies may not fully comply with HIPAA requirements, OCR says it “will not impose penalties for noncompliance with the regulatory requirements under the HIPAA Rules against covered health care providers in connection with the good faith provision of telehealth during the COVID-19 nationwide public health emergency.”

Covered entities seeking to use audio or video communication tech to reach patients where they live “can use any non-public facing remote communication product that is available to communicate with patients,” said the agency. “This exercise of discretion applies to telehealth provided for any reason, regardless of whether the telehealth service is related to the diagnosis and treatment of health conditions related to COVID-19.”

To help broaden the use of remote consults during the outbreak, OCR says providers will temporarily be allowed to use applications such as Apple FaceTime, Facebook Messenger video chat, Google Hangouts video or Skype.

OCR does note, however, that healthcare providers should notify patients that such third-party apps may pose privacy risks. In addition, providers should enable all available encryption and privacy modes when using such applications.

The agency also specifies that Facebook Live, Twitch, TikTok, other public-facing video communication “should not be used in the provision of telehealth.”

Wherever possible, providers should use telehealth tools from vendors that are HIPAA compliant and will enter into business-associate agreements, said OCR.

While specifying that is “has not reviewed the BAAs offered by these vendors, and this list does not constitute an endorsement, certification, or recommendation,” the agency lists companies that claim HIPAA compliance and willingness to sign BAAs including Skype for Business, Updox, VSe, Zoom for Healthcare, and Google G Suite Hangouts Meet.

The Larger Trend

Telehealth is in the spotlight as the coronavirus crisis unfolds, offering an essential link between patients and physicians while removing the need to travel to overburdened hospitals.

On Tuesday, Centers for Medicare and Medicaid Services expanded its Medicare telehealth coverage during the COVID-19 pandemic to enable more patients to get virtual care services from their providers.

Physicians, nurse practitioners, clinical psychologists and licensed clinical social workers can now offer telehealth to Medicare beneficiaries in any healthcare facility, including a physician’s office, hospital, nursing home or rural health clinic, as well as from their homes, according to CMS.

On The Record

“We are empowering medical providers to serve patients wherever they are during this national public health emergency,” said OCR Director Roger Severino in a statement. “We are especially concerned about reaching those most at risk, including older persons and persons with disabilities.”  



This post, OCR will ease restrictions on telehealth tech during COVID-19, first appeared on


(Visited 47 times, 1 visits today)

Comments are closed.