The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services has announced relaxation in HIPAA rules for covered entities and business associates who participate in good faith in the COVID-19 testing site operation.
It doesn’t stop there, but HIPAA penalties won’t apply to covered healthcare providers for practicing telehealth medicine using third-party applications such as Skype or Facebook Messenger. OCR exercises its power to stall some of the HIPAA provisions, momentarily, in connection with the good faith provision of telehealth during the state of a national health emergency.
Provided we stand in the middle of an epidemic and our country is under attack, rightly so, such steps seem to be the only way out. Governor, Andrew Cuomo, of New York State, is a constant media personality during this crisis briefing us on developing stories every day of the week. He is a true patriot who is committed to taking his stand until the enemy backtracks to where it came from.
The fact of the matter is that OCR holds the right to exercise enforcement discretion, and they did so on April 9 in an immediate press release. It goes to show their determination to eradicate the novel coronavirus from the US, and, also speaks of their active role in the recovery process.
Director OCR, Roger Severino, narrates and I am paraphrasing it; It is time to empower medical practitioners to serve patients across the United States during this public health emergency period. We are concerned about the health of the vulnerable the most, including older Americans and persons with disabilities.
Why the Relaxation in HIPAA Rules?
First, the HIPAA rules were relaxed to provide immediate assistance to healthcare providers, including some large pharmaceuticals and their business associates that would like to participate in community-wide testing site operation. It is officially called the Community Based-Testing Site (CBTS) operation; moreover, it includes mobile, drive-through, and walk-up sites where they would conduct COVID-19 specimen collection or testing in abundance.
Second, telehealth products had to follow the HIPAA Privacy and Security Guidelines before COVID-19 was here. Now that this virus has spread all over the country, to stop it, the exception of extreme circumstances comes into play and brings flexibility to HIPAA rules.
What Products Are Safe for Telehealth Communication?
Providers don’t have to worry about which products to use as long as they are not public-facing software applications. Products like Facebook Messenger, Skype, Apple FaceTime, Google Hangouts, or Zoom are good to go for care audio & video chats.
While the use of the above applications is allowed, some applications come under the public-facing criterion, apps including TikTok, Twitch, and Facebook Live.
Therefore, before dispensing care, use applications in the allowed category instead of those that aren’t.
As the nation is in dire need of healthcare workers, OCR exercises enforcement discretion for care to reach the farthest areas of the country in connection with the good faith provision of telehealth services. It means providers won’t face penalties in case of noncompliance with HIPAA regulatory requirements.
HIPAA Compliant Technology Vendors
Since malpractices in desperate times have their odd way to creep in, it is best to choose technology vendors who are HIPAA compliant and are willing to enter into a business associate agreement (BAA) with the provider. As a result, any audio or video communication that occurs through such vendors will not result in an intrusion or put PHI at risk.
The following list of vendors provide a haven for secure telehealth services; moreover, they are HIPAA compliant and willing to enter into a BAA with covered entities.
- Skype for Business / Microsoft Teams
- Zoom for Healthcare
- Google G Suite Hangouts Meet
- Cisco Webex Meetings/Webex Teams
- Amazon Chime
- Spruce Health Care Messenger
Now, that is the list of software for safe and complaint-friendly audio and video communication.
A word by OCR
OCR doesn’t endorse, recommend, or certify the above applications but simply suggests their use for guidance. It has not reviewed the BAAs that they have come up with. There may be other vendors out there who are HIPAA compliant and willing to enter into a BAA with a covered entity. The names above do not suggest any kind of endorsement or affiliation with the above-mentioned products.
P3 as a business associate comes under the obligation of HIPAA too; moreover, we are trying to help the healthcare heroes on the front line as best as we can by the use of HIPAA compliant communication channels. HIPAA medical billing is one of our principal services along with QPP MIPS reporting. As providers make their way out of the pandemic, we will support them on each twist or turn of their journey.
Please hit the follow button on Instagram for more insights: @p3healthcaresolutions