Office of Civil Rights (OCR) has waived off HIPAA requirement in telehealth for the duration of the COVID-19 emergency by the way of enforcement discretion. It will not impose penalties against those who are not complying with the security guidelines laid out in HITECH Act.
Notification of Enforcement Discretion for Telehealth Remote Communications During the COVID-19 Nationwide Public Health Emergency
We are empowering medical providers to serve patients wherever they are during this national public health emergency. We are especially concerned about reaching those most at risk, including older persons and persons with disabilities. – Roger Severino, OCR Director.
What are the acceptable HIPAA Compliant telehealth solutions?
Each of these providers should be able to offer you a Business Associate Agreement (BAA) to ensure their solution is HIPAA compliant.
- Google G Suite Hangouts Meet
- Doxy.me
- Zoom for Healthcare
- Skype for Business / Microsoft Teams
- Updox
- VSee
- Cisco Webex Meetings / Webex Teams
- Amazon Chime
- GoToMeeting
- Other HIPAA Compliant telehealth solutions
What are NOT acceptable HIPAA Compliant solutions, but will not invite OCR penalty during COVID-19 emergency?
- Google Hangouts Meet – Personal account
- Facetime
- WhatsApp Video Calls
- Skype – Personal
- Amongst other forms of private video communication
What are NOT acceptable HIPAA Compliant solutions, AND will invite OCR penalty even during COVID-19 emergency?
- Facebook Live
- Twitch
- TikTok
- Similar video communication applications that are public facing
