Telehealth Regulation (COVID Updates): Privacy, Security & HIPAA

Mantra Health's Parked Thoughts Blog

David Florin and Amy Lerman, Members of the Firm in the Health Care & Life Sciences practice, in the firm’s Washington, DC, office, co-authored an article in Mantra Health’s Parked Thoughts Blog, titled “Telehealth Regulation (Covid Updates): Privacy, Security & HIPAA,” as part of Mantra Health’s “Telehealth Regulation Series: The Impact of COVID on Higher Education.”

Following is an excerpt:

Overview of Key Regulatory Changes

As mentioned in our first blog post, the Centers for Medicare & Medicaid Services (“CMS”) has made significant changes to its telehealth coverage and reimbursement rules in response to COVID-19, including but not limited to:

  • Waiver of the requirement that providers have a valid license for the state in which they provide care; and
  • Expansion of the list of acceptable platforms upon which telehealth services may be provided.

Similarly, the Office for Civil Rights (“OCR”) within the U.S. Department of Health and Human Services (“HHS”) has issued guidance related to the application of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) rules during the COVID-19 national public health emergency time period.5-6 Per OCR’s guidance, these changes include, but are not limited to:

  • Expansion of the list of acceptable platforms upon which telehealth services may be provided;
  • Statements that penalties for HIPAA non-compliance will not be enforced, and that audits will not be conducted;  and
  • Suggestions regarding the locations from which providers can conduct telehealth visits, and related guidance regarding ways to maintain the privacy during such sessions.