Skip to Content

Relaxed Telehealth Standards during the COVID-19 Emergency

04.03.20 written by

The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) has relaxed requirements for the provision of telehealth services. Typically, telehealth services must only be rendered by utilizing technologically secure platforms and other safeguards.

However, to assist healthcare providers in serving patients during the crisis, OCR will not impose penalties for HIPAA violations against health care providers that provide telehealth services using non-public facing audio or video communication products. These audio and video communication platforms include Apple FaceTime, Facebook Messenger video chat, Google Hangouts video, Zoom, or Skype. Conversely, platforms such as Facebook Live, Twitch, TikTok, and similar video communication applications are public-facing, and should not be used in the provision of telehealth by covered health care providers. This non-enforcement policy is applicable to all telehealth services (i.e., the services need not be related to COVID-19).

Despite these policies, providers are still encouraged to notify patients that these third-party applications potentially introduce privacy risks, and providers should enable all available encryption and privacy modes when using such applications.

Furthermore, if a provider is choosing amongst a variety of platforms, the following providers represent that they provide HIPAA-compliant video communication products and will otherwise enter into a HIPAA Business Associate Agreement:

  • Skype for Business / Microsoft Teams
  • Updox
  • VSee
  • Zoom for Healthcare
  • Doxy.me
  • Google G Suite Hangouts Meet
  • Cisco Webex Meetings / Webex Teams
  • Amazon Chime
  • GoToMeeting
  • Spruce Health Care Messenger

The foregoing policies will remain in effect until the COVID-19 emergency is declared over, or until HHS issues further guidance. Please note that other HIPAA regulations remain in effect. For guidance on continued HIPAA compliance during the COVID-19 crisis, please see: “HIPAA Disclosures…”

If you have any further questions with regards to the above guidance, or otherwise require assistance with implementing telehealth services, please contact attorneys Jason Haupt (jhaupt@www.kwgd.com) or Matt Doney (mdoney@www.kwgd.com).

NOTE: This general summary of the law should not be used to solve individual problems since slight changes in the fact situation may require a material variance in the applicable legal advice.

Categories