HIPAA and Telehealth — Corrective action / RA

Full description

Navigate to: HIPAA for Professionals Regulatory Initiatives Privacy Summary of the Privacy Rule Guidance Combined Text of All Rules HIPAA Related Links Security Security Rule NPRM Summary of the Security Rule Security Guidance Cyber Security Guidance Breach Notification Breach Reporting Guidance Reports to Congress Regulation History Compliance & Enforcement Enforcement Rule Enforcement Process Enforcement Data Resolution Agreements Case Examples Audit Reports to Congress State Attorneys General Special Topics Parental Access Mental and Behavioral Health Change Healthcare Cybersecurity Incident FAQs HIPAA and COVID-19 HIPAA and Reproductive Health HIPAA and Final Rule Notice HIPAA and Telehealth HIPAA and FERPA Research Public Health Emergency Response Health Information Technology Health Apps Patient Safety Covered Entities & Business Associates Business Associate Contracts Business Associates Training & Resources FAQs for Professionals Other Administrative Simplification Rules Substance Use Disorder Confidentiality HIPAA and Telehealth Telehealth Privacy and SecurityOCR issued two resource documents to help explain to patients the privacy and security risks to their protected health information (PHI) when using telehealth services and ways to reduce these risks.Resource for Health Care Providers on Educating Patients about Privacy and Security Risks to Protected Health Information when Using Remote Communication Technologies for TelehealthPrivacy and Security Tips for PatientsExpiration of COVID-19 Public Health Emergency HIPAA Notifications of Enforcement DiscretionOn April 12, 2023, OCR announced that the Notifications of Enforcement Discretion issued under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act during the COVID-19 public health emergency will expire at 11:59 pm on May 11, 2023, due to the expiration of the COVID-19 public health emergency. OCR is providing a 90-calendar day transition period for covered health care providers to come into compliance with the HIPAA Rules with respect to their provision of telehealth. The transition period will be in effect beginning on May 12, 2023 and will expire at 11:59 p.m. on August 9, 2023. OCR will continue to exercise its enforcement discretion and will not impose penalties on covered health care providers for noncompliance with the HIPAA Rules that occurs in connection with the good faith provision of telehealth during the 90-calendar day transition period.Read the Press ReleaseRead the Notice of Expiration of Certain Notifications of Enforcement Discretion Issued in Response to the COVID-19 Nationwide Public Health EmergencyGuidance on HIPAA and Audio-Only TelehealthOCR has issued guidance on how covered health care providers and health plans can provide audio-only telehealth consistent with the requirements of the HIPAA Privacy, Security, and Breach Notification Rules, including when OCR’s Notification of Enforcement Discretion for Telehealth is no longer in effect.Read the guidanceRead the press releaseFAQs on HIPAA and Telehealth During the COVID-19 Public Health EmergencyOCR issued guidance related to its Notification of Enforcement Discretion for Telehealth during the COVID-19 nationwide public health emergency. The Notification announced that OCR would be exercising its enforcement discretion to not impose penalties for HIPAA violations against covered health care providers in connection with their good faith provision of telehealth using non-public facing remote communication technologies during the public health emergency. The guidance is in the form of frequently asked questions (FAQs) and clarifies how OCR applies the Notification to support the good faith provision of telehealth.FAQs on HIPAA and TelehealthPreguntas frecuentes sobre telemedicina y HIPAARead the press release Read the Notification of Enforcement DiscretionNotificación de discreción para telemedicina Content last reviewed October 18, 2023