HITEQ Center / Thursday, March 26, 2020 / Categories: Privacy and Security, Privacy & Security Best Practices, HIPAA, Telehealth Using non-traditional technology for telehealth during COVID-19 Pandemic Issue Brief for implementing commercial applications for telehealth consistent with March 2020 OCR Guidance Health and Human Services’ Office of Civil Rights (OCR), the entity responsible for enforcing regulations under HIPAA, stated, effective immediately, it will exercise enforcement discretion and will not impose penalties for HIPAA violations against covered healthcare providers if patients are served on a good faith basis during the COVID-19 nationwide public health emergency. OCR has clarified that, during this public health emergency, these technologies can be used for any services, not only those specific to COVID-19. OCR’s guidance states, “covered healthcare providers may use popular applications that allow for video chats, including Apple FaceTime, Facebook Messenger video chat, Google Hangouts video, or Skype, to provide telehealth without risk that OCR might seek to impose a penalty for noncompliance with the HIPAA Rules.” Providers should ensure communication products are non-public facing. Using one of these technologies should be a last resort, secondary to using traditional telehealth, such as traditional telehealth modalities have healthcare-specific features and security. OCR stresses the importance of using HIPAA-compliant telehealth applications whenever possible from vendors who will enter into Business Association Agreements (BAAs). Download the resource below for Issue Brief to support implementation of this guidance, including at-a-glance reference of acceptable and unacceptable apps as well as list of Dos and Don'ts. Print 36834 Tags: telehealthHHSHIPAAOCRprivacy & securityCOVID-19 Documents to download Non-Traditional Telehealth Tools during COVID-19(.pdf, 139.84 KB) - 4119 download(s) Implementing under OCR's recent guidance; published March 26, 2020. Related Resources Health IT Emergency Response Plan Assessment Tool Addressing Cybersecurity Threats in Health Centers Health Center Emergency Response Exercise Set A Practical Guide on Intimate Partner Violence, Human Trafficking, and Exploitation and Technology Tools 42 CFR Part 2 Final Rule: What You Need to Know