Telehealth | Medical Supplies | Helpful Resources
While not addressed in the CARES Act, there are implications to HIPAA that the Office for Civil Rights and the Department of Health and Human Services have addressed in recent days.
Telemedicine HIPAA Changes
- With the urgent expansion of telemedicine for examination of patients with COVID-19
symptoms, HHS has relaxed rules around requiring BAAs with companies that provide web
conferencing. However, this is on the assumption that a good faith effort must be made to
establish a BAA in the future. - If a provider opts to use non-healthcare video chat services, such as Apple FaceTime, Google
Hangouts, Skype, etc. they must notify their patient there are potential privacy risks and the
patient must verbally accept that risk. - Providers must not use public-facing tools, such as YouTube, Facebook Live, Twitch, and others
for providing care - SHP recommends using tools designed for telehealth, including Doxy.me (which has a free
version), Zoom for Healthcare, and UDox. These companies will sign a BAA.
COVID-19 HIPAA Flexibilities
OCR put together a bulletin outlining flexibilities with HIPAA disclosures related to COVID-19:
- Disclosures to public health authorities, agencies, and foreign government agencies involved
with fighting COVID-19 and persons at risk of spreading or contracting COVID-19. - Disclosures to family, friends, and caregivers of those infected with COVID-19
- Disclosures to the public to prevent a serious and imminent threat
- Disclosures to the media to inform about COVID-19 patients
Details of these new flexible rules can be found here: https://www.hhs.gov/sites/default/files/february2020-hipaa-and-novel-coronavirus.pdf