New guidelines were established to improve public confidence in telehealth solutions, enhance patient privacy, and support more robust health information security
On June 13th, 2022, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) issued new guidelines for remote communication technologies to support audio-only telehealth service provisioning in line with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules (HIPAA Rules).
This new guidance was issued to provide covered healthcare entities with the information they need to know how to offer audio-only telehealth solutions while maintaining HIPAA compliance including situations where OCR’s Notification of Enforcement Discretion for Telehealth Remote Communications (Telehealth Notification) is no longer in effect, such as after the completion of a declared public health emergency.
“Audio telehealth is an important tool to reach patients in rural communities, individuals with disabilities, and others seeking the convenience of remote options,” said Office for Civil Rights Director Lisa Pino. “This guidance explains how the HIPAA rules permit health care providers and plans to offer audio telehealth while protecting the privacy and security of individuals’ health information.”
These new guidelines declare that audio-only telehealth appointments will meet HIPAA compliance standards as long as providers take certain measures to protect patient privacy, such as ensuring that healthcare providers conduct audio-only appointments in private and secured settings, taking steps to verify patient data, and not conducting appointments using public-facing resources such as a speakerphone.
The HHS guidance maintains that HIPAA’s mandated electronic data security frameworks will not apply to telemedicine conducted using a standard telephone line, but will be applied to appointments conducted using internet-based voice communication services. Earlier in the COVID-19 pandemic, the HHS declared that it would not bring enforcement actions over HIPAA rules against telemedicine providers doing their best to comply in good faith during a global emergency.
The HHS has outlined its position that audio-only telehealth services, as opposed to video-based telehealth, represent an important tool for enhancing health equity by helping more patients with limited internet access to receive a better quality of care using audio-only telehealth services.
HHS maintains that this new guidance was issued in direct response to President Biden’s Executive Order 14058 on Transforming Federal Customer Experience and Service Delivery to Rebuild Trust in Government. These new protocols support health equity by ensuring that all patient populations have equal access to technologies to support audio-video telehealth solutions without compromising patient privacy or health information security.
Achieving and sustaining robust regulatory compliance needs to be a first-line priority, not a mere afterthought. That’s why it’s essential to choose a telehealth vendor that delivers the utility your organization needs to build compliance best practices into your virtual care service delivery.