On March 20, the U.S. Department of Health and Human Services (HHS) issued additional guidance in the form of Frequently Asked Questions (FAQs) on HIPAA and telehealth services to help providers furnish care during the COVID-19 pandemic.

The FAQs follow and provide further information on the Notification of Enforcement Discretion issued by HHS on March 17 (Notification), in which HHS indicated that it would not penalize providers for using popular video chat applications, such as FaceTime and Skype, in good faith to provide telehealth services amid the COVID-19 pandemic.  HHS has emphasized, however, that the Notification does not allow the use of public-facing communications products, such as Facebook live or other livestreaming applications.

In the FAQs, HHS first provides an important reminder that while the term telehealth refers to the “use of electronic information and telecommunications technologies” for remote health care and patient education, certain payors – including Medicare – place restrictions on the types of technologies that can be used in order for the services to be reimbursed.  HHS notes that such restrictions do not limit the scope of the Notification.

HHS then provides the following additional information on the Notification and telehealth generally:

  • The Notification applies to all health care providers that are covered by HIPAA and provide telehealth services during the COVID-19 emergency, with no limitations on the patients served via telehealth;
  • The Notification applies to all services that a provider believes, in his or her professional judgment, can be provided via telehealth under the circumstances of the emergency;
  • The Notification does not apply to health insurance companies that just pay for telehealth services;
  • The Notification applies to HIPAA’s Security Rule, Privacy Rule, and Breach Notification Rule regulations;
  • The Notification does not apply to substance use disorder records or communications covered by 42 C.F.R. Part 2;
  • The Notification does not have an expiration date;
  • Health care providers are expected to conduct telehealth services in private settings, and providers should implement reasonable safeguards to limit incidental uses or disclosures of protected health information;
  • The Notification applies only to the “good faith” provision of telehealth services, which HHS assesses via a facts and circumstances test, and examples of what would not qualify as good faith include the provision of telehealth services in furtherance of a criminal scheme, or to violate state licensure law, or the use of public-facing communications products such as Facebook live; and
  • Non-public facing remote communication products can include FaceTime, Skype, Facebook messenger video, Whatsapp video chat, or Google hangouts video, but do not include livestreaming products.

HHS concluded the FAQs by stating that if a provider uses telehealth services during the COVID-19 pandemic and protected health information is intercepted during transmission, HHS will not pursue otherwise applicable penalties for any such breach.

Notably, in furtherance of the government’s efforts to promote the use of telehealth services to combat the COVID-19 pandemic, on March 23 HHS’s Centers for Medicare and Medicaid Services issued telehealth toolkits for providers available here (for general practitioners) and here (for ESRD providers).

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Conor Duffy Conor Duffy

Conor Duffy is a member of Robinson+Cole’s Health Law Group and the firm’s Data Privacy + Security Team. Mr. Duffy advises hospitals, physician groups, accountable care organizations, community providers, post-acute care providers, and other health care entities on general corporate matters and health…

Conor Duffy is a member of Robinson+Cole’s Health Law Group and the firm’s Data Privacy + Security Team. Mr. Duffy advises hospitals, physician groups, accountable care organizations, community providers, post-acute care providers, and other health care entities on general corporate matters and health care issues. He provides legal counsel on a full range of transactional and regulatory health law issues, including contracting, licensure, mergers and acquisitions, the False Claims Act, the Stark Law, Medicare and Medicaid fraud and abuse laws and regulations, HIPAA compliance, state breach notification requirements, and other health care regulatory matters. Read his full rc.com bio here.

Photo of Melissa (Lisa) Thompson Melissa (Lisa) Thompson

Lisa Thompson advises companies, senior management, and boards of directors, with a focus on the health care, life sciences, technology, and food and beverage industries. She is a member of the firm’s Health Law Group, Government Investigations, Food and Beverage Industry Group, and…

Lisa Thompson advises companies, senior management, and boards of directors, with a focus on the health care, life sciences, technology, and food and beverage industries. She is a member of the firm’s Health Law Group, Government Investigations, Food and Beverage Industry Group, and Data Privacy + Cybersecurity Team. Lisa is co-chair of the Health Law Section of the Boston Bar Association. She also serves as an international and domestic arbitrator on the Commercial, Life Sciences, and Health Care panels of the American Arbitration Association. She is a member of the AAA Life Sciences Advisory Council and the advisory committee for the Boston International Arbitration Council (BIAC).

Lisa has represented domestic and international clients in the health care, life sciences, technology, and food and beverage industries. Lisa handles a range of matters, including corporate law and contracting, government investigations and audits, clinical research law, and matters involving Institutional Review Boards (IRBs). She has extensive experience representing clients on matters involving privacy and security including HIPAA, reimbursement, Medicare and Medicaid, state and federal surveys and termination actions, managed care disputes, pharmacy and compounding laws, fraud and abuse, Stark Law, anti-kickback, and federal program exclusions. Read her full rc.com bio here.