Resources for Healthcare Professionals during the COVID-19 CrisisWith the outbreak of the Novel Coronavirus (COVID-19) and constant flux of new information, please follow the up to date government resources linked here: 

On March 17, 2020, the U.S. Department of Health and Human Services (HHS) , Office of Civil Rights (OCR) issued a notification of enforcement discretion for telehealth remote communications. OCR will not impose penalties for noncompliance with HIPAA against covered health care providers in connection with the good faith provision of telehealth during the COVID-19 nationwide public health emergency.  

A covered health care provider may use any non-public facing remote communication products, such as Apple FaceTime, Facebook Messenger video chat, Google Hangouts video, or Skype, to provide telehealth service to patients, regardless of whether the diagnosis/ treatment is related to COVID-19. However, Facebook Live, Twitch, TikTok, and similar video communication applications are public facing, and should not be used in the provision of telehealth. The notice encourages providers to notify patients that these third-party applications potentially introduce privacy risks, and providers should enable all available encryption and privacy modes when using such applications. Full text available here

On March 16, 2020, HHS issued a bulletin waiving sanctions and penalties against a covered hospital that does not comply with the following provisions of the HIPAA Privacy Rule:

  • the requirements to obtain a patient’s agreement to speak with family members or friends involved in the patient’s care. See 45 CFR 164.510(b).
  • the requirement to honor a request to opt out of the facility directory. See 45 CFR 164.510(a).
  • the requirement to distribute a notice of privacy practices. See 45 CFR 164.520.
  • the patient’s right to request privacy restrictions. See 45 CFR 164.522(a).
  • the patient’s right to request confidential communications. See 45 CFR 164.522(b).

The bulletin also reminds providers of how protected health information (PHI) may be shared under HIPAA during an infectious disease outbreak. Full text of the bulletin available here

On March 13, 2020, HHS issued a bulletin regarding the waiver or modification of requirements under Section 1135 of the Social Security Act. Full text of the bulletin available here