The U.S. Department of Health and Human Services (HHS) has released advise regarding both HIPAA Compliance and Telehealth. HHS released this information through the Office for Civil Rights and detailed the measures covered healthcare entities can take to provide audio-only telehealth services while staying in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and the rules within.
About audio-only Telehealth
Audio telehealth is a form of telehealth which is extremely important to many individuals who require remote medical care. It is not always feasible for patients to avail of in person-appointments, or even regular telehealth services. Reasons for this include:
- Geographical location- those in more rural areas may experience a lower quality broadband connection and be unable to connect with healthcare experts through an internet connection
- Financial situation- individuals may not own a technological device that allows them to engage in regular telehealth services
- The individual may have a disability hindering them from attending in person or online appointments with their healthcare provider
The guidance issued by HHS
HHS decided to issue advice regarding audio only telehealth to reply to the Executive Order on Transforming Federal Customer Experience and Service Delivery to Rebuild Trust in Government (E.O. 14058). OCR have released the guidance in a document with a FAQ style layout. With their opening advice, OCR stated that the HIPAA Privacy Rule does enable healthcare entities to use remote communication technology to allow for audio only telehealth services to be provided. This can be done using the safeguards involved in the HIPAA Privacy Rule. The advice also clarified that, in some cases, healthcare entities must adhere to the HIPAA Security Rule to provide these services with HIPAA Compliance. This does not apply over a landline call as electronic information is not present Finally, the guidance explains that healthcare entities can provide audio only telehealth services without the implementation of a business vendor agreement. This is permitted, provided the business associate does not create, receive, or maintain PHI.
Considering this recently release guidance, audio-only telehealth services are extremely valuable to many individuals who wish to avail of remote healthcare services. With the guidance provided by HHS through OCR, this service can be delivered lawfully in accordance with HIPAA.