Disclaimer: tips provided have not been endorsed by any regulatory body. For official instructions or guidance, you must visit the CDC website.
The Covid-19 spread in the USA has left the country in shatters. The leader of the world seems to fall apart in dealing with the pandemic with millions of infections and hundreds of thousands of deaths forcing the country to rethink its healthcare strategy. Apart from the countless lives claimed by the virus, the pandemic has also massively stained the economy with millions of people losing their jobs and thousands of businesses closing their operations forever.
Even today when the country is slowly progressing towards opening up after months of shut down, there is an increased sense of fear amongst the population about the health implications, as they scramble to question the procedure of getting the healthcare in case of any illness? What makes the situation even more complicated for people is that the hospitals are working in overcapacity to treat thousands of Covid-19 patients across the country, leaving virtually no space for patients dealing with other illnesses and seeking medical attention. In this context, it’s understandable for businesses and people to ask about the healthcare strategy and how they deal with any emergency?
Fortunately, in this chaotic situation, most doctors have resorted to telemedicine solution, to be able to reach out to patients and continue their practice. However, if you aren’t well-versed with the legal and technological compliance involved in setting up telehealth services if may be a daunting task for you. And it’s not just about setting up the telehealth services, rather it’s also about ensuring the privacy and security of the patients. Healthcare providers looking to adapt to telehealth services need to comply with the HIPAA compliance services to ensure the safe practice and privacy of their patients. Here in this blog, we will be looking at everything businesses/healthcare providers need to know about HIPAA and Covid-19.
COVID-19 Workplace Guidance – The Basics of HIPAA
In the simplest term, HIPAA compliant video conferencing software is meant to protect the privacy of the patients. It sets out rules for the use and disclosure of protected health information (PHI) in the telehealth industry. HIPAA was designed as a flexible and balanced regulatory framework, which can ensure the rights of patients, as well as, also meeting the increasing demand for remote health services. Interestingly, HIPAA has been directing the telehealth services for quite some time, however, the pandemic outbreak has brought the regulatory framework in focus like never before due to the massive demand of telehealth as public health emergency services. Since the Covid-19 outbreak, the Office of Civil Rights (OCR) has released various public notifications and guidance to help disseminate the changes which came into force in response to the pandemic.
Which HIPAA Regulations have been relaxed for Telehealth in response to COVID-19
At least for the time being, the policies have been greatly relaxed to ensure uninterrupted delivery of emergency health services to patients across the USA. The office of Civil Rights (OCR) has enforced no non-compliance penalties for HIPAA regulatory framework using its discretionary powers to battle out the current emergency situation in the country.
This means that healthcare providers in the United States are no longer require to choose HIPAA complaint remote communication platform to offer digital healthcare services, rather they are free to choose any non-public facing platform which is by and large available to the patients. Till the further notice, the OCR won’t be assessing penalties for healthcare providers or the remote communication platform by the lack of a Business Associate Agreement (BAA). Some of the accepted video-conferencing and non-public facing remote communication channels that have been okayed to be used for telemedicine software include; Cliniclive, Zoom, GoToMeeting, Microsoft Team, and various other platforms.
What regulations have been suspended/relaxed for Hospitals in response to Covid-19?
Well, telehealth services aren’t the only practice that has been offered leverage of non-compliance, rather hospitals, which essentially are the frontline battlegrounds against the Pandemic has also been given relaxation from the HIPAA compliance. The United States Department of Health and Human Services has already relaxed/dropped various HIPAA regulations for hospitals to enable healthcare facilities to continue their fight against the Covid-19 more efficiently and effectively.
Some of the HIPAA privacy rules that have been waived (temporarily) in response to the Covid-19 outbreak includes; the patients’ right to request privacy and confidential communications, the hospital’s requirement to obtain and honor patients’ consent to talk with family & friends or to opt-out of the facility director or to distribute a notice of privacy practices.
However, hospitals and clinics would have to apply for these waivers, which may be accessed quickly without any delays.
Telehealth Remote Communications
The Office of Civil Rights (OCR), has suspended the imposition of penalties due to non-compliance with the HIPAA regulatory framework by the telehealth service providers. The waiver to non-compliance penalties has been offered in connection with the good faith use of telehealth services to offer healthcare services to patients using remote communication technologies.
The notification for the compliance of penalties due to HIPAA non-compliance isn’t just restricted to the telehealth services that are meant to treat coronavirus, rather it’s an extensive notification that is applied to all healthcare service providers offering remote communication health services to patients, using non-public facing communication apps like Skype, Zoom, Microsoft Team, and others. However, the waiver doesn’t apply to telehealth practice using public-facing communication like Facebook Live.
Uses and Disclosures of PHI by Business Associates
Even before the Covid-19 outbreak and subsequent changes to the healthcare regulatory framework, the HIPAA privacy rules allowed covered entities to provide protected health information (PHI), and with the latest notification for the use and disclosure by the United States Health and Human Services department, business associates are also allowed to share the protected health information (PHI) in good faith without risk of triggering HIPAA non-compliance penalty.
The ultimate objective to waive this non-compliance penalty in the wake of Covid-19 is to support the efforts of the federal, provincial, and local health departments along with the health oversight agencies and state emergency operation centres to easily access any or all relevant data that may be available with business associates.