April 02, 2020 2461

How HIPAA applies during the COVID-19 emergency.

How does HIPAA apply during the COVID-19 emergency?

The Office for Civil Rights within the U.S. Department of Health and Human Services announced March 15 that "it will exercise its enforcement discretion and will waive potential penalties for HIPAA violations against health care providers that serve patients through everyday communications technologies during the COVID-19 nationwide public health emergency."

The communications technology should not be public-facing. Examples of non-public facing communications technologies include Skype, Apple Facetime and video chat via Facebook Messenger, Jabber, WhatsApp and Google Hangouts. In normal circumstances, HIPAA requires a covered entity to have a business associate agreement with these platforms and to have included these technologies in its security risk analysis prior to utilization. Once the emergency ceases, a covered entity is expected to be in full compliance with the regulations.

To protect patient privacy during the emergency period, a dentist should converse with a patient in a private location, and should confirm that the patient also is in a private setting or else agrees to receive teledental services in a public or semi-public setting. Use reasonable safeguards such as lowering voice and not using a speakerphone. When investigating a complaint or incident that occurs at this time, OCR will consider all facts and circumstances when determining what constitutes a good faith provision of telehealth services.