American College Of Surgeons - Inspiring Quality: Highest Standards, Better Outcomes

Telehealth Vendors and HIPAA Rules

A health care provider who wants to use audio or video communication technology to provide telehealth to patients during the COVID-19 nationwide public health emergency (PHE) can use any non-public facing remote communication product that is available to communicate with patients. The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) is exercising its enforcement discretion to not impose penalties for noncompliance with the HIPAA Rules in connection with the good faith provision of telehealth using such non-public facing audio or video communication products for the duration of the PHE. This exercise of discretion applies to telehealth provided for any reason, regardless of whether the telehealth service is related to the diagnosis and treatment of health conditions related to COVID-19.

Under these rules, providers can use popular applications that allow for video chats, including Apple FaceTime, Facebook Messenger video chat, Google Hangouts video, Zoom, or Skype, to provide telehealth. However, public-facing video communication applications, such as Facebook Live, Twitch, and TikTok, should not be used in the provision of telehealth.

The list below includes some vendors through which telehealth services may be furnished:

*Non-HIPAA-compliant product; may still be used for telehealth during the PHE

Providers are encouraged to notify patients that these third-party applications potentially introduce privacy risks, and providers should enable all available encryption and privacy modes when using such applications.

FAQs on Telehealth and HIPAA during the PHE