What You Need to Know About HIPAA Compliance During COVID-19

What You Need to Know About HIPAA Compliance During COVID-19

Photo Attribution: [email protected]/Shutterstock.com

The spread of COVID-19 into North America has left businesses and people scrambling. When it comes to healthcare, people are asking questions like, "What do I do if I am unwell and need to see a doctor?" and "Is my doctor even open?"

For the safety of patients and providers alike, most doctors' offices, which are not hospitals, have had to shut their doors temporarily during the COVID-19 pandemic. Many have transitioned to online patient care, better known as telehealth. For providers who may not have had to make this type of arrangement before, setting up this service can be a daunting task, especially if you would like to provide a service that runs smoothly. You can learn more about the tech you will need to get started in Giva's article, "What You Will Need to Set Up a Telehealth Practice: The Essentials".

While providers scramble to figure out what technology is needed to keep their businesses open for patients, HIPAA compliance may be overlooked. Though providers can take solace in the fact that the U.S. Department of Health & Human Services has relaxed some of its regulations during these difficult times.

What are standard HIPAA regulations for telehealth in the U.S.?

HIPAA (Health Insurance Portability and Accountability Act of 1996) is legislation that provides data privacy and security guidelines for protecting PHI. When it comes to telehealth, HIPAA sets out its guidelines within their security section, which state the following:

  • Only authorized users should have access to ePHI.
  • A system of secure communication should be implemented to protect the integrity of ePHI.
  • A system of monitoring communications containing ePHI should be implemented to prevent accidental or malicious breaches.

You can learn more about HIPAA requirements for telehealth at the U.S. Department of Health & Human Services website.

What regulations are being relaxed for telehealth operations?

Telehealth providers can expect less 'policing' of policies for the time being. According to the U.S. Department of Health & Human Services, the Office for Civil Rights (OCR) will exercise its enforcement discretion and will not impose penalties for noncompliance with the regulatory requirements under the HIPAA Rules against covered health care providers in connection with the good faith provision of telehealth during the COVID-19 nationwide public health emergency.

In addition, telehealth providers can now use any non-public facing remote communication product that is available to communicate with patients. The OCR will not be assessing penalties for this and for the lack of a Business Associate Agreement (BAA) with the video conference software provider. Acceptable forms of non-public facing video chat services include Zoom, Microsoft Teams, GoToMeeting, and many more. For a full list, visit the link specified above.

What regulations are being relaxed for Hospitals during COVID-19?

What about hospitals? They are the front-lines of the COVID-19 pandemic, and as the environment has had to assume a new pace, standard HIPAA regulations may be overlooked. The Department of Health & Human Services has also decided to relax some of its HIPAA regulations in hospitals.

So what has changed?

Under Section 1135 of the Social Security Act, items within the HIPAA privacy rule were temporarily waived, including:

  • The requirement to obtain a patient's agreement to speak with family members or friends.
  • The requirement to honor a patient's request to opt-out of the facility directory.
  • The requirement to distribute a notice of privacy practices.
  • The patient's right to request privacy restrictions.
  • The patient's right to request confidential communications.

Healthcare providers must apply for this waiver, though turnaround time is quick. Providers can learn more and apply at the dedicated CMS webpage.

How can Giva help?

Founded in 1999, Giva was among the first to provide a suite of HIPAA compliant help desk and customer service/call center applications architected for the cloud.

While exponentially scaling, how can telehealth and telemedicine providers assist patients using their platforms? Patients and healthcare providers may encounter technical problems with videoconferencing, appointment setting, insurance eligibility, billing, and e-prescribing. Also, rapid and successful patient onboarding may require non-medical personnel working with patients.

Giva has a strong focus on telehealth and we can help you get up and running on a Patient and Healthcare Provider Service Center Portal to increase satisfaction, speed issue resolution, and decrease costs.

Sign up for a no-obligation 30-day trial of Giva.