The expiration of the COVID-19 national public health emergency on May 11, 2023 brought a number of changes in healthcare. Among those changes was a significant shift in telehealth regulatory compliance risk. In March 2020, the US Department of Health and Human Services Office for Civil Rights (OCR) announced that it was exercising enforcement discretion and waiving potential penalties related to HIPAA violations for the use of "everyday communications technologies" in telehealth during the pandemic. These common video communication applications included Apple FaceTime, Facebook Messenger video chat, and other popular video chat applications.
However, with the expiration of the public health emergency, OCR is ending its enforcement discretion and waiver period after a 90-day transition between May 12 and August 9, 2023. Following this transition period, OCR may once again impose penalties for the use of communication technologies that are not HIPAA compliant. To be compliant, the application should be encrypted, and developers must sign a business associate agreement. For practices and providers still relying on OCR's enforcement discretion and waiver, now is the time to become compliant with the proper use of communication technology in telehealth.
OCR has issued guidance on this topic which may be accessed here.
Additionally, SVMIC has a number of resources on this topic for its policyholders which are available in your Vantage® portal.
The contents of The Sentinel are intended for educational/informational purposes only and do not constitute legal advice. Policyholders are urged to consult with their personal attorney for legal advice, as specific legal requirements may vary from state to state and/or change over time.
