Guidance issued by the Department of Health and Human Services (HHS) confirms that legislation and regulations enacted to extend telehealth flexibilities beyond the end of the COVID-19 public health emergency (PHE) does not include the use of non-HIPAA-compliant telehealth platforms.
Following the White House’s announcement that the COVID-19 PHE will end on May 11, HHS and Centers for Medicare and Medicaid Services (CMS) released several fact sheets and guidance documents detailing some of the policy changes that will be occurring. While multiple Medicare telehealth service waivers are tied to the PHE, guidance, HHS stressed: “The vast majority of current Medicare telehealth flexibilities that Americans-particularly those in rural areas and others who struggle to find access to care-have come to rely upon over the past two years, will remain in place through December 2024 due to the bipartisan Consolidated Appropriations Act, 2023 passed by Congress in December 2022.”
However, the issued guidance from HHS confirms that HIPAA enforcement discretion regarding the use of non-HIPAA-compliant technology platforms will not be among the extended flexibilities. Following the end of the PHE on May 11, providers will be expected to return to pre-COVID privacy and security policies related to telehealth use, which include ensuring that telehealth platforms are HIPAA-compliant and that business associate agreements (BAAs) are in place with vendors of platforms utilized by a covered entity.
This change means healthcare providers using popular video chat applications such as Apple FaceTime, Google Hangouts video, Zoom, or Skype will need to switch to a HIPAA-compliant platform by May 11 or at risk of potential HIPAA violations.
For more information on telehealth flexibilities and the end of the COVID-19 PHE, see here, here, and here.
We urge you to watch the recording of our recent client webinar, HHS Requires Use of HIPAA-Compliant Telehealth Solution by May 11, available here.
Click here to learn about NextGen® Virtual Visits, our full-featured HIPAA and BAA-compliant patient engagement platform, including telehealth, remote patient monitoring, online scheduling, and check-in, and integrated patient payments.
Click here to learn more about NextGen Office Premium Patient Portal™, a HIPAA-compliant video solution that’s embedded in a cloud-based EHR/PM. Designed for healthcare, it’s easy to use and convenient for your patients.