ATA Urges Health Care Providers New to Telehealth Have Proper Safeguards to Ensure Patient Safety, Data Privacy and Security During COVID-19 Respons

On March 17, the Administration announced new flexibilities intended to expand access to telehealth under COVID-19 emergency authorities. The Department of Health and Human Services Office for Civil Rights (HHS OCR) issued a notification indicating that OCR will not enforce certain HIPAA regulations in connection with the good faith provision of telehealth during this emergency, in order to ease access to telehealth services. Specifically, health care providers may communicate with patients, and provide telehealth services, using technologies that may not fully comply with HIPAA requirements, including popular applications that allow for video chats, such as Apple FaceTime, Facebook Messenger video chat, Google Hangouts video, Zoom or Skype. Providers are encouraged to notify patients that these third-party applications potentially introduce privacy risks, and providers should enable all available encryption and privacy modes when using such applications.

The ATA issued the following statement, urging healthcare providers implementing telehealth services for the first time, to have proper safeguards in place to ensure they meet standards for patient safety, data privacy, and information security.

 

To help our overburdened healthcare system respond to the COVID-19 pandemic, the Administration rightly approved waivers on existing telehealth restrictions and expand access to virtual care during this public health emergency. This includes relaxing certain requirements to extend access to some telehealth services provided via smartphones, standard telephones, and other communications technologies.

The ATA applauds these acts by the Administration and Congress to ensure that all Americans get care where and when they need it. The ATA is also mindful that many healthcare providers are rapidly implementing telehealth services for the first time in response to this health emergency. While acting in good faith to provide access to care, there is a risk that some practitioners who are newer to telehealth may not fully appreciate the nuances of recent federal regulatory flexibilities and how these interact with laws and restrictions that have not been waived, particularly by states, third-party payers, and technology vendors.

To help ensure the appropriate use of telehealth during the pandemic and beyond, the ATA has developed a series of new tools and resources, including a guide to help clinicians quickly deploy telehealth to reach patients where they are at right now. These resources recognize many elements of a successful telehealth-based practice, including the importance of maintaining the privacy and security of patients and their information. The ATA encourages all practitioners, especially those who are offering telehealth services for the first time and/or in new ways, to understand how to securely engage in telehealth encounters with their patients, and to ensure they have proper safeguards in place.

Telehealth is and will remain a major way Americans access the healthcare they need. As more providers come online – figuratively and literally – the ATA urges increased vigilance by the healthcare community to ensure these practices meet standards for patient safety, data privacy, and information security.