Select Page

Office of Civil Rights and Secretary of Health and Human Services Waives HIPAA Compliance Requirements

During the COVID-19 nationwide public health emergency, the Office of Civil Rights (OCR) and the Secretary of Health and Human Services (HHS) will exercise its enforcement discretion and will not impose penalties for noncompliance with the regulatory requirements under the HIPAA rules in connection with the good faith provision of telehealth during the COVID-19 public health emergency. This is effective immediately.

As stated in a notice from the OCR and HHS, “Under this Notice, covered health care providers may use popular applications that allow for video chats, including Apple FaceTime, Facebook Messenger video chat, Google Hangouts video, or Skype, to provide telehealth without risk that OCR might seek to impose a penalty for noncompliance with the HIPAA Rules related to the good faith provision of telehealth during the COVID-19 nationwide public health emergency.  Providers are encouraged to notify patients that these third-party applications potentially introduce privacy risks, and providers should enable all available encryption and privacy modes when using such applications. “

AAO members should continue to use any HIPAA-compliant technologies they might already be using to communicate with their patients. However, if you need to use additional technologies that are traditionally non-compliant, please notify your patients that third-party applications potentially introduce privacy risks. 

AAO members should additionally consider the following when implementing new virtual features within their practice during this period of time:

  • Consider what applications may be most convenient for your practice population. For example, Facetime is only applicable for iPhone users. You may consider two types of virtual tools to remain open to more patients.
  • While using virtual consults, set yourself up for future success by ensuring you are documenting after each virtual visit. If not directly within your practice management system, document the contents of the visit in a notebook, your computer or somewhere you can locate the information for future reference. This is an important part of using virtual consult tools to mitigate risks in the future.
  • While a federal waiver of HIPAA compliance is in place, states have their own additional HIPAA laws. If your state has not waived its HIPAA laws, you should still follow the laws in place. Check with your state’s Governor’s office or state dental board to find out more information
  • While HIPAA laws might be waived, you should still follow your state’s telehealth laws, and if applicable, teledentistry laws, unless those have been waived by your state. Check with your state dental board’s website to review current laws or to find out if laws have been waived.

The AAO legal and advocacy team will continue to work with our federal lobbyists to monitor any federal measures to address the impact that COVID-19 is having, or will have, on our members as healthcare professionals and small business owners and, where appropriate, lobby for inclusion of our members in such relief measures. 

U.S. Department of Health and Human Services, Health Information Privacy. https://www.hhs.gov/hipaa/for-professionals/special-topics/emergency-preparedness/notification-enforcement-discretion-telehealth/index.html