Elizabeth Hodge co-wrote an article published by the American Health Lawyers Association (AHLA) providing guidance to healthcare practitioners, particularly within the telehealth industry, on adhering to strict patient privacy standards during the Coronavirus emergency declaration.
“Nestled at the end of the Appropriations Act is the ‘Telehealth Services During Certain Emergency Periods Act of 2020,’ plucked from the earlier introduced CONNECT for Health Act, which permits the Secretary of the Department of Health and Human Services to waive the originating site requirement for telehealth services reimbursed by Medicare, although with several added restrictions[…]
However, The Appropriations Act makes no reference to privacy and security standards, nor to the Health Insurance Portability and Accountability Act (HIPAA), related statutes, or their implementing regulations. This has already led to confusion among practitioners preparing to implement the anticipated waiver and provide telehealth services under these new rules via smartphones.
Under HIPAA, covered entities must implement reasonable safeguards to protect patient Protected Health Information (PHI) from unauthorized disclosures, and PHI may only be used or disclosed in certain circumstances, when needed for patient care, or other important purposes. These standards are not relaxed during public health emergencies, and the Appropriations Act does not waive or permit the Secretary to waive any HIPAA requirements.”