New HIPAA Telehealth Guidance For Audio-Only Services

June 13, 2022
HHS, through its Office for Civil Rights, issued guidance on June 13 on how covered healthcare provider and health plans can provide audio-only services applicable to HIPAA

According to a June 13 press release, the U.S. Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), is issuing guidance on how covered healthcare providers and health plans can use remote communication technologies to provide audio-only telehealth services when communications are directed in a way that is consistent with the relevant requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules, including when OCR’s Notification of Enforcement Discretion for Telehealth is no longer applicable.

The release states that “This guidance will help individuals to continue to benefit from audio-only telehealth by clarifying how covered entities can provide these services in compliance with the HIPAA Rules and by improving public confidence that covered entities are protecting the privacy and security of their health information.”

That said, “While telehealth can significantly expand access to health care, certain populations may have difficulty accessing or be unable to access technologies used for audio-video telehealth because of various factors, including financial resources, limited English proficiency, disability, internet access, availability of sufficient broadband, and cell coverage in the geographic area.  Audio-only telehealth, especially using technologies that do not require broadband availability, can help address the needs of some of these individuals.”

For example, the guidance explains that traditional landlines are being replaced with electronic communication technologies such as Voice over Internet Protocol (VoIP) and mobile technologies that use electronic media. The HIPAA Security Rule applies when a covered entity uses electronic communication technologies. “Covered entities using telephone systems that transmit ePHI need to apply the HIPAA Security Rule safeguards to those technologies,” the guidance adds. “Note that an individual receiving telehealth services may use any telephone system they choose and is not bound by the HIPAA Rules when doing so. In addition, a covered entity is not responsible for the privacy or security of individuals’ health information once it has been received by the individual’s phone or other device.”

OCR Director Lisa J. Pino was quoted in the release saying that “Audio telehealth is an important tool to reach patients in rural communities, individuals with disabilities, and others seeking the convenience of remote options. This guidance explains how the HIPAA Rules permit health care providers and plans to offer audio telehealth while protecting the privacy and security of individuals’ health information.”

Sponsored Recommendations

AI-Driven Healthcare: Empowering Nurses, Clinicians, and Care Teams for Smarter, More Efficient Care

Explore how AI-first ThinkAndor® is transforming nursing workflows and patient care at Sentara, improving outcomes, reducing readmissions, and enhancing care transitions in this...

The Future of Storage: The Complexities and Implications in Healthcare

Join us on January 23rd to explore the future of data storage in healthcare and learn how strategic IT decisions today can shape agility and competitiveness for tomorrow.

IT Healthcare Report: Technology Insights for a Transformative Future

Explore the latest healthcare IT trends, challenges, and opportunities in AI, patient care, and security. Gain actionable insights to navigate the industry's transformation.

How to Build Trust in AI: The Data Leaders’ Playbook

This eBook strives to provide data leaders like you with a comprehensive understanding of the urgent need to deliver high-quality data to your business. It also reviews key strategies...