Covid-19 and Telehealth: Clarification of OCR Expectations of HIPAA Regulations

Why Should You Attend:

In an effort to ensure HDOs’ clinicians/providers are reimbursed for telehealth services an effective BAA is necessary. Without a BAA with the following platforms, a payor may not reimburse for telehealth services:

• FaceTime
• Text Messaging
• Google
• Skype for Business / Microsoft Teams
• Updox
• VSee
• Zoom for Healthcare
• Doxy.me
• Google G Suite Hangouts Meet
• Cisco Webex Meetings / Webex Teams
• Amazon Chime
• GoToMeeting

Learn the how to apply HIPAA Technical Safeguards to protect ePHI to telehealth services. Learn to apply said concepts to home office provider services. Understand payors – like Medicare and Medicaid, expectations for reimbursement.

Response to COVID-19 presents challenges for privacy and security professionals. With the need to meet the demand, the Office of Civil Rights has relaxed HIPAA regulations and possible penalties which may be incurred. The Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS) is responsible for enforcing certain regulations issued under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended by the Health Information Technology for Economic and Clinical Health (HITECH) Act, to protect the privacy and security of protected health information, namely the HIPAA Privacy, Security and Breach Notification Rules (the HIPAA Rules).

The OCR released a notification which relaxed the penalties for breaches during the COVID-19 national emergency - a nationwide public health emergency covered health care providers subject to the HIPAA Rules may seek to communicate with patients, and provide telehealth services, through remote communications technologies. In an effort to meet demand, some of these technologies, and the manner in which they are used by HIPAA covered health care providers, may not fully comply with the requirements of the HIPAA Rules. Consequently, OCR will exercise its enforcement discretion and will not impose penalties for noncompliance with the regulatory requirements under the HIPAA Rules against covered health care providers in connection with the good faith provision of telehealth during this COVID-19 emergency.

With telehealth functioning as a leading form of communication between providers and patients, an array of platforms are being utilized to connect. Even though, providers are practicing with less stringent penalties under the HIPAA Rules during this time, payors are held to the same standard and penalties for privacy and security breaches. Thus, payors are making determinations with regard to what platforms may be utilized.

Areas Covered in the Webinar:

• HIPAA Technical Safeguards §164.312 for telehealth; and
• Business Associates Agreements in a COVID-19 era; and
• Understand the privacy and security pitfalls of telehealth platforms; and
• Identify platforms with weak security measures.

Who Will Benefit:

• HIPAA Privacy Professionals
• Providers
• Clinicians
• Payors
• Healthcare Privacy and Security professionals
• Telehealth professionals

Free Materials:

• §164.312 Technical Safeguards Checklist
• Notification of Enforcement Discretion for Telehealth Remote Communications During the COVID-19 Nationwide Public Health Emergency
• COVID-19 Scams Articles

Coy Murchison
Owner, Berry Herring Hayes and Associates

Coy Murchison is the owner a boutique consulting company – Berry, Herring, Hayes & Associates. She serves on several boards. She is most proud of her work as the first vice-chair, establishing the Alliance For A Brighter Community (“ABC”) Foundation. An organization which supports post-baccalaureate dreams of disadvantage students and families. However, she is most proud of her two boys which are the greatest joy in her life.

She has functional knowledge and expertise in both HIPAA privacy and security, and considered the ideal candidate to build newly imagined compliance platforms which captured threat prevention and security protocols of medical devices within hospital IT infrastructures.

As an accomplished healthcare compliance consultant for 15-year,- Coy Murchison has successfully trained large and small healthcare institutions on HIPAA compliance. She has served as a HIPAA privacy expert with proven results. In the evolution of HIPAA, she has attained accreditations as an implementation manager and recognized as a change agent in establishing compliance programs which aids in the ease of applicability of an amalgamated program to ensure patients’ health information is protected from unauthorized exposure.

Follow us :