HHS Issues Guidance on HIPAA and Audio-Only Telehealth

On Monday, June 13, the U.S. Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), is issuing guidance on how covered health care providers and health plans can use remote communication technologies to provide audio-only telehealth services when such communications are conducted in a manner that is consistent with the applicable requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules, including when OCR’s Notification of Enforcement Discretion for Telehealth – PDF is no longer in effect.

This guidance will help individuals to continue to benefit from audio-only telehealth by clarifying how covered entities can provide these services in compliance with the HIPAA Rules and by improving public confidence that covered entities are protecting the privacy and security of their health information.

While telehealth can significantly expand access to health care, certain populations may have difficulty accessing or be unable to access technologies used for audio-video telehealth because of various factors, including financial resources, limited English proficiency, disability, internet access, availability of sufficient broadband, and cell coverage in the geographic area.  Audio-only telehealth, especially using technologies that do not require broadband availability, can help address the needs of some of these individuals.

“Audio telehealth is an important tool to reach patients in rural communities, individuals with disabilities, and others seeking the convenience of remote options. This guidance explains how the HIPAA Rules permit health care providers and plans to offer audio telehealth while protecting the privacy and security of individuals’ health information,” said OCR Director Lisa J. Pino.

The Guidance on How the HIPAA Rules Permit Health Plans and Covered Health Care Providers to Use Remote Communication Technologies for Audio-Only Telehealth may be found at: https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/hipaa-audio-telehealth/index.html.

HHS Issues Guidance on HIPAA and Audio-Only Telehealth

On Monday, June 13, the U.S. Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), is issuing guidance on how covered health care providers and health plans can use remote communication technologies to provide audio-only telehealth services when such communications are conducted in a manner that is consistent with the applicable requirements…

Version 3.3 of the HHS Security Risk Assessment Tool Now Available

The Office of the National Coordinator for Health Information Technology (ONC) and Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) have released version 3.3 of the popular HHS Security Risk Assessment (SRA) Tool (https://www.healthit.gov/topic/privacy-security-and-hipaa/security-risk-assessment-tool). This tool is designed to aid small and medium sized health care organizations in…

Version 3.3 of the HHS Security Risk Assessment Tool Now Available

The Office of the National Coordinator for Health Information Technology (ONC) and Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) have released version 3.3 of the popular HHS Security Risk Assessment (SRA) Tool (https://www.healthit.gov/topic/privacy-security-and-hipaa/security-risk-assessment-tool). This tool is designed to aid small and medium sized health care organizations in their efforts to assess security risks.

The latest version of the SRA Tool contains a variety of feature enhancements based on user feedback and public input. New features include the incorporation of Health Industry Cybersecurity Practices (HICP) references, file association in Windows, improved reports, and other bug fixes and stability improvements.

Also new this year is the SRA Tool Excel Workbook. This alternative version of the SRA Tool takes the same content from the Windows desktop application and presents it in a familiar spreadsheet format. The Excel Workbook contains conditional formatting and formulas to calculate and help identify risk in a similar fashion to the SRA Tool application.

This version of the SRA Tool is intended to replace the legacy “Paper Version” and may be a good option for users who do not have access to Microsoft Windows.

Ransomware Resources for HIPAA Regulated Entities

Ransomware attacks on health care organizations are a growing threat, so the HHS Office for Civil Rights (OCR) shared with us the following information to ensure that HIPAA regulated entities are aware of the resources available to assist in preventing, detecting, and mitigating breaches of unsecured protected health information caused by hacking and ransomware. HHS…

OCR Issues Guidance on HIPAA, COVID-19 Vaccinations, and the Workplace

On Thursday, September 30, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) issued guidance to help the public understand when the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule applies to disclosures and requests for information about whether a person has received a COVID-19 vaccine. The…

Webinar on Enhancements to HHS Security Risk Assessment Tool

The Office of the National Coordinator for Health Information Technology (ONC) and the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services are hosting a new webinar for users of the Security Risk Assessment Tool. Learn about the SRA Tool and how it can be used at your organization, hear…

Cyber Alert: Updates on Ransomware and Critical VMware Vulnerability

The Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology has released a memo titled “What We Urge You To Do To Protect Against The Threat of Ransomware.”  This memo addresses the growing number and size of ransomware incidents and calls upon government and private sector to take steps…

Security Alert: Postcard Disguised as Official OCR Communication

The Office of Civil Rights (OCR) of the U.S. Department of Health & Human Services (HHS) has been made aware of postcards being sent to health care organizations informing the recipients that they are required to participate in a “Required Security Risk Assessment” and they are directed to send their risk assessment to www.hsaudit.org.  The link…

NAHC Submits Comments On Proposed HIPAA Privacy Rule

On January 21, 2021, the Office of Civil Rights under the Department of Health and Human Services issued a propose rule: Proposed Modifications to the HIPAA Privacy Rule To Support, and Remove Barriers to Coordinated Care and Individual Engagement Office HHS proposes to make a number of changes to the HIPAA Privacy Rule to strengthen…