Tag: Office for Civil Rights

HHS Issues Guidance on HIPAA and Audio-Only Telehealth

On Monday, June 13, the U.S. Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), is issuing guidance on how covered health care providers and health plans can use remote communication technologies to provide audio-only telehealth services when such communications are conducted in a manner that is consistent with the applicable requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules, including when OCR’s Notification of Enforcement Discretion for Telehealth – PDF is no longer in effect.

This guidance will help individuals to continue to benefit from audio-only telehealth by clarifying how covered entities can provide these services in compliance with the HIPAA Rules and by improving public confidence that covered entities are protecting the privacy and security of their health information.

While telehealth can significantly expand access to health care, certain populations may have difficulty accessing or be unable to access technologies used for audio-video telehealth because of various factors, including financial resources, limited English proficiency, disability, internet access, availability of sufficient broadband, and cell coverage in the geographic area.  Audio-only telehealth, especially using technologies that do not require broadband availability, can help address the needs of some of these individuals.

“Audio telehealth is an important tool to reach patients in rural communities, individuals with disabilities, and others seeking the convenience of remote options. This guidance explains how the HIPAA Rules permit health care providers and plans to offer audio telehealth while protecting the privacy and security of individuals’ health information,” said OCR Director Lisa J. Pino.

The Guidance on How the HIPAA Rules Permit Health Plans and Covered Health Care Providers to Use Remote Communication Technologies for Audio-Only Telehealth may be found at: https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/hipaa-audio-telehealth/index.html.

HHS Issues Guidance on HIPAA and Audio-Only Telehealth

On Monday, June 13, the U.S. Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), is issuing guidance on how covered health care providers and health plans can use remote communication technologies to provide audio-only telehealth services when such communications are conducted in a manner that is consistent with the applicable requirements…

Ransomware Resources for HIPAA Regulated Entities

Ransomware attacks on health care organizations are a growing threat, so the HHS Office for Civil Rights (OCR) shared with us the following information to ensure that HIPAA regulated entities are aware of the resources available to assist in preventing, detecting, and mitigating breaches of unsecured protected health information caused by hacking and ransomware. HHS…

Webinar on Enhancements to HHS Security Risk Assessment Tool

The Office of the National Coordinator for Health Information Technology (ONC) and the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services are hosting a new webinar for users of the Security Risk Assessment Tool. Learn about the SRA Tool and how it can be used at your organization, hear…

Cyber Alert: Updates on Ransomware and Critical VMware Vulnerability

The Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology has released a memo titled “What We Urge You To Do To Protect Against The Threat of Ransomware.”  This memo addresses the growing number and size of ransomware incidents and calls upon government and private sector to take steps…

New Legal Guidance and Resources to Expand Access to COVID-19 Vaccines for Elderly & Disabled

The Office for Civil Rights (OCR), the Administration for Community Living (ACL), and the Office of the Assistant Secretary for Planning and Evaluation (ASPE) at the U.S. Department of Health and Human Services (HHS) have published several new resources to help states, vaccination providers, and others leading COVID-19 response activities improve access to vaccines for…

Cyber Alert: Mitigating Microsoft Exchange Server Vulnerabilities

The Office for Civil Rights (OCR) of the Department of Health & Human Services (HHS) is sharing the following Updated Alert on Mitigating Microsoft Exchange Vulnerabilities to assist HIPAA-covered entities and their business associates in addressing serious threats to Microsoft Exchange servers.  Organizations are encouraged to review the information below and take appropriate action. The…

Surveyors to Enforce CDC Guidance for the 2019 Coronavirus

The Centers for Medicare & Medicaid Services (CMS) has issued a letter to surveyors that addresses infection control adherence for health care facilities related to the 2019 Novel Coronavirus (2019-nCoV), and reminds surveyors that providers must consider emerging infectious diseases in their emergency preparedness plans. The letter includes interim guidance issued by the Centers for…

New HHS Fact Sheet on Direct Liability of Business Associates under HIPAA

The Health and Human Services (HHS) Office for Civil Rights (OCR) has issued a new fact sheet that provides a clear compilation of all provisions through which a business associate can be held directly liable for compliance with certain requirements of the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules (“HIPAA Rules”), in accordance with…