The HIPAA Security Rule does not apply to audio-only telehealth services provided via landline, but does apply to calls over cellular and internet connections. (Imagy by Frederik Lipfert on Unsplash)
The Office for Civil Rights at the U.S. Department of Health and Human Services today issued guidance on providing audio-only telehealth services in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
“Audio telehealth is an important tool to reach patients in rural communities, individuals with disabilities, and others seeking the convenience of remote options,” Office for Civil Rights Director Lisa Pino said in a news release. “This guidance explains how the HIPAA rules permit health care providers and plans to offer audio telehealth while protecting the privacy and security of individuals’ health information.”
HHS said the guidance is meant to ensure patients benefit from audio-only telehealth by clarifying for providers how covered entities can provide telehealth services, as well as by improving public confidence that providers are maintaining patient privacy and health information security.
Safeguards include telehealth being conducted in private settings when feasible with reasonable precautions. For example, if a patient can’t avoid sharing a room with a co-worker or a family member, healthcare providers should take extra steps for privacy like speaking in a lowered voice or recommending that the patient not use the speakerphone function.
The guidance also covers language accessibility, calls placed with Voice over Internet Protocol (VOIP) using wired or wireless internet instead of traditional landlines, along with device security and encryption of recordings or transcripts.
More information and resources are available in the guidance and its footnotes.