HIPAA Guidance on Audio-only Telehealth
The Department of Health and Human Services issued guidance to help covered entities understand how they can use remote communication technologies for audio-only telehealth in compliance with the privacy and security rules under the Health Insurance Portability and Accountability Act (HIPAA).
This guidance was issued in the form of FAQs addressing the following topics:
• The HIPAA Privacy Rule allows covered entities to use remote communication technologies to provide audio-only telehealth services as long as reasonable safeguards are adopted to protect the privacy of protected health information (PHI).
• The HIPAA Security Rule applies to electronic PHI but does not apply to telehealth services using a standard telephone line because the information transmitted is not electronic.
• In some circumstances, the HIPAA Rules allow a covered entity to conduct audio-only telehealth using remote communication technologies without a business associate agreement in place with the vendor.
• Covered providers may offer audio-only telehealth services consistent with the HIPAA rules, regardless of whether any health plan covers or pays for those services.