Telehealth services, HIPAA and Telehealth, aswb

Secure COVID Telehealth Services: Has HIPAA Gone Away?


Please support’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker.

Over the course of the past couple of months, telehealth has expanded exponentially, but questions still loom about secure COVID telehealth services. A recent study found that in the next five years, it is expected that the telehealth market will grow by 38.2%. In 2020 alone, the telehealth market will likely grow by 64.3%.

“The critical need for social distancing among physicians and patients will drive unprecedented demand for telehealth, which involves the use of communication systems and networks to enable either a synchronous or asynchronous session between the patient and provider,” said Victor Camlek, Healthcare Principal Analyst at Frost & Sullivan. If you haven’t yet begun to deliver secure COVID telehealth services, the tips below will help you think about your options. If you have started, it will help you work legally and ethically with best practices related to HIPAA.

Is HIPAA Gone? Offering Maximally Secure COVID Telehealth Services

With the COVID-19 pandemic, many providers are quickly adapting to the changing environment and relying on technology which they do not adequately understand. Many practitioners also don’t understand HIPAA’s recent shift in relaxing enforcement so as to provide maximally secure COVID telehealth services.

The Department of Health and Human Services (HHS) continues to release new guidance on the use of telehealth services and HIPAA, to ease the transition for these providers. Some of the guidance has been misconstrued; there is a common misconception that telehealth services no longer need to be HIPAA compliant. However, this is simply untrue; the guidance applies to temporarily lessen enforcement of sanctions again errant clinicians. The changes, however, have not changed the law. In essence, the Office for Civil Rights (OCR) will not enforce rules currently on the books. They have agreed to look the other way – not remove the rules. The actual wording of their shift relates to the use of video conferencing platforms that are normally deemed unsuitable, as long as the treatment is provided in “good faith.” This means that clinicians must:

Offer services in maximally protected environments, in other words, choose technology that will offer the highest level of privacy and security possible and be able to explain

Release the least amount of information possible

Inform clients and patients of the risks associated with the clinician’s choice to use of any technology (which means the clinician must understand and explain these risks).

Risks associated with unsecure environments such as Facetime and Skype, then, should be explained to the client and patient.

When platforms such as Skype, the clinician should be aware of features such as typing words while communicating, which can render the exchange visible to onlookers months later. It is best then, to avoid leaving any trace of clinical care that can be seen by other parties when opening Skype months later. Only using the video portion is suggested. Video exchanges on Skype are not recorded and therefore cannot be as easily traced months later.

Avoid all recording features allowed by platforms. Clinicians rarely record behavioral sessions when working in-person. Such cautions are even more appropriate online, where protecting a client or patient’s security is paramount. Although HIPAA sets standards for technology platforms to meet, hacking occurs regularly.

Proper release forms outlining those particular risks should be signed by the client/patient.

The informed clinician then keeps the client or patient’s welfare at the forefront of their decision-making at all times, mitigating risks, using HIPAA-complaint technology whenever possible. For a list of platforms claiming HIPAA-compliance, see’s Telehealth Buyer’s Guide.

Document their rationales fully

Although the HHS is lessening HIPAA enforcement surrounding the use of videoconferencing platforms, telehealth providers are still restricted from using public-facing platforms such as Facebook Messenger and TikTok. Telehealth providers must also continue to adhere to the standards set forth by HIPAA (i.e. implementing safeguards, business associate management, policies and procedures, training, etc.).

Introduction to Telehealth Theory & Practice

Enjoy a fast-moving overview of telebehavioral and telemental health. Understand the key points related to telehealth clinical, legal, ethical, technology, reimbursement, social media and other pivotal issues.

Disclaimer: offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to Privacy Policy and Terms and Conditions.

Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x