US HHS Announcement of Enforcement Discretion for Telehealth Remote Communications
What Telehealth Platforms Can I Use?
HHS states that covered health care providers can use any non-public facing remote communication product that is available to communicate with patients. This includes popular applications that allow for video chats, such as the following: o Apple FaceTime o Facebook Messenger video chat o Google Hangouts video o Skype
Providers are encouraged to notify patients that these third-party applications potentially introduce privacy risks. Providers should enable all available encryption and privacy modes when using these applications.
What Platforms Are Still Prohibited? HHS still prohibits using communication products that are public-facing. Therefore, do not use these types of platforms. Examples of public-facing communication products include, but are not limited to, the following: o Facebook Live o Twitch o TikTok
I Still Want to Use a HIPAA Compliant Telehealth Platform For My Practice. What Are Some Examples Of These?
HHS provides some examples of products that are HIPAA compliant and will enter into HIPAA business associate agreements (BAAs) in connection with the provision of their video communication products. (They stress that they have not reviewed the BAAs for the below entities, and that this is not an endorsement, certification, or recommendation): o Skype for Business o Updox o VSee o Zoom for Healthcare o Doxy.me o Google G Suite Hangouts Meet
In addition to the services noted by HHS, there are also platforms targeted specifically for mental health care, that similarly provide a BAA consistent with HIPAA requirements. These include: