About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline

1 1 (June 05, 2020)

handle is hein.crs/govdazx0001 and id is 1 raw text is: 









                   Resarh Set-wkc





HIPAA, Telehealth, and COVID-19



June 5, 2020
In recent years, health care providers have increasingly turned to technology to provide remote health care
services to patients (i.e., telehealth). This use of telehealth has only become more important in the midst
of the coronavirus disease 2019 (COVID-19) pandemic, as it has allowed providers and patients to
minimize their contact with one another. However, the use of technology to transmit information carries
privacy risks. Federal law thus limits the extent to which health care providers may use technology to
transmit medical information. In particular, the Health Insurance Portability and Accountability Act
(HIPAA) requires covered entities -namely, health care providers, health plans, and health
clearinghouses-to abide by data privacy, data security, and data breach notification requirements in their
treatment of certain medical information. While HLPAA's restrictions mitigate privacy and security
concerns, they also limit health care providers' ability to offer telehealth services. Given the increased
need for telehealth options due to COVID- 19, the Department of Health and Human Services (HHS) has
announced that it will not enforce HLPAA's requirements against health care providers who are engaged
in the good-faith provision of telehealth services during the COVID-19 emergency, regardless of whether
those service are related to COVID-19.
This Sidebar provides a high-level overview of this issue. It first discusses the scope of HLPAA's
requirements and how those requirements apply to telehealth. It then describes the actions HHS has taken
to provide relief from these requirements during the COVID-19 pandemic.


HIPAA's Requirements


General Overview
HIPAA imposes obligations on health care providers and other covered entities, including health plans
and health clearinghouses, regarding their transmission of protected health information (PHI). PHIL
includes information that (1) identifies, or can reasonably be used to identify, an individual; (2) is
created or received by a health care provider, health plan, employer, or health care clearinghouse; (3)
relates to an individual's physical or mental health, health care provision, or payment for provision of
health care; and (4) is transmitted by or maintained in electronic or any other format.
Under HIPAA, health care providers must treat PHI consistent with requirements set forth in several HHS
regulations known as the Privacy Rule, the Security Rule, and the Breach Notification Rule. The

                                                                 Congressional Re search Service
                                                                   https://crsreports.congress.gov
                                                                                      LSB10490

CRS kega  isebar
Prempa red .o  r ---embersand
C o m m ; .. t eei o f e o n o   l C o   -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------...........

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Contact us for annual subscription options:

Already a HeinOnline Subscriber?

profiles profiles most