Amid the coronavirus pandemic, the need for telehealth services led the Department of Health and Human Services (HHS) to temporarily ease restrictions surrounding its use. However, at some point the emergency telehealth waiver will expire. 

What Was the Purpose of the Telehealth Waiver

telehealth waiver

The HHS passed the emergency telehealth waiver in an effort to increase access to telehealth, and allow providers to quickly transition their practices to a remote environment. The waiver allows providers to use non-public facing telecommunications to offer telehealth without fear of facing HHS fines for telehealth offered in “good faith.” Basically, telehealth providers can use software that is not usually HIPAA compliant to offer telehealth appointments, as long as they don’t use public platforms such as Facebook.

The passing of the waiver allowed for a 50% increase in telehealth services across the country. However, providers wishing to offer telehealth services after the waiver expires must ensure that the platform they use is HIPAA compliant.

When Will the Telehealth Waiver Expire

It is unclear when the HHS will lift the temporary waiver, but it is likely to expire some time in the near future. This is why it is important for healthcare providers to prepare for the inevitable and start using HIPAA compliant software now. Making the transition to HIPAA compliant software sooner rather than later will not only make it easier for your practice to ensure your HIPAA compliance, it will also ease the transition for patients by preparing them to use other technologies.

Rated #1 on G2

“Compliancy Group makes a highly complex process easy to understand.”

G2 Leader Fall 2024

How to Ensure Telehealth HIPAA Compliance After Enforcement Resumes

To avoid OCR enforcement once the telehealth waiver is lifted, you will need to start using HIPAA compliant software. But what makes a software HIPAA compliant?

Security measures. For software to be considered HIPAA compliant, it must have security measures in place to ensure the confidentiality, integrity, and availability of protected health information (PHI). This includes access controls, user authentication, audit controls, and encryption.

Business associate agreements (BAAs). No matter what security measures a software provider offers, if they are unable or unwilling to sign a BAA, they cannot be used for HIPAA compliant telehealth. In fact, a good portion of the software currently being that is not HIPAA compliant, is only not compliant because they don’t sign BAAs.

Employee training. In the end, software HIPAA compliance comes down to how it is used by the end user. As such, employees must be trained on the proper uses and disclosure of PHI in relation to the software being used.