• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to secondary sidebar
  • Skip to footer

  • Opinion
  • Health IT
    • Behavioral Health
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Patient Engagement
    • Population Health Management
    • Revenue Cycle Management
    • Social Determinants of Health
  • Digital Health
    • AI
    • Blockchain
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • M&A
  • Value-based Care
    • Accountable Care (ACOs)
    • Medicare Advantage
  • Life Sciences
  • Research

COVID-19: Why Limited HIPAA Waivers from HHS Don’t Do Enough To Address Telehealth

by Alissa Smith, Partner at Dorsey & Whitney and co-chair of its Health Transactions and Regulations Practice Group 03/18/2020 Leave a Comment

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print
COVID-19: Why Limited HIPPA Waivers from HHS Don't Do Enough To Address Telehealth

What You Need to Know:

– HHS issued some very limited HIPAA waivers to combat COVID-19999, but experts say it leaves out some very key guidance when it comes to telehealth.

– Alissa Smith, Partner at Dorsey & Whitney says the HHS is likely going to have to revisit this issue given the limited waivers issued this week.  

The main thing I am hearing from my health care provider clients is that they are seeking HIPAA-related guidance and waivers on how to provide telehealth services to patients using personal devices or other unsecured devices (e.g., iPad) or for the use of personal devices for provider to provider communications for rapid differential diagnosis communication with colleagues outside a particular system. 

The HIPAA-compliant approach requires secure devices which not everyone has access to. Many providers are asking to use personal computers/devices (not employer-issued) to access patient information from the electronic health record.  This is typically not allowed due to security concerns.

The HIPAA waivers issued this week are extremely narrow, and not likely to be of much help to the main issue I am hearing about now, which is how to reach patients and colleagues remotely using unsecured personal devices/computers.  For now, the answer is that this is not permitted under HIPAA, which means that providers will continue to be restricted to the use of company-issued and secured devices and communication channels.

These HIPAA waivers only apply to hospitals that have implemented a disaster recovery plan, and only for 72 hours after implementing the plan.  The waivers do not address the primary concerns I am hearing about regarding the desire to more freely conduct telehealth patient visits and provider-to-provider consultations using personal devices.   Instead, the waivers are geared only to hospitals and only to relieve some of the paperwork burden and typical confidentiality options in place for patients getting care in a hospital.  Specifically, the waivers will allow hospitals, for 72 hours in a disaster,

–    to not hand out the Notice of Privacy Practices to patients (those are the HIPAA documents patients always have to sign or refuse when they go to the doctor/hospital);

–   to not have to get patient authorization to speak with family and friends involved in the patient’s care (this standard is already fairly relaxed under HIPAA, so I don’t think this “waiver” will be as significant).

–  to not have to give patients an opportunity to opt-out of the hospital directory (this is the directory at each hospital with lists a patient’s name, location in the facility, general condition, and religious affiliation, and is available to people who ask for a patient by name).

–  to not have to offer a patient the right to request privacy restrictions, or presumably, to honor a requested restriction (normally, patients can request privacy restrictions on the use or disclosure of their health information, but hospital’s do not have to honor the request- EXCEPT, if a patient pays in full for a service/item and requests that the information about the service/item not be submitted to a health plan, the hospital is not allowed to send it to the health plan).

–  to not have to offer a patient to request confidential communications from the hospital (i.e., requests by the patient to receive information by alternative means or at alternative locations).

About Alissa Smith

Alissa Smith is a Partner at law firm Dorsey & Whitney and the co-chair of its Health Transactions and Regulations Practice Group. Alissa represents health systems, hospitals, pharmacies, specialty pharmacies, wholesale distributors, pharmacy benefit managers, long-term care providers, vendors in the healthcare industry, medical practices, individual providers, and other organizations in the healthcare industry.

Alissa’s practice involves health law transactional work, federal and state health law regulatory compliance advice, and administrative advocacy before state and federal agencies.

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

Tagged With: Coronavirus (COVID-19), Disaster Recovery, Electronic Health Record, Health Systems, HHS, HIPAA, hipaa-compliant, hippa, honor, Medical Practices, Pharmacy, Telehealth Services

Tap Native

Get in-depth healthcare technology analysis and commentary delivered straight to your email weekly

Reader Interactions

Primary Sidebar

Subscribe to HIT Consultant

Latest insightful articles delivered straight to your inbox weekly.

Submit a Tip or Pitch

Featured Insights

2025 EMR Software Pricing Guide

2025 EMR Software Pricing Guide

Featured Interview

Kinetik CEO Sufian Chowdhury on Fighting NEMT Fraud & Waste

Most-Read

2019 MedTech Breakthrough Award Category Winners Announced

MedTech Breakthrough Announces 2025 MedTech Breakthrough Award Winners

WeightWatchers Files for Bankruptcy to Eliminate $1.15B in Debt

WeightWatchers Files for Bankruptcy to Eliminate $1.15B in Debt

KLAS: Epic Dominates 2024 EHR Market Share Amid Focus on Vendor Partnership; Oracle Health Sees Losses Despite Tech Advances

KLAS: Epic Dominates 2024 EHR Market Share Amid Focus on Vendor Partnership; Oracle Health Sees Losses Despite Tech Advances

'Cranky Index' Reveals EHR Alert Frustration Peaks Midweek, Highest Among Admin Staff

‘Cranky Index’ Reveals EHR Alert Frustration Peaks Midweek, Highest Among Admin Staff

Madison Dearborn Partners to Acquire Significant Stake in NextGen Healthcare

Madison Dearborn Partners to Acquire Significant Stake in NextGen Healthcare

Wandercraft Begins Clinical Trials for Physical AI-Powered Personal Exoskeleton

Wandercraft Begins Clinical Trials for Physical AI-Powered Personal Exoskeleton

Chipiron Secures $17M to Transform MRI Access with Portable Scanner

Chipiron Secures $17M to Transform MRI Access with Portable Scanner

Abbott to Integrate FreeStyle Libre Glucose Data with Epic EHR

Abbott to Integrate FreeStyle Libre Glucose Data with Epic EHR

5 Ways New Trump Administration Tariffs Are Impacting U.S. Healthcare Now

5 Ways Trump Administration Tariffs Are Impacting U.S. Healthcare Now

iCAD, GE HealthCare Integrate to Advance Breast Cancer Detection with AI

RadNet to Acquire iCAD for $103M in All-Stock Transaction

Secondary Sidebar

Footer

Company

  • About Us
  • Advertise with Us
  • Reprints and Permissions
  • Submit An Op-Ed
  • Contact
  • Subscribe

Editorial Coverage

  • Opinion
  • Health IT
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Population Health Management
    • Revenue Cycle Management
  • Digital Health
    • Artificial Intelligence
    • Blockchain Tech
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • Value-Based Care
    • Accountable Care
    • Medicare Advantage

Connect

Subscribe to HIT Consultant Media

Latest insightful articles delivered straight to your inbox weekly

Copyright © 2025. HIT Consultant Media. All Rights Reserved. Privacy Policy |