Health prime logo


HHS issued a new HIPAA guidance on audio-only telehealth visits

Read about this HIPAA guidance for audio-only telehealth visits and how covered entities can provide these services while complying with the HIPAA Rules.

On June 13, the U.S. Department of Health and Human Services (HHS) issued a guidance for healthcare providers and health plans. The document stated how healthcare professionals can use remote communication technologies to provide audio-only telehealth services. This includes after the COVID-19 public health emergency.

The Office of Civil Rights (OCR) issued a notification stating that the institution would not impose penalties for HIPAA noncompliance on covered healthcare providers nor covered entities for using non-public facing remote products to communicate with patients. Even when the technology and its use do not fully comply with HIPAA rules.

The new guidance was created to help covered entities understand how they can use remote communication technologies for audio-only telehealth in compliance with the HIPAA Rules. This includes when OCR’s Notification of Enforcement Discretion for Telehealth Remote Communications is no longer in effect.

Here are some key takeaways you should know for audio-only telehealth visits:

1. The HIPAA Security Rule does not apply to audio-only telehealth services provided using a standard telephone line. This is because the information transmitted is not electronic.

2. A Covered Entity (CE) communicating with patients via telephone is not required to enter a Business Associate (BA) agreement with a telecommunication service provider.

3. The security rule applies when a CE uses electronic communication technologies, such as Voice over Internet Protocol or mobile devices that use electronic media, like the internet, intra- and extranets, cellular, and Wi-Fi networks.

4. A BA agreement is required if the service provider has a hand in creating, receiving, or maintaining the information on behalf of the CE. Read more about this on our blog How to make sure your BAs are HIPAA Compliant.

According to the Office of Civil Rights (OCR) Director, Lisa J. Pino, “audio telehealth is an important tool to reach patients in rural communities, individuals with disabilities, and others seeking the convenience of remote options”. Therefore, the importance of having a guidance to ensure the privacy and security of health information. Read the full guidance here.

Being HIPAA Compliant is vital for practices. It is important to protect your information and implement reasonable safeguards to prevent violations and avoid sanctions. Read more about this on our blog 4 steps to reduce HIPAA breaches within your medical practice.

Stay tuned for this and more industry news through our June 2022 newsletter. Subscribe to our monthly newsletter and our Health Prime Blog for ongoing leading industry medical practice articles and policy updates.

Share on facebook
Share on twitter
Share on linkedin


Subscribe to
our Blog

to our Newsletter