Bloomberg Law
Free Newsletter Sign Up
Bloomberg Law
Advanced Search Go
Free Newsletter Sign Up

Telehealth Doctors Told to Prepare for End of HIPAA Flexibility

June 13, 2022, 3:21 PM

Telehealth providers should prepare to comply with the HIPAA health privacy law once the federal public health emergency ends, the Department of Health and Human Services said in a guidance Monday.

Health-care providers, health plans, and health-care clearinghouses that transmit electronic health records were previously exempt from complying with the Health Insurance Portability and Accountability Act of 1996 “in connection with the good faith provision of telehealth using non-public facing audio or video remote communication technologies” during the public health emergency, the HHS said.

Telehealth usage exploded at the beginning of the pandemic, when many practices closed their doors and patients were hesitant to receive in-person care. The HHS exercised enforcement discretion to remove barriers to telehealth care from the many patients and doctors who had never had an online appointment.

The federal public health emergency is set to last until at least mid-July. The emergency, which was originally declared in January 2020, must be renewed every 90 days. The agency said it will give states a 60-day notice before letting it expire. Because that notice was not given when the HHS renewed the declaration in May, many health industry leaders believe the emergency will remain until October.

When the public health emergency expires, many regulatory flexibilities across the industry will expire. “This guidance will help ensure that individuals can continue to benefit from audio-only telehealth by clarifying how covered entities can provide telehealth services and improving public confidence that covered entities are protecting the privacy and security of their health information,” the HHS said.

Health-care providers should deliver telehealth services “in private settings to the extent feasible,” the HHS said. If they can’t find privacy, they should speak quietly and not use speakerphone.

The HIPAA Security Rule, which requires doctors to protect patients’ electronic medical information, doesn’t apply to audio-only telehealth using a landline “because the information transmitted is not electronic,” the HHS said. Smartphone apps would be covered by the rule.

To contact the reporter on this story: Allie Reed in Washington at

To contact the editor responsible for this story: Brent Bierman at