Governance & Risk Management , Healthcare , HIPAA/HITECH

Telehealth Privacy Concerns to Be in Spotlight Post-COVID-19

Privacy Attorney Adam Greene on HIPAA, Regulatory Issues Once Health Emergency Ends
Adam Greene, partner, Davis Wright Tremaine

The telehealth industry exploded in the wake of the COVID-19 pandemic as a way to relieve crowded waiting rooms and examine patients without the risk of spreading the virus. U.S. federal regulators recognized the benefits of telehealth and waived some provisions of HIPAA patient privacy rules as the medical community explored this evolving technology.

See Also: Securing Healthcare: Minimizing Risk in an Ever-Changing Threat Landscape

That's all about to come to an end on May 11, when President Joe Biden is expected to lift the coronavirus public health emergency order, which will end the Department of Health and Human Services' Office for Civil Rights limited HIPAA waiver program.

"With those coming to an end, that essentially means that OCR could potentially begin bringing enforcement actions for violations in these areas," says privacy attorney Adam Greene of the law firm of Davis Wright Tremaine. "The big one is certainly going to be telehealth."

Greene says OCR regulators said they would exercise discretion in enforcing certain potential HIPAA violations during the pandemic and overlook issues such as a lack of reasonable safeguards or failure to have a business associate agreement in place. But setting up an agreement with a telehealth vendor could be challenging, he says.

"Right now you can do telehealth using whatever app is most convenient to you and the patient," Greene says. "Some of those app providers may not necessarily be willing to sign business associate agreements, and so some organizations may need to shift to different telehealth solutions that may not be quite as patient-friendly - at least compared to what they were used to."

In this video interview with Information Security Media Group, Greene also discusses:

  • The latest HHS OCR breach investigation and HIPAA enforcement trends;
  • The Federal Trade Commission's recent $1.5 million civil monetary penalty against telehealth services and discount prescription drug company GoodRx - the agency's first enforcement action involving the FTC's 14-year-old Health Data Breach Notification Rule;
  • Growing privacy concerns involving the use of tracking codes in healthcare websites.

Greene specializes in health information privacy and security laws, including applying those laws to new technologies, such as artificial intelligence and machine learning. He formerly served as senior health information technology and privacy specialist at the HHS OCR, where he played a significant role in administering and enforcing HIPAA privacy, security and breach notification rules.

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.