Conversations Blog

Jenny Albertson, NHA

Director of Quality & Regulatory Affairs

New Privacy Requirements Coming

Check your Devices

This week, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) announced that the Notifications of Enforcement Discretion issued under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act during the COVID-19 public health emergency will expire at 11:59 pm on May 11, 2023, due to the expiration of the COVID-19 public health emergency.

While Congress extended many of the telehealth coverage flexibilities impacting our members and their residents permanently or until December 31, 2024, this policy change will no longer permit providers to use technology such as unsecure iPads, smart phones, or other technology for telehealth services unless they meet the stringent HIPAA patient privacy requirements after August 9, 2023.

AHCA/NCAL​ strongly recommends that providers using telehealth services review and update their policies and procedures, equipment and arrangements related to telehealth services. Specifically, providers should evaluate the equipment and software technology they are using for telehealth services and the arrangements they have with technology vendors, as well as physicians, hospitals, and other providers to update agreements and policies related to telehealth prior to the end of the enforcement discretion transition period on August 9, 2023. 


Post provided courtesy of    BlogNCAL