• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • location_onContact
  • (330) 673-9500

Ickes \ Holt LLC

Information Security. Corporate Law. Litigation

  • Home
  • Attorneys
    • James Ickes, Esq., HCISPP, GLEG
    • Joel A. Holt, Esq., CIPP/US
  • Practice Areas
    • INFORMATION SECURITY & PRIVACY
      • A Call to Action
      • Data Breach Lawsuits
    • MEDICAL CANNABIS
    • LITIGATION
    • CORPORATE LAW
    • TRANSACTIONAL LAW
  • Insights
  • Our Philosophy
  • Payment Portal
  • Search
TELEHEALTH RESTRICTIONS LIFTED

Apr 09 Leave a Comment

TELEHEALTH RESTRICTIONS LIFTED

State and Federal Governments ease regulatory enforcement to expand access to telehealth.

Telehealth
Photo by Oliur on Unsplash

In response to the Covid-19 pandemic, Ohio and federal officials have recently taken two dramatic actions to greatly increase the public’s access to medical and mental healthcare via “telehealth.” This article will focus on mental healthcare providers; however, the subject actions apply equally to medical healthcare providers.

Now on to the subject actions:

Action 1: The Office for Civil Rights (“OCR”) at the Department of Health and Human Services (“HHS”) recently issued a notification that it would exercise its enforcement discretion to not impose penalties against covered entities for failing to comply with HIPAA requirements regarding the good faith provision of telehealth. Chiefly, this means that providers can use their discretion to utilize “non-public facing audio or video communication products” to provide telehealth without concern of an enforcement action for failing to comply with HIPAA security requirements. Per the notice, “non-public facing” products include Apple FaceTime, Facebook Messenger video chat, Google Hangouts video, Zoom, or Skype. Examples of public-facing products are Facebook Live, Twitch, Instagram Live, or Tik Tok. Generally, any application in which you would be “streaming” should be considered “public-facing.”

This is a significant departure from HIPAA guidelines which in general require providers to ensure confidentiality and security, most importantly encrypted transmission. However, the notice does encourage providers to seek out applications that claim to meet HIPAA security requirements and that will provide a Business Associate Agreement. Ultimately, while the OCR may not fine a provider for non-compliance, the notice does not address what the OCR will do in the event of a data breach.

Given the plethora of options available, any provider, regardless of size, should be able to provide telehealth utilizing a reasonably secure and HIPAA compliant platform.

Action 2: On March 19, 2020, Gov. DeWine signed executive order 2020-05D, declaring a public emergency requiring immediate adoption and/or amendment of administrative rules pertaining to telehealth. For example, the Ohio Dept. of Mental Health and Addiction (“ODMHA”) substantially amended the interactive videoconferencing requirements of OAC 5122-29-31, including:

1. Eliminates the requirement that videoconferencing be secure. OAC 5122-29-31(A).

2. Permits the use of telephone calls and email as “interactive videoconferencing” under the rule. See id.

3. Eliminates the requirement of a face-to-face initial appointment prior to participating in telehealth.

Similarly, the Ohio Counselor, Social Worker, Marriage & Family Therapist (“CSWMFT”) Board approved Emergency Rule 4757-5-13, which notably modified the rule in several ways, including:

1. Eliminates the requirement of a face-to-face initial appointment prior to participating in telehealth. See OAC 4757-5-13(A)(7).

2. Relaxes the requirements for informed consent.

3. Permits verbal informed consent in cases in which written informed consent cannot be obtained. See OAC 4757-5-13(A)(7).

4. Eliminates and/or modifies security and encryption requirements for telehealth in accordance with the HIPAA guidelines set forth in Action 1.

These changes are significant departures from the original version of the rules and HIPAA guidelines.

Ohio providers subject to the CSWMFT Board should note that there are strict location requirements for telehealth based on the location of the client/patient at the time services are rendered. The location of the client determines the jurisdiction for the counseling. So, if the provider and client are located in Ohio at the time of service, the telehealth is “provided” in Ohio. If the provider is in Ohio and the patient is located in Arizona at the time of service, telehealth is “provided” in Arizona. Many states have similar rules. Please also note, that providers using telehealth need to be careful to avoid accidentally practicing outside of a jurisdiction in which they are licensed.

Law related to Covid-19 is rapidly changing, which is creating a fluctuating, complex, and potentially dangerous regulatory environment. If you have any questions regarding your organization’s telehealth compliance, please contact Ickes\Holt.

ICKES \ HOLT

Categories: Cybersecurity, Data Breach, Data Security, Encryption, HIPAA, In the News, Information Security, Legislation, Mental Health Privacy, Online Privacy, Privacy, Technology Tags: coronavirus, Covid-19, DeWine, hipaa, mental healthcare, telehealth, zoom

Reader Interactions

Leave a Comment Cancel

Primary Sidebar

Articles & News

Dec 10

Co-Parenting through Covid

Apr 09

TELEHEALTH RESTRICTIONS LIFTED

Mar 24

Guidance from HHS to First Responders Related to COVID-19

Categories

Our Reviews

Marshall Easley
Marshall Easley

5 out of 5 stars

posted 2 weeks ago

2 thumbs up. 2 of the best attorneys you could have. Both Jim and Joel are personable, professional and respond in a timely manner. Have been using them for about 10 years now. Would recommend them.

Morgan Jiang
Morgan Jiang

5 out of 5 stars

posted 1 month ago

By far one of the most down to earth attorneys I have ever worked with. Joel is not only personable but also professional and responsible. All communications are done in a timely manner. Would recommend!

Laura Snyder
Laura Snyder

5 out of 5 stars

posted 1 month ago

This law firm is the best in the business! Joel was very detailed and attentive to our needs. I wouldn't hesitate to use their services in the future 😁

Read All 53 Reviews

Footer

Let’s Talk

Recent News

REGARDING PRIVACY OHIO SETS A HIGH BAR FOR MEDICAL MARIJUANA

Over the last few years, agencies such as the Federal Trade Commission have fostered a movement to encourage industry to implement the concept of privacy-by-design.  The idea behind privacy-by-design ... Read More

NFL and Players May Join Forces on Medical Marijuana

The National Football League generated $13 billion in revenue in 2016.[i]  The next closest professional sports league was Major League Baseball at $9.5 billion.  In comparison, the Premier League and ... Read More

Social Media

FacebookLinkedin

4301 Darrow Road, Suite 1100 | Stow, OH 44224
(330) 673-9500 p

© 2021 Ickes Holt | a full-service law firm