New HHS FAQs: HIPAA Audio-Only Telehealth Rules Clarified

Share: Share on Facebook Share on Twitter Share on LinkedIn

New HHS FAQs: HIPAA Audio-Only Telehealth Rules Clarified

Share: Share on Facebook Share on Twitter Share on LinkedIn
Audio-only telehealth

Making sure that your practice complies with the HIPAA Security Rule when providing audio-only telehealth can be confusing. The COVID Public Health Emergency (PHE) had telehealth rules in a constant state of flux.  Fortunately, now that things have calmed down, the government has stepped in with some answers.

On June 13, the Department of Health and Human Services (HHS) issued updated guidance on HIPAA and audio-only telehealth. The updated rules aim to clarify how you can protect patient privacy while performing telehealth services consisting of audio-only (no video).

To get a handle on how these audio-only telehealth guidelines apply to your practice, check the following three key takeaways from the HHS guidance.

1. Audio-Only Telehealth Via Landline

You may not realize it, but the HIPAA Security Rule doesn’t include guidelines related to old-fashioned land-line phone calls. This isn’t due to the type of phone used to make the call, but how the phone transmits audio.

The HIPAA Security Rule does not apply to audio-only telehealth services provided by a covered entity that is using a standard telephone line, often described as a traditional landline, because the information transmitted is not electronic,” HHS says in the document. “Accordingly, a covered entity does not need to apply the Security Rule safeguards to telehealth services that they provide using such traditional landlines (regardless of the type of telephone technology the individual uses).”

If, however, your physician is providing telehealth using a device that transmits the communications via VoIP, the internet, cellular phone, or Wi-Fi, then the HIPAA Security Rule does indeed apply. This is because these communication methods are considered “electronic” and as such fall under the electronic protected health information (ePHI) category.

Note: What is VoIP, and how do you know if you use it? VoIP stands for “Voice over Internet Protocol,” allowing you to make phone calls over an internet connection rather than using a phone line. It’s possible you’ve used a VoIP line without knowing it. For instance, Skype, WhatsApp, and Google Hangouts are examples of popular VoIP programs.

2. Patient Telehealth Responsibility

If your practice is compliant with the HIPAA Security Rule, you may still be concerned about what happens to PHI on the patient side after your phone call ends. However, the government does not consider that to be your practice’s responsibility.

Note that an individual receiving telehealth services may use any telephone system they choose and is not bound by the HIPAA Rules when doing so,” HHS says. “In addition, a covered entity is not responsible for the privacy or security of individuals’ health information once it has been received by the individual’s phone or other device.”

3. Insurer Audio-Only Telehealth Coverage

Whether payers reimburse you for audio-only telehealth services or not, your practice is still required to adhere to the HIPAA Security Rule. The government notes that you are still bound by the privacy rules even if audio-only telehealth services are non-covered by their insurers.

“Covered health care providers may offer audio-only telehealth services using remote communication technologies consistent with the requirements of the HIPAA Rules, regardless of whether any health plan covers or pays for those services,” HHS says. “Health plan coverage and payment policies for health care services delivered via telehealth are separate from questions about compliance with the HIPAA Rules and are not addressed in this document.”

It’s important to stay on top of patient privacy laws, particularly as the government continues to hammer out how the telehealth rules will look after the PHE ends. The PHE is currently set to expire on July 15, 2022, but the government has indicated that they’ll extend it again. Ensuring that your practice stays compliant with HIPAA is the best way to maintain security around patients’ protected health information.

To find out more about collecting for phone calls under the telehealth rules, check out the one-hour on-demand webinar Collect More for Phone Calls, New 2022 CMS Telehealth Rule.


Subscribe to Healthcare Practice Advisor
Get actionable advice to help improve your practice’s
reimbursement, compliance, and success in this weekly eNewsletter.
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden

[class^="wpforms-"]
[class^="wpforms-"]