HIPAA Telehealth Flexibility Ended August 10th




On March 17, 2020, the Office of Civil Rights (the enforcement arm of HIPAA for the federal government) issued a Notice that it would not take enforcement action against HIPAA covered entities who provided care via telehealth under certain conditions. If the covered entity was, in good faith, providing telehealth services via a non-public facing mechanism, it could avoid an enforcement action even if it did not have a business associate agreement with that third-party platform. In essence, so long as the provider was not streaming a session over Facebook Live or some similar public platform, the provider would not face fines from the federal government.

This Notice ended on August 9, 2023. Providers who are HIPAA covered entities must resume providing telehealth services using HIPAA-compliant platforms. To be in compliance, covered entities must provide telehealth services via a platform with which they have a business associate agreement.

A business associate agreement is required anytime a third-party will have access to protected health information on behalf of a covered entity – whether a third-party biller, your attorney, or a videoconferencing platform. Covered providers using telecommunications platforms such as Apple’s FaceTime or regular Zoom without a business associate agreement should take this time to prepare to switch to a HIPAA-compliant platform. Check out CAMFT’s Telehealth Corner for additional resources on Telehealth.


Return to Newsletter