Hipaa enforcement

Full HIPAA Enforcement Will Be Reinstated on August 10


July 27, 2023 | Reading Time: 2 Minutes

Please support Telehealth.org’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker. How

The COVID-related discretionary enforcement of HIPAA for telehealth service delivery will end on August 10, 2023, according to the US Department of Health and Human Services’ Office for Civil Rights (OCR). The announcement is titled, Expiration of Notifications of Enforcement Discretion and Transition Period for Telehealth. It explains that the 90-calendar day transition period that began in April concerning telehealth will expire at 11:59 PM on August 9, 2023. The OCR oversees the enforcement of specific regulations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), including the HIPAA Privacy, Security, and Breach Notification Rules.

History of HIPAA Enforcement Discretion

During the nationwide health crisis caused by the COVID-19 pandemic, healthcare providers were informed that the OCR would operate with “discretionary enforcement” of HIPAA requirements. In some cases, clinicians were allowed to employ remote communication technologies for telehealth services, some of which did not strictly adhere to HIPAA requirements. In light of the public health emergency caused by COVID-19, the OCR thereby exercised leniency in its enforcement, refraining from imposing penalties for noncompliance with HIPAA regulations. The OCR enforcement discretion applied to all telehealth services, irrespective of whether they were directly linked to diagnosing or treating COVID-19-related health issues.

Providers were informed that they could use popular video chat applications such as Apple FaceTime, Facebook Messenger video chat, Google Hangouts video, Zoom, or Skype, but only if they explained the risks to their clients and patients. The notice also named specific platforms which were to be avoided, including Facebook Live, Twitch, and TikTok, as they were considered “public-facing.” 

For enhanced privacy protection, providers were encouraged to provide telehealth services through HIPAA-compliant technology vendors willing to establish HIPAA Business Associate Agreements (BAAs).

Upcoming HIPAA Enforcement Changes

Starting August 10, the OCR will reinstate its former levels of enforcement, marking a return to the pre-pandemic state of HIPAA regulation. With this, healthcare providers need to be fully compliant with all aspects of the HIPAA rules, including but not limited to those related to telehealth services. More specifically, the OCR has continued its quest to prosecute covered entities violating the HIPAA Right of Access Initiative, choosing to withhold records from patients and, more recently, prosecuting vendors who fail to honor their obligations under BAAs.

Essential Telehealth Law & Ethical Issues

Bring your telehealth practice into legal compliance. Get up to date on inter-jurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, the duty to report, termination, and much more!

HIPAA Compliant Cybersecurity for Professionals

Must-know information about how to protect your telehealth practice from a ransomware attack. Operate w/ EYES WIDE OPEN.

Therapist AI & ChatGPT: How to Use Legally & Ethically

Immerse yourself in our highly-engaging eLearning program and delve into the uncharted territory of Artificial Intelligence (AI) in Behavioral Healthcare!

Telehealth Law & Ethical Course Bundle

This Telehealth Legal & Ethical Course Bundle provides the most important risk management and telehealth compliance training available anywhere to help meed telehealth, regardless of the size of your telehealth services.

Telepractice: Telehealth Law & Ethics Implementation Workshop

Comply with federal, state, national accreditation and association requirements for telehealth documentation.

Disclaimer: Telehealth.org offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. Some of Telehealth.org’s blog content is generated with the assistance of ChatGPT. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to Telehealth.org Privacy Policy and Terms and Conditions.

Please share your thoughts in the comment box below.

Notify of
Inline Feedbacks
View all comments

Register for Free

Receive Any of Our 57 FREE Newsletters!


Most Popular Blog Topics

You May Also Like…