Skip to content

Do HIPAA Rules Apply to Telehealth Communications?

Telehealth is a term covering patient appointments and medical practitioner consultations utilizing phone or computer based teleconferencing methods, as well as other technological means of sharing or processing health information.

These practices were gaining favor before the COVID-19 crisis, and have become a valuable means of communicating with patients during this time when isolation has become necessary to insure safety. This has triggered a few changes in the HIPAA rules governing telehealth methods.

HIPAA refers to the Health Insurance Portability and Accountability  Act, passed in 1996. HIPAA rules protect the privacy of patient information.

Do HIPAA principles apply to telehealth interaction? Let’s take a look at the issue.

Telehealth and Telemedicine

What’s the difference? Telemedicine refers to the remote diagnosis and treatment of patients using technological communications. Telehealth is a broader topic that refers to all types of healthcare activities and components managed and transmitted by technological means.

HIPAA Rules and Telehealth

Any rule that applies when serving patients in person or preparing information on paper also applies to telehealth activities and sharing of information. Refer to the official HIPAA rules   for security and privacy whenever telehealth activities are conducted in any form or by any means.


HIPAA Applies to Consultations With Medical Practitioners 

When a primary provider of medical services consults with another regarding a patient, HIPAA rules must be followed by both parties when information is transferred. Patient privacy and restricted access to personal information is always of primary importance.  

Technology Management Companies Must Follow  HIPAA Rules Too

Most medical practitioners and enterprises employ companies which specialize in technology management. Such companies and each of their employees are bound by all of the HIPAA rules also. Practitioners should be certain the technology management company they employ is aware that it is imperative to thoroughly educate each of their associates regarding these rules and to verify that they are strictly followed.

In order to insure that the consulting companies abide by HIPAA rules, providers may need to enter into business associate agreements with these companies.

The Necessity of Security Risk Analysis

All entities involved with telehealth must perform a security risk analysis. The analysis must cover the potential risk and vulnerability involved when the entity creates, maintains, receives and transmits any type of ePHI (electronic protected health information). 

The analysis must define and address the risk when ePHI is transmitted by any media, including, but not limited to: hard drives, DVDs, smart cards, personal digital assistants, or portable electronic storage devices.

Technology that Helps Assure Privacy

No technology is a substitute for an organized, documented set of security practices, understood by all employees who come into contact with patient  medical information. But advanced encryption features can help companies maintain compliance by protecting privacy. These features make it unlikely that any unauthorized individual or entity will be able to  access personal information.

COVID-19 and Telehealth Guidelines

The current situation regarding COVID-19 has triggered adjustments to HIPAA telehealth guidelines, so practitioners may better serve patients while preventing the spread of the virus. In order to stay up to date on guidelines for compliance, visit  the Center for Connected Health Policy site for updates on COVID-19 telehealth policies and specific state actions.

Any means of non-public facing audio or video communication may be utilized to converse with patients during the current pandemic conditions, whether or not the contact is related to COVID-19 diagnosis or treatment. Utilizing this technique will help patients to receive the support of medical practitioners while they “shelter in place”, staying safe from the risk of contracting COVID-19 from others or spreading the disease if they are suffering themselves.  

This U.S. Department of Health and Human Services post details the current policy.

Telehealth is a valuable tool for serving patients effectively. Its expanded use will likely continue in the future.

WheelHouse IT provides specialized IT Managed Services that can help achieve business goals. We understand the complexities of healthcare IT and can offer assistance in maintaining compliance with HIPAA rules and protecting patient privacy.

Contact Us Today!


a woman in a business suit is using a laptop

Reliable Network Monitoring Support

Reliable Network Monitoring Support Ensure network security and operational efficiency with robust network monitoring. A strong monitoring system is indispensable

a man holding a computer case with many wires

How to Protect Your Electronics Against Disaster

Know how to protect your business technology and electronics against natural disasters. It’s important for companies to develop a game plan that will ensure employees are able to communicate with others before, during, as well as after a natural disaster to keep the business running.

Let's Start a Conversation

Watch the video below and find out why you should fill out this form and start a conversation today.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.