Sustainable Telehealth: Security Risk Analysis
Whether you are a solo practice or a large hospital system, the requirement to protect electronic health information is mandated. HIPAA regulations tell us that “all e-PHI created, received, maintained or transmitted by an organization is subject to the Security Rule”. Due to the COVID-19 pandemic the Department of Health and Human Services (HHS) issued a Notification of Enforcement Discretion effective March 17, 2020 and remains in effect “until the Secretary of HHS declares that the public health emergency no longer exists, or upon the expiration date of the declared health emergency, including any extensions, whichever occurs first.”
The Notification of Enforcement Discretion by HHS states it will: “exercise its enforcement discretion and will not impose penalties for noncompliance with...