On June 13, 2022, HHS issued a new Guidance with respect to Audio-only Telehealth.

The Guidance describes how healthcare providers can ensure compliance with HIPAA when providing audio-only Telehealth services after the expiration of COVID-19 era policies.  A brief summary is below:

Safeguards.  When providing audio-only telehealth service, reasonable safeguards need to be applied by Covered Entities.

Verification.  Covered entities are required to verify the identity of the patient when providing audio-only telehealth services.

BAA May Apply.  A Business Associate Agreement may be required, and the HIPAA Security Rule may apply depending on the technology used to provide audio-health services.

Risk Analysis.  A risk analysis and management process must be developed by Covered Entities which is posed by the technology that implicates the Security Rule.

The most practical implication for Physician offices is the second bullet point — that covered entities are still required to verify the identity of the patient.