U.S. flag

An official website of the United States government

HIPAA for telehealth technology

Find out about HIPAA rules and guidance on compliance for telehealth.

The Department of Health and Human Services Office for Civil Rights has issued a notice regarding the expiration of enforcement discretion for HIPAA flexibilities. HIPAA flexibilities will be discontinued on May 11, 2023 when the COVID-19 public health emergency ends. Covered health care providers have a 90-day transition period after this date to comply in good faith with the HIPAA Rules without penalties until August 9, 2023.

Technology considerations

HIPAA-compliant technology

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) ensures that health care providers protect patients’ personal health information. All of the telehealth services you provide need to be in compliance with HIPAA rules. Covered health care providers must use technology vendors that are HIPAA compliant and will enter into HIPAA business associate agreements in connection with the provision of their video communication products.

The U.S. Department of Health and Human Services Office for Civil Rights released guidance to help health care providers and health plans bound by HIPAA and HIPAA rules understand how they can use remote communication technologies for audio-only telehealth.