Getty Images

California Relaxes the Rules for mHealth, Telehealth Video Chats

Mirroring the federal government's action on HIPAA guidelines for mHealth and telehealth, Gov. Gavin Newsom has relaxed state enforcement to help care providers who are using the technology in good faith during the Coronavirus pandemic.

California Gov. Gavin Newsom is relaxing state rules to allow healthcare providers to use telehealth and mHealth tools like Skype and FaceTime without risk of penalty.

Mirroring a waiver handed down on March 17 by the Health and Human Services Department’s Office for Civil Rights, Newsom signed an executive order on Friday that temporarily relaxes state privacy and security laws related to the use of video chats and similar connected health platforms during the Coronavirus pandemic.

(For more coronavirus updates, visit our resource page, updated twice daily by Xtelligent Healthcare Media.)

Both Newsom’s order and the OCR action are designed to allow providers to use telehealth and mHealth tools that had previously been forbidden because they don’t have the safeguards in place to protect personal health information. As long as providers are using the tools in good faith, Newsom said, they should not have to worry about the legal implications.

“This order provides flexibility to our medical and health providers so that they are able to provide continuity of health services to people across the state, and will allow providers to assess a greater number of patients while limiting the risk of exposure and infection of other persons from in-person consultations,” he said in a press release.

Among other things, Newsom’s order eliminates the requirement that a provider get verbal or written consent from a patient prior to using telehealth, and suspends penalties associated with the inadvertent, unauthorized access or disclosure of health information, as long as the care provider was acting in good faith. It also extends the time period in which a provider is required to notify the Department of Public Health of any disclosure from 15 days to 60 days.

The OCR action focused on guidelines set forth in the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which closely regulates how health information is relayed from providers to other parties. And it set specific instances in which federal regulators would use discretion in enforcing the rules.

“What this means is that healthcare providers may use Skype, FaceTime, Zoom, Doxy.me, Updox, VSee, Google G Suite Hangouts Meet, and similar technologies for real-time audio/video communications with their patients, without fear that OCR might levy a penalty,” Jeffery P. Drummond, a partner with the Jackson Walker law firm, said of the OCR order.

Newsom noted that even in an emergency, “covered entities must continue to implement reasonable safeguards to protect patient information against intentional or unintentional impermissible uses and disclosures (and) must apply the administrative, physical, and technical safeguards of the HIPAA Security Rule to electronic protected health information.”

“Under the provisions of Government Code section 8571, I find that strict compliance with various statutes, regulations, and certain local ordinances specified or referenced herein would prevent, hinder, or delay appropriate actions to prevent and mitigate the effects of the COVID-19 pandemic,” he added.

Next Steps

Dig Deeper on Digital health apps