From the Document: "In recent years, health care providers have increasingly turned to technology to provide remote health care services to patients ('i.e.', 'telehealth'). This use of telehealth has only become more important in the midst of the coronavirus disease 2019 (COVID-19) pandemic, as it has allowed providers and patients to minimize their contact with one another. However, the use of technology to transmit information carries privacy risks. Federal law thus limits the extent to which health care providers may use technology to transmit medical information. In particular, the Health Insurance Portability and Accountability Act (HIPAA) requires covered entities--namely, health care providers, health plans, and health clearinghouses--to abide by data privacy, data security, and data breach notification requirements in their treatment of certain medical information. While HIPAA's restrictions mitigate privacy and security concerns, they also limit health care providers' ability to offer telehealth services. Given the increased need for telehealth options due to COVID-19, the Department of Health and Human Services (HHS) has announced that it will not enforce HIPAA's requirements against health care providers who are engaged in the good-faith provision of telehealth services during the COVID-19 emergency, regardless of whether those service are related to COVID-19."
CRS Legal Sidebar, LSB10490
Congressional Research Service: https://crsreports.congress.gov/