Notification of Enforcement Discretion for Telehealth Remote Communications During the COVID-19 Nationwide Public Health Emergency, 22024-22025 [2020-08416]
Download as PDF
<![CDATA[
22024
Federal Register / Vol. 85, No. 77 / Tuesday, April 21, 2020 / Rules and Regulations
lotter on DSKBCFDHB2PROD with RULES
(7) Shipments to Overseas U.S.
Military Addresses, Foreign Service
Posts (e.g., Diplomatic Post Offices), and
Embassies. The Administrator believes
the intent of the Presidential
Memorandum is to protect Americans
by ensuring their access to covered
materials. The Administrator believes
this extends to all Americans, including
those serving our country overseas. For
this reason, the Administrator believes
that it is necessary and appropriate to
promote the national defense to allow
shipments of covered materials to be
shipped overseas to U.S. government
employees working abroad.
(8) In-Transit Merchandise:
Shipments in Transit through the
United States with a Foreign Shipper
and Consignee, Including Shipments
Temporarily Entered into a Warehouse
or Temporarily Admitted to a Foreign
Trade Zone. The April 3 Presidential
Memorandum states that ‘‘To ensure
that these scarce or threatened PPE
materials remain in the United States
for use in responding to the spread of
COVID–19, it is the policy of the United
States to prevent domestic brokers,
distributors, and other intermediaries
from diverting such material overseas’’
(emphasis added).12 The Administrator
believes that merchandise merely
passing through the United States is
outside the scope of the Presidential
Memorandum. In addition, the
Administrator believes that diversion of
these specific types of materials would
cause significant impacts to
international relations, diplomacy, and
global supply chains, each of which is
a factor that is specifically identified in
the allocation order as being necessary
and appropriate to promote the national
defense. Therefore, the Administrator is
explicitly exempting these shipments
from the enforcement of the allocation
order.
FEMA will require a letter of
attestation to be submitted to FEMA via
CBP’s document imaging system and
placed on file with CBP, certifying to
FEMA the purpose of the shipment of
covered materials.
(9) Shipments for Which the Final
Destination is Canada or Mexico. The
Administrator recognizes the important
role our closest neighbors play in the
national defense interests of the United
States. The integration of the economies
12 See Memorandum on Allocating Certain Scarce
or Threatened Health and Medical Resources to
Domestic Use for the Secretary of Health and
Human Services, the Secretary of Homeland
Security, and the Administrator of the Federal
Emergency Management Agency, sec. 1 (Apr. 3,
2020), https://www.whitehouse.gov/presidentialactions/memorandum-allocating-certain-scarcethreatened-health-medical-resources-domestic-use/.
VerDate Sep<11>2014
15:57 Apr 20, 2020
Jkt 250001
and supply chains among the United
States, Mexico, and Canada is robust.
Many critical sectors—including, for
example, food and agriculture;
communications and energy;
automotive and industrial; water and
wastewater management; and law
enforcement and first responders—cross
national boundaries. Negative impacts
to workers, including a lack of PPE, in
these and other critical sectors in
Canada and Mexico may cause
significant interruptions to the
corresponding supply chains in the
United States, and in turn, may disrupt
the large flow of cross-border trade with
our neighbors. In addition, the United
States maintains close economic and
diplomatic ties with these nations,
which would be negatively impacted by
the restriction of exports of covered
materials into these countries. In the
allocation order, the Administrator
specifically identified minimization of
disruption to the supply chain, both
domestically and abroad, and
international relations and diplomatic
considerations as key elements of
promoting the national defense. Each
would be negatively impacted by
slowing or halting the transportation of
covered materials across country lines
to Canada and Mexico. For these
reasons, the Administrator has
determined that this exemption is
necessary and appropriate to promote
the national defense.
FEMA will require a letter of
attestation stating that the items being
shipped are for use in and not for
transshipment through Canada or
Mexico, to be submitted to FEMA via
CBP’s document imaging system and
placed on file with CBP, certifying to
FEMA the purpose of the shipment of
covered materials.
(10) Shipments by or on behalf of the
U.S. Federal Government, including its
Military. The Administrator recognizes
that any shipment of covered materials
made by or on behalf of the Federal
Government, including its military, are
inherently necessary and appropriate to
promote the national defense, and so
should be exported without delay.
Peter T. Gaynor,
Administrator, Federal Emergency
Management Agency.
[FR Doc. 2020–08542 Filed 4–17–20; 4:15 pm]
BILLING CODE 9111–19–P
PO 00000
Frm 00016
Fmt 4700
Sfmt 4700
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
45 CFR Parts 160 and 164
Notification of Enforcement Discretion
for Telehealth Remote
Communications During the COVID–19
Nationwide Public Health Emergency
Office of the Secretary, HHS.
Notification of enforcement
discretion.
AGENCY:
ACTION:
This notification is to inform
the public that the Department of Health
and Human Services (HHS) is exercising
its discretion in how it applies the
Privacy, Security, and Breach
Notification Rules under the Health
Insurance Portability and
Accountability Act of 1996 (HIPAA). As
a matter of enforcement discretion, the
HHS Office for Civil Rights (OCR) will
not impose penalties for noncompliance
with the regulatory requirements under
the HIPAA rules against covered health
care providers in connection with the
good faith provision of telehealth during
the COVID–19 nationwide public health
emergency.
DATES: The Notification of Enforcement
Discretion went into effect on March 17,
2020, and will remain in effect until the
Secretary of HHS declares that the
public health emergency no longer
exists, or upon the expiration date of the
declared public health emergency,
including any extensions, (as
determined by 42 U.S.C. 247d),1
whichever occurs first.
FOR FURTHER INFORMATION CONTACT:
Rachel Seeger at (202) 619–0403 or (800)
537–7697 (TDD).
SUPPLEMENTARY INFORMATION:
SUMMARY:
I. Background
The Office for Civil Rights (OCR) at
the Department of Health and Human
Services (HHS) is responsible for
enforcing certain regulations issued
under the Health Insurance Portability
and Accountability Act of 1996
(HIPAA),2 as amended by the Health
1 Public Health Emergency Declaration issued by
HHS Secretary, pursuant to Section 319 of the
Public Health Service Act, on January 31, 2020,
with retroactive effective date of January 27, 2020.
For more information, see https://www.phe.gov/
emergency/news/healthactions/phe/Pages/2019nCoV.aspx.
2 Due to the public health emergency posed by
COVID–19, the HHS Office for Civil Rights (OCR)
is exercising its enforcement discretion under the
conditions outlined herein. We believe that this
guidance is a statement of agency policy not subject
to the notice and comment requirements of the
Administrative Procedure Act (APA). 5 U.S.C.
553(b)(3)(A). OCR additionally finds that, even if
this guidance were subject to the public
participation provisions of the APA, prior notice
E:\FR\FM\21APR1.SGM
21APR1
lotter on DSKBCFDHB2PROD with RULES
Federal Register / Vol. 85, No. 77 / Tuesday, April 21, 2020 / Rules and Regulations
Information Technology for Economic
and Clinical Health (HITECH) Act, to
protect the privacy and security of
protected health information, namely
the HIPAA Privacy, Security and Breach
Notification Rules (the HIPAA Rules).
During the COVID–19 national
emergency, which also constitutes a
nationwide public health emergency,
covered health care providers subject to
the HIPAA Rules may seek to
communicate with patients, and provide
telehealth services, through remote
communications technologies.
Some of these technologies, and the
manner in which they are used by
HIPAA covered health care providers,
may not fully comply with the
requirements of the HIPAA Rules. OCR
will exercise its enforcement discretion
and will not impose penalties for
noncompliance with the regulatory
requirements under the HIPAA Rules
against covered health care providers in
connection with the good faith
provision of telehealth during the
COVID–19 nationwide public health
emergency.
A covered health care provider that
wants to use audio or video
communication technology to provide
telehealth to patients during the
COVID–19 nationwide public health
emergency can use any non-public
facing remote communication product
that is available to communicate with
patients. OCR is exercising its
enforcement discretion to not impose
penalties for noncompliance with the
HIPAA Rules in connection with the
good faith provision of telehealth using
such non-public facing audio or video
communication products during the
COVID–19 nationwide public health
emergency. This exercise of discretion
applies to telehealth provided for any
reason, regardless of whether the
telehealth service is related to the
diagnosis and treatment of health
conditions related to COVID–19.
For example, a covered health care
provider in the exercise of their
professional judgement may request to
examine a patient exhibiting COVID–19
symptoms, using a video chat
application connecting the provider’s or
patient’s phone or desktop computer in
order to assess a greater number of
patients while limiting the risk of
infection of other persons who would be
exposed from an in-person consultation.
Likewise, a covered health care provider
may provide similar telehealth services
in the exercise of their professional
and comment for this guidance is impracticable,
and there is good cause to issue this guidance
without prior public comment and without a
delayed effective date. 5 U.S.C. 553(b)(3)(B) & (d)(3).
VerDate Sep<11>2014
15:57 Apr 20, 2020
Jkt 250001
judgment to assess or treat any other
medical condition, even if not related to
COVID–19, such as a sprained ankle,
dental consultation or psychological
evaluation, or other conditions.
Under this Notification, covered
health care providers may use popular
applications that allow for video chats,
including Apple FaceTime, Facebook
Messenger video chat, Google Hangouts
video, Zoom, or Skype, to provide
telehealth without risk that OCR might
seek to impose a penalty for
noncompliance with the HIPAA Rules
related to the good faith provision of
telehealth during the COVID–19
nationwide public health emergency.
Providers are encouraged to notify
patients that these third-party
applications potentially introduce
privacy risks, and providers should
enable all available encryption and
privacy modes when using such
applications.
Under this notification, however,
Facebook Live, Twitch, TikTok, and
similar video communication
applications are public facing, and
should not be used in the provision of
telehealth by covered health care
providers.
Covered health care providers that
seek additional privacy protections for
telehealth while using video
communication products should
provide such services through
technology vendors that are HIPAA
compliant and will enter into HIPAA
business associate agreements (BAAs) in
connection with the provision of their
video communication products. The list
below includes some vendors that
represent that they provide HIPAAcompliant video communication
products and that they will enter into a
HIPAA BAA.
• Skype for Business I Microsoft
Teams
• Updox
• VSee
• Zoom for Healthcare
• Doxy.me
• Google G Suite Hangouts Meet
• Cisco Webex Meetings I Webex
Teams
• Amazon Chime
• GoToMeeting
• Spruce Health Care Messenger
OCR has not reviewed the BAAs
offered by these vendors, and this list
does not constitute an endorsement,
certification, or recommendation of
specific technology, software,
applications, or products. There may be
other technology vendors that offer
HIPAA-compliant video communication
products that will enter into a HIPAA
BAA with a covered entity. Further,
OCR does not endorse any of the
PO 00000
Frm 00017
Fmt 4700
Sfmt 4700
22025
applications that allow for video chats
listed above.
Under this noticfication, however,
OCR will not impose penalties against
covered health care providers for the
lack of a BAA with video
communication vendors or any other
noncompliance with the HIPAA Rules
that relates to the good faith provision
of telehealth services during the
COVID–19 nationwide public health
emergency.
III. Collection of Information
Requirements
This notice of enforcement discretion
creates no legal obligations and no legal
rights. Because this notice imposes no
information collection requirements, it
need not be reviewed by the Office of
Management and Budget under the
Paperwork Reduction Act of 1995 (44
U.S.C. 3501 et seq.).
Dated: April 2, 2020.
Roger T. Severino,
Director, Office for Civil Rights Department
of Health and Human Services.
[FR Doc. 2020–08416 Filed 4–20–20; 8:45 am]
BILLING CODE 4153–01–P
NATIONAL FOUNDATION ON THE
ARTS AND HUMANITIES
National Endowment for the
Humanities
45 CFR Part 1168
RIN 3136–AA39
Implementing the Federal Civil
Penalties Adjustment Act
Improvements Act of 2015
National Endowment for the
Humanities; National Foundation on the
Arts and the Humanities.
ACTION: Interim final rule; request for
comments.
AGENCY:
The National Endowment for
the Humanities (NEH) is adjusting the
civil monetary penalties it imposes for
violations of NEH’s New Restrictions on
Lobbying regulation, pursuant to the
Federal Civil Penalties Inflation
Adjustment Act Improvements Act of
2015 (the 2015 Act). The 2015 Act,
which amended the Federal Civil
Penalties Inflation Adjustment Act of
1990 (the Inflation Adjustment Act),
requires such adjustments to improve
the effectiveness of civil monetary
penalties and to maintain their deterrent
effect.
DATES: Effective date: This interim final
rule is effective on April 21, 2020.
Comments must be submitted on or
SUMMARY:
E:\FR\FM\21APR1.SGM
21APR1
]]>Agencies
[Federal Register Volume 85, Number 77 (Tuesday, April 21, 2020)]
[Rules and Regulations]
[Pages 22024-22025]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-08416]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
45 CFR Parts 160 and 164
Notification of Enforcement Discretion for Telehealth Remote
Communications During the COVID-19 Nationwide Public Health Emergency
AGENCY: Office of the Secretary, HHS.
ACTION: Notification of enforcement discretion.
-----------------------------------------------------------------------
SUMMARY: This notification is to inform the public that the Department
of Health and Human Services (HHS) is exercising its discretion in how
it applies the Privacy, Security, and Breach Notification Rules under
the Health Insurance Portability and Accountability Act of 1996
(HIPAA). As a matter of enforcement discretion, the HHS Office for
Civil Rights (OCR) will not impose penalties for noncompliance with the
regulatory requirements under the HIPAA rules against covered health
care providers in connection with the good faith provision of
telehealth during the COVID-19 nationwide public health emergency.
DATES: The Notification of Enforcement Discretion went into effect on
March 17, 2020, and will remain in effect until the Secretary of HHS
declares that the public health emergency no longer exists, or upon the
expiration date of the declared public health emergency, including any
extensions, (as determined by 42 U.S.C. 247d),\1\ whichever occurs
first.
---------------------------------------------------------------------------
\1\ Public Health Emergency Declaration issued by HHS Secretary,
pursuant to Section 319 of the Public Health Service Act, on January
31, 2020, with retroactive effective date of January 27, 2020. For
more information, see https://www.phe.gov/emergency/news/healthactions/phe/Pages/2019-nCoV.aspx.
FOR FURTHER INFORMATION CONTACT: Rachel Seeger at (202) 619-0403 or
---------------------------------------------------------------------------
(800) 537-7697 (TDD).
SUPPLEMENTARY INFORMATION:
I. Background
The Office for Civil Rights (OCR) at the Department of Health and
Human Services (HHS) is responsible for enforcing certain regulations
issued under the Health Insurance Portability and Accountability Act of
1996 (HIPAA),\2\ as amended by the Health
[[Page 22025]]
Information Technology for Economic and Clinical Health (HITECH) Act,
to protect the privacy and security of protected health information,
namely the HIPAA Privacy, Security and Breach Notification Rules (the
HIPAA Rules).
---------------------------------------------------------------------------
\2\ Due to the public health emergency posed by COVID-19, the
HHS Office for Civil Rights (OCR) is exercising its enforcement
discretion under the conditions outlined herein. We believe that
this guidance is a statement of agency policy not subject to the
notice and comment requirements of the Administrative Procedure Act
(APA). 5 U.S.C. 553(b)(3)(A). OCR additionally finds that, even if
this guidance were subject to the public participation provisions of
the APA, prior notice and comment for this guidance is
impracticable, and there is good cause to issue this guidance
without prior public comment and without a delayed effective date. 5
U.S.C. 553(b)(3)(B) & (d)(3).
---------------------------------------------------------------------------
During the COVID-19 national emergency, which also constitutes a
nationwide public health emergency, covered health care providers
subject to the HIPAA Rules may seek to communicate with patients, and
provide telehealth services, through remote communications
technologies.
Some of these technologies, and the manner in which they are used
by HIPAA covered health care providers, may not fully comply with the
requirements of the HIPAA Rules. OCR will exercise its enforcement
discretion and will not impose penalties for noncompliance with the
regulatory requirements under the HIPAA Rules against covered health
care providers in connection with the good faith provision of
telehealth during the COVID-19 nationwide public health emergency.
A covered health care provider that wants to use audio or video
communication technology to provide telehealth to patients during the
COVID-19 nationwide public health emergency can use any non-public
facing remote communication product that is available to communicate
with patients. OCR is exercising its enforcement discretion to not
impose penalties for noncompliance with the HIPAA Rules in connection
with the good faith provision of telehealth using such non-public
facing audio or video communication products during the COVID-19
nationwide public health emergency. This exercise of discretion applies
to telehealth provided for any reason, regardless of whether the
telehealth service is related to the diagnosis and treatment of health
conditions related to COVID-19.
For example, a covered health care provider in the exercise of
their professional judgement may request to examine a patient
exhibiting COVID-19 symptoms, using a video chat application connecting
the provider's or patient's phone or desktop computer in order to
assess a greater number of patients while limiting the risk of
infection of other persons who would be exposed from an in-person
consultation. Likewise, a covered health care provider may provide
similar telehealth services in the exercise of their professional
judgment to assess or treat any other medical condition, even if not
related to COVID-19, such as a sprained ankle, dental consultation or
psychological evaluation, or other conditions.
Under this Notification, covered health care providers may use
popular applications that allow for video chats, including Apple
FaceTime, Facebook Messenger video chat, Google Hangouts video, Zoom,
or Skype, to provide telehealth without risk that OCR might seek to
impose a penalty for noncompliance with the HIPAA Rules related to the
good faith provision of telehealth during the COVID-19 nationwide
public health emergency. Providers are encouraged to notify patients
that these third-party applications potentially introduce privacy
risks, and providers should enable all available encryption and privacy
modes when using such applications.
Under this notification, however, Facebook Live, Twitch, TikTok,
and similar video communication applications are public facing, and
should not be used in the provision of telehealth by covered health
care providers.
Covered health care providers that seek additional privacy
protections for telehealth while using video communication products
should provide such services through technology vendors that are HIPAA
compliant and will enter into HIPAA business associate agreements
(BAAs) in connection with the provision of their video communication
products. The list below includes some vendors that represent that they
provide HIPAA-compliant video communication products and that they will
enter into a HIPAA BAA.
Skype for Business I Microsoft Teams
Updox
VSee
Zoom for Healthcare
Doxy.me
Google G Suite Hangouts Meet
Cisco Webex Meetings I Webex Teams
Amazon Chime
GoToMeeting
Spruce Health Care Messenger
OCR has not reviewed the BAAs offered by these vendors, and this
list does not constitute an endorsement, certification, or
recommendation of specific technology, software, applications, or
products. There may be other technology vendors that offer HIPAA-
compliant video communication products that will enter into a HIPAA BAA
with a covered entity. Further, OCR does not endorse any of the
applications that allow for video chats listed above.
Under this noticfication, however, OCR will not impose penalties
against covered health care providers for the lack of a BAA with video
communication vendors or any other noncompliance with the HIPAA Rules
that relates to the good faith provision of telehealth services during
the COVID-19 nationwide public health emergency.
III. Collection of Information Requirements
This notice of enforcement discretion creates no legal obligations
and no legal rights. Because this notice imposes no information
collection requirements, it need not be reviewed by the Office of
Management and Budget under the Paperwork Reduction Act of 1995 (44
U.S.C. 3501 et seq.).
Dated: April 2, 2020.
Roger T. Severino,
Director, Office for Civil Rights Department of Health and Human
Services.
[FR Doc. 2020-08416 Filed 4-20-20; 8:45 am]
BILLING CODE 4153-01-P
