Getty Images

California Extends HIPAA Telehealth Waiver to End of PHE

California Governor Gavin Newsom has extended an emergency order enacted in 2020 that protects physicians from HIPAA penalties should they accidentally expose patient data during the good faith provision of telehealth.

California Governor Gavin Newsom has extended an Executive Order enabling physicians to conduct routine and non-emergency telehealth services without risk of being penalized for the inadvertent release of patient data.

Executive Order N-16-21 continues an order put in place in April of 2020, during the height of the pandemic, which gave providers a certain amount of immunity from HIPAA violations “during the good faith provision of telehealth.” It was designed to help providers expand their telehealth services to reduce in-person care and help patients access care with reduced risk of COVID-19 infection.

The original order was set to expire on September 30; the new order keeps these measures in place through the end of the public health emergency.

It also aligns with federal efforts to encourage telehealth use during the pandemic. The Health and Human Services Department’s Office of Civil Rights (OCR) has issued a Notice of Enforcement Discretion, which remains in place until the end of the PHE, that indicates it won’t enforce HIPAA penalties on providers as long as any lapses occur during the good faith provision of telehealth.

Newsom’s order this week did allow one specific section of the original emergency order to lapse.

The governor had waived a requirement that providers obtain verbal or written consent for the use of telehealth before it’s used. As of the beginning of October, California providers will once again need to obtain patient consent, either written or verbally.

Nearly every state modified its telehealth guidelines during the pandemic to boost coverage and access – as did the federal government. Since then, states have let those measures expire, extended them until the end of the federal PHE or to another date, or amended their rules to make those measures permanent.

Next Steps

Dig Deeper on Telehealth policy and regulation

xtelligent Health IT and EHR
xtelligent Healthtech Security
xtelligent Rev Cycle Management
xtelligent Healthcare Payers
Close