On April 11, 2023 – one month in advance of the end of the COVID-19 public health emergency (PHE) on May 11, 2023 – the federal Office for Civil Rights (OCR) confirmed that various Notifications of Enforcement Discretion issued under HIPAA during the PHE will expire at the end of the day on May 11, 2023.

OCR’s notice applies to four Notifications of Enforcement Discretion of HIPAA related to the following circumstances:

  1. COVID-19 Community-Based Testing Sites during the PHE (available here);
  2. Telehealth Remote Communications during the PHE (available here);
  3. Uses and Disclosures of PHI by Business Associates for Public Health and Health Oversight Activities (available here); and
  4. Online or Web-Based Scheduling Applications for Scheduling COVID-19 Vaccination Appointments (available here).

In its announcement, OCR noted that it is supporting continued utilization of telehealth services by providing a 90-day transition period for providers to “come into compliance” with HIPAA requirements applicable to the provision of telehealth, starting May 12, 2023, and ending August 9, 2023.  OCR also states in its notice that it “will provide additional guidance on telehealth remote communications to help covered health care providers come into compliance during this transition period.”  Health care providers and organizations should therefore assess their current telehealth services and programs, and also be on the lookout for additional guidance to support continued delivery of telehealth services in a compliant manner once the PHE ends.

Photo of Conor Duffy Conor Duffy

Conor Duffy is a member of Robinson+Cole’s Health Law Group and the firm’s Data Privacy + Security Team. Mr. Duffy advises hospitals, physician groups, accountable care organizations, community providers, post-acute care providers, and other health care entities on general corporate matters and health…

Conor Duffy is a member of Robinson+Cole’s Health Law Group and the firm’s Data Privacy + Security Team. Mr. Duffy advises hospitals, physician groups, accountable care organizations, community providers, post-acute care providers, and other health care entities on general corporate matters and health care issues. He provides legal counsel on a full range of transactional and regulatory health law issues, including contracting, licensure, mergers and acquisitions, the False Claims Act, the Stark Law, Medicare and Medicaid fraud and abuse laws and regulations, HIPAA compliance, state breach notification requirements, and other health care regulatory matters. Read his full rc.com bio here.