On Oct. 18, 2023, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued two resources for health care providers and patients regarding the potential risks of using telehealth services. Although HIPAA does not require regulated entities to educate patients about these risks, OCR published these guidance documents to assist providers that wish to voluntarily inform patients of potential privacy and security exposures stemming from the use of telehealth tools.
Telehealth Privacy and Security Risk Mitigation: Office for Civil Rights Provides Guidance to Providers, Patients
