In Focus Resource Center > Insights

Handling Protected Health Information With Care: Staying Compliant in the Age of Telehealth

Healthcare providers who are using telehealth in cases of good faith can now deliver care from anywhere, thanks to the COVID-19 Health and Human Services (HHS) Office for Civil Rights (OCR) waiver of potential HIPAA penalties. However, organizations handling protected health information (PHI) must still remain vigilant. The urgency to manage COVID-19 has created an environment where organizations are moving very quickly, making it very challenging for their personnel who are handling PHI on a daily basis to remain compliant.

Many organizations are not aware of HIPAA’s far-reaching regulatory arm. Any organization that manages, transmits, or comes in contact with PHI is subject to its rules. As this data is shared, it is at risk of being saved in unsecure locations, such as instant messaging during video conferencing, cloud drives, or even in clipboards.

Small to mid-size companies who have been collecting PHI with the best intentions have been caught off guard and are at risk of HIPAA violations. Ensuring compliance always begins with the data, so it is critical that your clients understand the scope of risk, as it pertains to where all their PHI data is located and who has access to it.

Whether it be assisting with data discovery, data mapping, or providing HIPAA consulting services, our compliance team is ready to help. For more information, please reach out to reach out to Suzanne Miller at or Kevin Ricci at

Our specialists are here to help.

Get in touch with a specialist in your industry today. 

* Required

* I understand and agree to Citrin Cooperman’s Privacy Notice, which governs how Citrin Cooperman collects, uses, and shares my personal information. This includes my right to unsubscribe from marketing emails and further manage my Privacy Choices at any time. If you are a California Resident, please refer to our California Notice at Collection. If you have questions regarding our use of your personal data/information, please send an e-mail to