.06 Confidentiality.

The provider:

A. Shall comply with all State and federal laws and regulations concerning the privacy and security of protected health information, including but not limited to:

(1) Health-General Article, Title 4, Subtitle 3, Annotated Code of Maryland; and

(2) The Health Insurance Portability and Accountability Act of 1996 (HIPAA), 42 U.S.C. §§1320d et seq., as amended, the HITECH Act, 42 U.S.C. §§17932, et seq., as amended, and 45 CFR Parts 160 and 164, as amended;

B. Shall ensure that all interactive video technology-assisted and audio-only communication comply with HIPAA patient privacy and security regulations throughout the transmission process;

C. Shall occupy a space or area that meets the minimum standards for privacy expected for a patient-provider interaction;

D. May not disseminate any participant images or information to other entities without the participant's consent, unless there is an emergency that prevents obtaining consent; and

E. May not store the video images or audio portion of the service delivered via telehealth for future use.​