Compliance Briefing — March 27, 2020

The U.S. CARES Act became law, expanding telehealth reimbursement, establishing relief funds, and creating new data reporting and privacy considerations for covered entities and financial institutions.

Zeph Tech Research Lead

Research lead, Zeph Tech

1 publication timestamps supporting this briefing. Source data (JSON)

Executive briefing: The Coronavirus Aid, Relief, and Economic Security (CARES) Act was signed into law on 27 March 2020. The 880-page statute expands telehealth reimbursement and HIPAA flexibilities, creates relief funding programs, and directs new reporting and oversight mechanisms for healthcare providers, small businesses, and financial institutions.

Why it matters: Covered entities and lenders must adjust compliance processes to meet CARES Act conditions, including data reporting for relief programs, audit readiness for stimulus funds, and privacy safeguards for expanded telehealth usage.

Update telehealth workflows: Align billing and consent processes with expanded Medicare telehealth coverage while maintaining HIPAA safeguards for remote care.
Track relief fund conditions: Document eligibility and reporting requirements for Provider Relief Fund and Small Business Administration programs, including data retention for audits.
Strengthen privacy controls: Ensure remote care tools and financial servicing platforms apply least-privilege access and encryption for increased sensitive data handling.
Monitor agency guidance: Follow HHS, SBA, and Treasury guidance as they clarify program rules and enforcement expectations.

Timeline plotting source publication cadence sized by credibility. — 1 publication timestamps supporting this briefing. Source data (JSON)

Horizontal bar chart of credibility scores per cited source. — Credibility scores for every source cited in this briefing. Source data (JSON)

Visit pillar hub

Latest guides

Third-Party Risk Oversight Playbook — Zeph Tech
Operationalize OCC, Federal Reserve, EBA, and MAS outsourcing expectations with lifecycle controls, continuous monitoring, and board reporting.
Compliance Operations Control Room — Zeph Tech
Implement cross-border compliance operations that satisfy Sarbanes-Oxley, DOJ guidance, EU DORA, and MAS TRM requirements with verifiable evidence flows.
SOX Modernization Control Playbook — Zeph Tech
Modernize Sarbanes-Oxley (SOX) compliance by aligning PCAOB AS 2201, SEC management guidance, and COSO 2013 controls with data-driven testing, automation, and board reporting.

Related briefings

Compliance Briefing — HHS OCR eases HIPAA enforcement for telehealth

HHS issues limited HIPAA waiver during COVID-19 emergency

EDPB outlines GDPR rules for COVID-19 data processing

PCI SSC permits remote assessments during COVID-19 disruptions

Compliance Briefing — FinCEN outlines BSA expectations during COVID-19 disruptions

Continue in the Compliance pillar

Latest guides