HIPAA Gives Leeway During Pandemic
If your organization is behind on compliance with regulations these days, the coronavirus pandemic has bought you some time to get things in order. As we have discussed in this blog recently, HITRUST auditors suspended onsite inspections, and numerous trade organizations are lobbying for enforcement of the California Consumer Protection Act to be delayed until the start of 2021. Considering everything the healthcare industry has been put through thus far this year, it should come as no surprise that the stringent regulations stemming from HIPAA have been at least temporarily relaxed.
But will COVID-19 eliminate the need for HIPAA altogether? That’s doubtful, but there have been some loosening of the enforcement for certain segments of the healthcare industry.
Like many federal agencies the Office for Civil Rights – the entity responsible for compliance with and enforcement of HIPAA – has issued several notices regarding enforcement of the regulation during the pandemic. OCR recognizes the need to relax some of the regulatory burdens during the pandemic, allowing providers to focus its resources on patient care versus administrative hurdles. HIPAA requirements remain in effect, but certain violations during this time will not be subject to enforcement actions.
Some of the recent notices focus on:
- Telehealth – A healthcare provider that engages in the good faith provision of telehealth will not be penalized for violations of any of the HIPAA rules, including breach of notification requirements.
- First responders – OCR issued guidance designed to help first responders and others receive protected health information (PHI) about patients infected with or exposed to COVID-19. This clarifies that covered entities may disclose minimum PHI, such as a name or other identifying information, to law enforcement, paramedics and other first responders so they can take extra precautions or use personal protective equipment.
- Business associates – OCR also announced it would not impose penalties against healthcare providers and their business associates for violations of certain provisions of the HIPAA privacy rule with regard to good-faith uses of and disclosures of PHI by business associates for public health and health oversight activities during the COVID-19 pandemic.
- COVID-19 community based testing sites – OCR also announced it would exercise enforcement discretion and will not impose penalties for violations of the HIPAA rules against covered entities or business associates in connection with good faith participation of COVID-19 community based test sites during the pandemic.
Even though regulatory agencies are pumping the brakes on enforcement during the pandemic, you shouldn’t slow down your efforts to maintain compliance with regulations. Instead, take the opportunity to bolster your regulatory compliance. Contact 2W Tech today to get started with your Cybersecurity Compliance Program and let our IT consultants do the work for you.