On March 10, 2021, CMS announced guidance on expanding indoor visitation in nursing homes, in response to significant reductions in COVID-19 infections and transmission resulting from ongoing infection control practices and high vaccination rates in the nursing home population following the authorization of COVID-19 vaccines by the U.S. Food and Drug Administration ("FDA") authorization of COVID-19 vaccines for emergency use. Visitation can be conducted through various means based on a facility's structure and residents' needs, including in resident rooms, visitation spaces, and outdoors. Given the ongoing risk of COVID-19 transmission, CMS continues to recommend facilities, residents, and families adhere to the core principles of COVID-19 infection control, including maintaining physical distancing and conducting visits outdoors whenever possible.
On March 8, 2021, the Centers for Disease Control and Prevention ("CDC") issued interim public health recommendations for fully vaccinated people in non-healthcare settings. For purposes of the CDC recommendations, people are considered fully vaccinated for COVID-19 ≥2 weeks after they have received the second dose in a 2-dose series (Pfizer-BioNTech or Moderna), or ≥2 weeks after they have received a single-dose vaccine (Johnson and Johnson (J&J)/Janssen).
The CDC recommends that fully vaccinated people can:
- Visit with other fully vaccinated people indoors without wearing masks or physical distancing
- Visit with unvaccinated people from a single household who are at low risk for severe COVID-19 disease indoors without wearing masks or physical distancing
- Refrain from quarantine and testing following a known exposure if asymptomatic
For now, the CDC recommends fully vaccinated people should continue to:
- Take precautions in public like wearing a well-fitted mask and physical distancing
- Wear masks, practice physical distancing, and adhere to other prevention measures when visiting with unvaccinated people who are at increased risk for severe COVID-19 disease or who have an unvaccinated household member who is at increased risk for severe COVID-19 disease
- Wear masks, maintain physical distance, and practice other prevention measures when visiting with unvaccinated people from multiple households
- Avoid medium- and large-sized in-person gatherings
- Get tested if experiencing COVID-19 symptoms
- Follow guidance issued by individual employers
- Follow CDC and health department travel requirements and recommendations
More information regarding the CDC's public health recommendations can be found here.
OCR Settles Fifteenth and Sixteenth Investigation in HIPAA Right of Access Initiative
As reported in prior E-Notes, the Office for Civil Rights ("OCR") began its Right of Access Initiative in 2019 and has settled numerous complaints against providers as part of this initiative. On February 10 and February 12, 2021, respectively, OCR announced the settlement of the Fifteenth and Sixteenth settlements. These settlements serve as a reminder of the importance of responding to requests for records.
Renown Health, P.C., a private, not-for-profit health system in Nevada, has agreed to take corrective actions and pay $75,000 to settle a potential violation of the HIPAA Privacy Rule's right of access standard. In February 2019, OCR received a complaint alleging that Renown Health failed to timely respond to a patient's request that an electronic copy of her protected health information, including billing records, be sent to a third party. OCR's investigation determined that Renown Health's failure to provide timely access to the requested records was a potential violation of the HIPAA right of access standard. As a result of OCR's investigation, Renown Health provided access to all of the requested records.
Sharp HealthCare, doing business as Sharp Rees-Stealy Medical Centers ("SRMC"), has agreed to take corrective actions and pay $70,000 to settle a potential violation of the HIPAA Privacy Rule's right of access standard. SRMC is located in California and provides health care through four acute-care hospitals, three specialty hospitals, three affiliated medical groups, and a health plan. In June of 2019, a complaint was filed with OCR alleging that SRMC failed to take timely action in response to a patient's records access request directing that an electronic copy of protected health information in an electronic health record be sent to a third party. OCR provided SRMC with technical assistance on the HIPAA Right of Access requirements. In August 2019, OCR received a second complaint alleging that SRMC still had not responded to the patient's records access request. OCR initiated an investigation and determined that SRMC's failure to provide timely access to the requested medical records was a potential violation of the HIPAA right of access standard. As a result of OCR's investigation, SRMC provided access to the requested records.
OCR Announces Notification of Enforcement Discretion for Use of Online or Web-Based Scheduling Applications for the Scheduling of COVID-19 Vaccination Appointments
On January 19, 2021, the Office for Civil Rights ("OCR") at the U.S Department of Health and Human Services ("HHS") announced that it will exercise its enforcement discretion and will not impose penalties for violations of the HIPAA Rules on covered health care providers or their business associates in connection with the good faith use of online or web-based scheduling applications (collectively, "WBSAs") for the scheduling of individual appointments for COVID-19 vaccinations during the COVID-19 nationwide public health emergency. This exercise of enforcement discretion is effective immediately, but has retroactive effect to December 11, 2020. The Notification of Enforcement Discretion (the "Notification") explains that the exercise of enforcement discretion applies to covered health care providers and their business associates, including WBSA vendors (as WBSA is defined in the Notification), when the WBSA is used in good faith and only for the limited purpose of scheduling individual appointments for COVID-19 vaccinations during the COVID-19 nationwide public health emergency. Although OCR is exercising enforcement discretion, the Notification encourages the use of reasonable safeguards to protect the privacy and security of individuals' protected health information ("PHI"), such as using only the minimum necessary PHI, encryption technology, and enabling all available privacy settings.
The Notification of Enforcement Discretion for Use of Online or Web-Based Scheduling Applications during the COVID-19 Nationwide Public Health Emergency may be found here.
Alabama Enacts COVID-19 Liability Protections for Businesses and Healthcare Providers
Like many states, the Alabama legislature passed, and Governor Ivey signed into law, a bill that provides civil liability protections to Alabama businesses and healthcare providers related to COVID-19.
This article was authored by Angie Smith.
Reprinted with permission from the Birmingham Medical News.
Hospital Price Transparency Rule - January 1, 2021 Effective Date
The Hospital Price Transparency Rule went into effect January 1, 2021, and requires hospitals to make public online, in a machine readable format, a list of their standard charges for items and services, and a list of certain shoppable services in a consumer friendly manner. Among other items that must be listed, the list of standard charges must include the lowest and highest charges that the hospital has negotiated with all third party payers for each item or service. In the event of a hospital's non-compliance, CMS may impose a civil monetary penalty of up to $300 per day (which amount will be adjusted annually).
This article was authored by Anthony Romano.
Reprinted with permission from the Birmingham Medical News.
Biden's First 100 Days: A Check-In for Employers
When Biden took office on January 20, 2021, employers anticipated that we would see widespread changes in federal policy. As we near the half-way point of Biden's first 100 days in office, we have a clearer idea of how the Biden administration may impact employers.
This article was authored by Nafela Hojeij Helou.
OSHA Launches National Emphasis Program to Protect High-Risk Workers from COVID-19 or Retaliation from COVID-19 Complaints
On March 12, 2021, the Occupational Safety and Health Administration ("OSHA") launched a National Emphasis Program ("NEP") to focus its COVID-19 enforcement efforts. The NEP will remain in effect for up to one year from its issuance date, although OSHA has the discretion to amend or cancel the program sooner as more workers are vaccinated and the pandemic begins to subside. This Program is a direct response to a January 2021 executive order from President Biden directing the Department of Labor to issue revised guidance for employers.
This article was authored by Ron Flowers, Scott Williams and Cayman Caven.
Emily Mack Details Employer Considerations for COVID-19 Vaccine Policies in Today's General Counsel
For the February/March 2021 issue of Today's General Counsel, Emily Mack outlined issues employers should consider when establishing policies related to the COVID-19 vaccination.
Virginia Enacts Second Privacy Law in the Nation
On March 2, 2021, Virginia's governor signed into law the Consumer Data Protection Act ("CDPA"). Virginia is the second state in the nation, after California, to enact a privacy law protecting the rights of individual consumers in Virginia to control their personal information. The CDPA goes into effect on January 1, 2023.
This article was authored by Beth Shirley.