HHS Announces Limited Waiver of HIPAA Sanctions During COVID-19 Public Health Emergency

Nilan Johnson Lewis PA
Contact
LinkedIn
Facebook
X
Send
Embed

The U.S. Department of Health and Human Services (HHS) will not sanction or issue penalties against hospitals failing to comply with certain provisions of the HIPAA Privacy Rule during the COVID-19 public health emergency. The waiver is effective March 15, 2020, and only applies:

  • In the emergency area identified in the public health emergency declaration;
  • To hospitals that have instituted a disaster protocol; and
  • For up to 72 hours from the time the hospital implements its disaster protocol.

HHS identified the following provisions of the HIPAA Privacy Rule as subject to the waiver:

  • The requirements to obtain a patient’s agreement to speak with family members or friends involved in the patient’s care. See 45 CFR 164.510(b).
  • The requirement to honor a request to opt-out of the facility directory. See 45 CFR 164.510(a).
  • The requirement to distribute a notice of privacy practices. See 45 CFR 164.520.
  • The patient’s right to request privacy restrictions. See 45 CFR 164.522(a).
  • The patient’s right to request confidential communications. See 45 CFR 164.522(b).

Additionally, HHS announced that effective March 17, 2020, it will waive potential HIPAA penalties for good faith use of telehealth using such non-public facing audio or video communication products during the COVID-19 nationwide public health emergency. Easily accessible applications—such as Apple FaceTime, Facebook Messenger video chat, Google Hangouts video, or Skype—may be used by health care providers with HHS recognizing that some of these technologies may not fully comply with the requirements of the HIPAA Rules. Providers are encouraged to notify patients that these third-party applications potentially introduce privacy risks, and providers should enable all available encryption and privacy modes when using such applications.

Additional details on the bulletin and notice by HHS are available here.

Minnesota Hospitals

Minnesota hospitals may have additional privacy considerations, as they are subject to the Minnesota Health Records Act. The Minnesota Departments of Health and Human Services have not yet commented on the federal guidance. Therefore, we recommend following such guidance pending instruction otherwise from either Department. We will continue to monitor updates both nationwide and in Minnesota.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Nilan Johnson Lewis PA | Attorney Advertising

Written by:

Nilan Johnson Lewis PA
Nilan Johnson Lewis PA
Contact
more
less

Nilan Johnson Lewis PA on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide