OCR Waives HIPAA Penalties Against Providers Using Electronic COVID-19 Vaccine Scheduling

Steptoe & Johnson PLLC

On February 24, 2021, the Office for Civil Rights at the U.S. Department of Health and Human Services (“OCR”) announced that it will not impose penalties against covered entities or their business associates that use online and web-based scheduling applications (collectively “WBSAs”) that are not HIPAA compliant, when the WSBAs are used for scheduling individual appointments for COVID-19 vaccinations. The moratorium on penalties is only applicable during the nationwide public health emergency and only to covered entities and business associates that act in good faith when using WBSAs.

OCR announced that its decision was based on health care providers’ need to quickly schedule appointments for a large number of people, and its recognition that some WBSAs may not be HIPAA compliant. The moratorium on penalties also applies to vendors of WBSAs whose technology is used by covered entities and business associates to schedule vaccination appointments.  

Despite the moratorium on penalties, OCR encouraged providers to implement reasonable safeguards to protect the security and privacy of protected health information (“PHI”) such as (1) using encryption technology, (2) ensuring that storage of any PHI by a vendor is temporary, (3) enabling all available privacy settings in a WBSA, and (4) using and disclosing only the minimum necessary PHI.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Steptoe & Johnson PLLC | Attorney Advertising

Written by:

Steptoe & Johnson PLLC

Steptoe & Johnson PLLC on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.