Get The

Peace Of Mind

You Deserve

A misty morning in the Ozarks
Under the temporary enforcement waiver, OCR won't impose penalties for disclosure of protected health information, if the business associate makes good-faith use or disclosure for public health activities and informs the covered entity within 10 business days.
Share on facebook
Share on twitter
Share on linkedin
Share on email

The United States Department of Health and Human Services has announced that it won’t enforce penalties for violations of certain provisions of the HIPAA privacy rule against healthcare providers or their business associates for good-faith disclosures of protected health information (PHI) for public health purposes during the COVID-19 emergency. But still, the wise plan is to have HIPAA Waivers in place to ensure the fickle nature of this law doesn’t bite you.

The HHS Office for Civil Rights said that it was exercising its “enforcement discrimination” in announcing its change in policy during the coronavirus pandemic, a declared emergency period, reports Modern Healthcare in its article “HHS eases HIPAA enforcement on data releases during COVID-19.”

A HIPAA waiver of authorization is a legal document that permits an individual’s protected health information (PHI) to be used or disclosed to a third party. This waiver is part of a series of patient-privacy measures set forth in the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

PHI covered under HIPAA is information that can be connected to a specific individual and is held by a covered entity, like a healthcare provider. HIPAA has set out 18 specific identifiers that create PHI, when linked to health information.

The notification was issued to support federal and state agencies, including the CMS and the Centers for Disease Control and Prevention, that require access to COVID-19 related data, including protected health information.

“The CDC, CMS, and state and local health departments need quick access to COVID-19 related health data to fight this pandemic,” OCR director Roger Severino said in a statement. “Granting HIPAA business associates greater freedom to cooperate and exchange information with public health and oversight agencies, can help flatten the curve and potentially save lives.”

HIPAA’s privacy rule only permits business associates of HIPAA-covered entities to disclose protected health information for certain purposes, under explicit terms of a written agreement.

The moratorium enforcement doesn’t extend to other requirements or prohibitions under the privacy rule, nor to any obligations under the HIPAA security and breach notification rules, OCR said.David Payne Law's office in Republic Missouri

Reference: Modern Healthcare (April 2, 2020) “HHS eases HIPAA enforcement on data releases during COVID-19”

Suggested Key Terms: Estate Planning Lawyer, HIPAA Waiver, Probate Attorney

Subscribe!