OCR will not enforce HIPAA rules for covered entities using online apps to schedule COVID-19 vaccinations in good faith

Jan 20, 2021 - 02:27 PM
HHS Logo web sized 900x400

The Department of Health and Human Services’ Office for Civil Rights will not impose penalties on covered health care providers, their business associates or vendors for HIPAA rule violations connected with web-based applications used in good faith to schedule individual appointments for COVID-19 vaccination, the agency announced yesterday.

HHS will immediately exercise this enforcement discretion in how it applies the HIPAA privacy, security and breach notification rules during the public health emergency retroactive to Dec. 11, 2020, the notice states.

The agency also encourages covered providers and business associates using these applications to implement certain “reasonable safeguards” to protect individuals’ protected health information, such as using only the minimum necessary PHI, using encryption technology and enabling all available privacy settings.

Related News Articles

Headline
OCR finalizes rule prohibiting certain reproductive health care disclosures
The Department of Health & Human Services’ Office for Civil Rights April 22 released a final rule prohibiting entities regulated by the HIPAA Privacy Rule…
Headline
Cassidy proposes ways to strengthen health data privacy
Senate Health, Education, Labor & Pensions Committee Ranking Member Bill Cassidy, R-La., Feb. 21 released a report proposing ways to modernize the existing…
Headline
NIST updates HIPAA cybersecurity resource guide 
The National Institute of Standards and Technology this week released updated guidance to help HIPAA-covered entities and business associates assess and manage…
Headline
OCR releases telehealth privacy and security resources for providers, patients
The Department of Health and Human Services’ Office for Civil Rights Oct. 18 released a resource for health care providers who choose to educate patients about…
Headline
HHS updates tool to help providers assess HIPAA security risks
The Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology and Office for Civil Rights have updated…
Headline
COVID-19 HIPAA transition period for telehealth expires
Health care providers must comply with the HIPAA rules with respect to telehealth effective Aug. 9 at 11:59 p.m., when the 90-day enforcement discretion period…