The Department of Health and Human Services’ Office for Civil Rights will not impose penalties on covered health care providers, their business associates or vendors for HIPAA rule violations connected with web-based applications used in good faith to schedule individual appointments for COVID-19 vaccination, the agency announced yesterday.

HHS will immediately exercise this enforcement discretion in how it applies the HIPAA privacy, security and breach notification rules during the public health emergency retroactive to Dec. 11, 2020, the notice states.

The agency also encourages covered providers and business associates using these applications to implement certain “reasonable safeguards” to protect individuals’ protected health information, such as using only the minimum necessary PHI, using encryption technology and enabling all available privacy settings.

Related News Articles

Headline
The Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology and Office for Civil Rights have updated…
Headline
Health care providers must comply with the HIPAA rules with respect to telehealth effective Aug. 9 at 11:59 p.m., when the 90-day enforcement discretion period…
Headline
The AHA July 27 joined AHIP, the American Medical Association, and Blue Cross Blue Shield Association in urging the Centers for Medicare & Medicaid…
Headline
The Department of Health and Human Services’ Office for Civil Rights and Federal Trade Commission yesterday sent a letter to about 130 hospital systems and…
Headline
The Federal Trade Commission June 8 released for public comment a notice of proposed changes to breach notification requirements for entities that collect…
Headline
The Department of Health and Human Services’ Office for Civil Rights should finalize its proposed “commonsense” amendments to the HIPAA Privacy Rule to support…