The Department of Health and Human Services’ Office for Civil Rights will not impose penalties on covered health care providers, their business associates or vendors for HIPAA rule violations connected with web-based applications used in good faith to schedule individual appointments for COVID-19 vaccination, the agency announced yesterday.

HHS will immediately exercise this enforcement discretion in how it applies the HIPAA privacy, security and breach notification rules during the public health emergency retroactive to Dec. 11, 2020, the notice states.

The agency also encourages covered providers and business associates using these applications to implement certain “reasonable safeguards” to protect individuals’ protected health information, such as using only the minimum necessary PHI, using encryption technology and enabling all available privacy settings.

Related News Articles

Headline
AHA today urged the Department of Health and Human Services’ Office for Civil Rights to take a holistic approach as it deliberates changes to the HIPAA Privacy…
Headline
The Department of Health and Human Services’ Office for Civil Rights today formally published in the Federal Register a proposed rule released Dec. 10 that…
Headline
The Department of Health and Human Services’ Office for Civil Rights today released a proposed rule that would modify HIPAA privacy standards for individually…
Headline
The Department of Health and Human Services’ Office for Civil Rights yesterday alerted health care organizations to postcards disguised as official OCR…
Headline
The Department of Health and Human Services Tuesday reminded health care providers that HIPAA privacy rules bar them from giving media and film crews access to…
Headline
Members of the Partnership to Amend 42 CFR Part 2, including the AHA, today urged the Department of Health and Human Services to issue a rule as soon as…