The Department of Health and Human Services’ Office for Civil Rights will not impose penalties on covered health care providers, their business associates or vendors for HIPAA rule violations connected with web-based applications used in good faith to schedule individual appointments for COVID-19 vaccination, the agency announced yesterday.

HHS will immediately exercise this enforcement discretion in how it applies the HIPAA privacy, security and breach notification rules during the public health emergency retroactive to Dec. 11, 2020, the notice states.

The agency also encourages covered providers and business associates using these applications to implement certain “reasonable safeguards” to protect individuals’ protected health information, such as using only the minimum necessary PHI, using encryption technology and enabling all available privacy settings.

Related News Articles

Headline
The Department of Health and Human Services’ Office for Civil Rights yesterday requested public input on how HIPAA covered entities and business associates are…
News
The Centers for Medicare & Medicaid Services yesterday issued guidance to clarify HIPAA protections and responsibilities when health plans issue claims…
Headline
The Department of Health and Human Services today announced workplace guidance on the Health Insurance Portability and Accountability Act’s applicability to…
Headline
AHA today urged the Department of Health and Human Services’ Office for Civil Rights to take a holistic approach as it deliberates changes to the HIPAA Privacy…
Headline
The Department of Health and Human Services’ Office for Civil Rights today formally published in the Federal Register a proposed rule released Dec. 10 that…
Headline
The Department of Health and Human Services’ Office for Civil Rights today released a proposed rule that would modify HIPAA privacy standards for individually…