OCR will not enforce HIPAA rules for covered entities using online apps to schedule COVID-19 vaccinations in good faith

Jan 20, 2021 - 02:27 PM
HHS Logo web sized 900x400

The Department of Health and Human Services’ Office for Civil Rights will not impose penalties on covered health care providers, their business associates or vendors for HIPAA rule violations connected with web-based applications used in good faith to schedule individual appointments for COVID-19 vaccination, the agency announced yesterday.

HHS will immediately exercise this enforcement discretion in how it applies the HIPAA privacy, security and breach notification rules during the public health emergency retroactive to Dec. 11, 2020, the notice states.

The agency also encourages covered providers and business associates using these applications to implement certain “reasonable safeguards” to protect individuals’ protected health information, such as using only the minimum necessary PHI, using encryption technology and enabling all available privacy settings.

Related News Articles

Headline
HHS updates tool to help providers assess HIPAA security risks
The Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology and Office for Civil Rights have updated…
Headline
COVID-19 HIPAA transition period for telehealth expires
Health care providers must comply with the HIPAA rules with respect to telehealth effective Aug. 9 at 11:59 p.m., when the 90-day enforcement discretion period…
Headline
CMS urged not to implement proposed prior authorization attachment standard
The AHA July 27 joined AHIP, the American Medical Association, and Blue Cross Blue Shield Association in urging the Centers for Medicare & Medicaid…
Headline
Agencies warn hospitals, others about tracking technology compliance risks
The Department of Health and Human Services’ Office for Civil Rights and Federal Trade Commission yesterday sent a letter to about 130 hospital systems and…
Headline
FTC proposes changes to breach notification requirements for entities not covered by HIPAA 
The Federal Trade Commission June 8 released for public comment a notice of proposed changes to breach notification requirements for entities that collect…
Headline
AHA urges OCR to finalize HIPAA privacy proposal, suspend online tracking guidance  
The Department of Health and Human Services’ Office for Civil Rights should finalize its proposed “commonsense” amendments to the HIPAA Privacy Rule to support…