The Department of Health and Human Services’ Office for Civil Rights will not impose penalties on covered health care providers, their business associates or vendors for HIPAA rule violations connected with web-based applications used in good faith to schedule individual appointments for COVID-19 vaccination, the agency announced yesterday.

HHS will immediately exercise this enforcement discretion in how it applies the HIPAA privacy, security and breach notification rules during the public health emergency retroactive to Dec. 11, 2020, the notice states.

The agency also encourages covered providers and business associates using these applications to implement certain “reasonable safeguards” to protect individuals’ protected health information, such as using only the minimum necessary PHI, using encryption technology and enabling all available privacy settings.

Related News Articles

Headline
HIPAA-regulated entities are not permitted to use online tracking technologies in a manner that would result in impermissible disclosures of protected health…
Headline
The Department of Health and Human Services’ Office for Civil Rights yesterday released a video on recognized security practices under the HIPAA security…
Headline
The Department of Health and Human Services’ Office for Civil Rights yesterday requested public input on how HIPAA covered entities and business associates are…
News
The Centers for Medicare & Medicaid Services yesterday issued guidance to clarify HIPAA protections and responsibilities when health plans issue claims…
Headline
The Department of Health and Human Services today announced workplace guidance on the Health Insurance Portability and Accountability Act’s applicability to…
Headline
AHA today urged the Department of Health and Human Services’ Office for Civil Rights to take a holistic approach as it deliberates changes to the HIPAA Privacy…