COVID-19 Changes HIPAA Compliance, But Caution Necessary

May 20, 2020

The Department of Health and Human Services Office for Civil Rights (OCR) has issued waivers and notices of enforcement discretion for several issues related to Health Insurance Portability and Accountability Act (HIPAA) compliance, but healthcare organizations still must be careful to comply with the privacy law even during the pandemic.

Covered entities must tread carefully, says Mark R. Ustin, JD, partner with Farrell Fritz in Albany, NY. OCR has emphasized the concepts of “minimum necessary” and “good faith,” he says.

“We have fewer rules than we used to have in this period. But you still want to ensure that you’re breaking the usual rules only to the extent that you need to break them so you can provide good patient care, and no further. That’s the minimum necessary concept,” he says. “OCR is also saying it won’t enforce where there’s a good faith breach, but they’re still reserving the ability to enforce where there has been some bad faith. This is not the opportunity for you to gather up someone’s healthcare data and sell it to someone.”

To read the full article, please click here.