FAQs: Answers to Your COVID-19 HIPAA Frequently Asked Questions

In light of recent events, there have been many questions regarding the impact of COVID-19 on HIPAA (The Health Insurance Portability and Accountability Act of 1996).

We can help your practice stay on top of the latest healthcare news, rules, regulations and trends.  Subscribe to stay current and up to date on important matters that will impact your practice.  (To subscribe to our blog click here).

Our last blog discussed telemedicine in light of COVID-19 (to read about telehealth, click here).

FAQ: How has HIPAA changed to accomodate COVID-19?

HIPAA has not been changed. HIPAA continues to be in place, however, the Office of Civil Rights (OCR) has stated that it may use its discretionary power to choose not enforce certain provisions during the pandemic.

FAQ: I want to offer COVID-19 testing. Do I need to comply with HIPAA?

The OCR has stated that it is using its discretion and will not impose penalties for noncompliance with regulatory requirements under the HIPAA Rules in connection with the good faith participation in the operation of a Community-Based Testing Site during the nationwide COVID-19 emergency.

FAQ: I’m planning on offering testing to my patients. Do I need to do anything to protect their privacy?

Yes! While the OCR may not impose penalties for noncompliance, they have offered guidance regarding how to protect patients while offering testing. This includes:

  • Use/disclose minimally necessary PHI
  • Set up physical barriers to provide privacy
  • Control foot and car traffic
  • Establish a buffer zone to prevent media from identifying individuals
  • Use secure technology to record and transmit PHI
  • Make sure your Notice of Privacy Practices is up to date and accessible to patients

FAQ: Do I need a patient authorization to share information about their COVID-19 status?

It depends. HIPAA is still in effect, but its exceptions may allow you to share your patient’s information without an authorization.

You can share information about an individual who has COVID:

  • When the disclosure is necessary to provide treatment
  • When it is required by law
  • To notify a public health authority to prevent or control the spread of COVID-19
  • When a first responder may be at risk of infection
  • When the disclosure to first responders is necessary to prevent or lessen a serious and imminent threat to the health and safety of a person or the public
  • When responding to a request for PHI by a correctional institution or law enforcement official having lawful custody o f an inmate or other individual and the PHI is necessary for one of the exceptions

FAQ: What is the OCR focusing on in regards to HIPAA enforcement?

The OCR has issued multiple bulletins regarding telemedicine, disclosing patient information, community-based testing sites, and discrimination.

We anticipate that the OCR will continue to monitor the everchanging healthcare landscape and may issue more guidance, as necessary.

But remember, HIPAA has not changed, so it is important to stay compliant.

If you have questions regarding your practice, let us know.

And as always, when in doubt, ask your healthcare attorney. The current pandemic is temporary and OCR’s discretionary enforcement will not last forever.

In our next blog post, we will keep you informed of related issues.  To get this important information delivered directly to your mail box, click here to Subscribe.

Do you need help staying current and compliant with the latest laws, rules and regulations?  We can help. To contact us about your new government rules and regulations, your practice’s risk assessment, or about your other legal needs:  CLICK HERE.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.