HIPAA Security Rule Update Related to COVID-19

On March 17, 2020, the federal Department of Health and Human Services (HHS) announced that the Office for Civil Rights (OCR) will suspend enforcement activities and waive penalties related to certain HIPAA Security Rule provisions “during the COVID-19 nationwide public health emergency.” Specifically, OCR will waive penalties for using “everyday communications technologies” in furtherance of providing health care services. HIPAA Rules require that health care providers (and other covered entities) utilize certain technical, physical, and administrative safeguards in conjunction with the provision of treatment and maintenance of electronic protected health information. These HIPAA Rules include requirements for remote communication technologies utilized by health care providers for treatment purposes.

Effective immediately, however, OCR subregulatory guidance provides that OCR “will not impose penalties for noncompliance with the regulatory requirements under the HIPAA Rules against covered health care providers in connection with the good faith provision of telehealth during the COVID-19 nationwide public health emergency.” As a result, providers may utilize any “non-public facing” audio or video communication technology to provide telehealth services. OCR’s announcement relates to telehealth provided “for any reason,” meaning that penalties will not apply regardless of whether telehealth services relate to COVID-19.

Source: https://www.jdsupra.com/legalnews/hipaa-security-rule-update-related-to-78520/