COVID-19 Changes HIPAA Compliance, But Caution Necessary
The article addresses the pandemic-related waivers and notices of enforcement discretion related to Health Insurance Portability and Accountability Act (HIPAA) compliance issued by the Department of Health and Human Services Office for Civil Rights (OCR).
Tom mentioned that even in the chaos of a pandemic, covered entity providers should try to implement their privacy procedures and adapt those procedures as necessary. For example, the minimum necessary rule requires that steps be taken so that persons only have access to the minimum amount of health information necessary based on their role and association with a patient.
“Only key personnel and those directly involved in the treatment and care of COVID-19 patients should have access to the identity of patients and their complete medical record. Because COVID-19 patients are separated from family members upon their admission to the hospital, the hospital should do its best to identify their designated personal representative and health decision surrogate. Communications about the patient should be channeled through that representative,” said Tom.
Tom added that “[c]overed entities should think about the transition back to meeting all HIPAA requirements when the public emergency is removed, particularly with respect to telehealth security requirements.”
To read the Healthcare Risk Management article, click here.