Special LIVE Event: Marketing Your Telehealth Services: Successful, Legal & Ethical Online Strategies See Details

Telehealth.org_white_TM-pjv6xsrnwgp9iomadwb59h909wk53rjdzvgh9xqs6c

HIPAA Privacy Rule Waiver in Response to COVID-19

by | Mar 27, 2020 | 0 comments

HIPAA Privacy RuleDuring an emergency or public health crisis, some elements of the HIPAA Privacy Rule may be waived. As of March 15, 2020, the Secretary of the Department of Health and Human Services (HHS), issued an emergency Privacy Rule waiver in response to the COVID-19 health crisis to protect protected health information (PHI).

A HIPAA Privacy Rule waiver is issued to facilitate quick response to public health issues, temporarily waiving fines associated with certain disclosures. The following discusses the Privacy Rule waiver in more detail.

What Conditions Enable the HIPAA Privacy Rule Waiver?

There are two conditions that must be met before the Secretary may issue an emergency HIPAA Privacy Rule waiver:

  • The President declares an emergency or disaster; and
  • The Secretary of HHS declares a public health emergency.

In regards to the COVID-19 crisis, both conditions have been met. However, the waiver is a temporary measure, and only applies:

  • To the area identified in the public health emergency declaration.
  • To covered entities that have instituted a disaster protocol.
  • For up to 72 hours from the time the disaster protocol is implemented.

If the President or Secretary terminates the emergency declaration, the Privacy Rule waiver no longer applies.

Which HIPAA Privacy Rule Provisions are Waived?

The HIPAA Privacy Rule waiver applies to the following:

  • The requirement to distribute a notice of privacy practices.
  • The patient’s right to request privacy restrictions.
  • The patient’s right to request confidential communications.
  • The requirement to obtain a patient’s consent to speak with family members or friends involved in the patient’s care.
  • The requirement to honor a request to opt-out of a covered entity’s facility directory.

Under the Privacy Rule waiver, protected health information may be disclosed, without prior patient consent, to public health authorities to protect public health and safety. Additionally, PHI may be disclosed without prior consent to individuals involved in the patient’s care such as family members, friends, and caregivers.

Minimum Necessary Standard and Emergencies

Even in the case of emergency, the minimum necessary standard must be upheld. All disclosures of PHI must be restricted to what is necessary for public health and safety.

For more information on HIPAA Privacy Rule Waivers, please click here.

What Are Your Thoughts?

Please leave your comments below.

Basic Telehealth Legal Issues

Would TBHI Telehealth Training Help You?

Basic Telehealth Legal Issues: Rules, Regulations & Risk Management

Bring your telehealth practice into legal compliance. Get up to date on interjurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, duty to report, termination and much more!

Disclaimer: The Telebehavioral Health Institute (TBHI Telehealth.org) offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to TBHI Terms and Conditions and Privacy Policy.

0 Comments

Submit a Comment

Your email address will not be published.

Blog Categories