By Dr. Phyllis Miller, Ph.D., RHIA, RHIT, CHPS, Lean Six Sigma Green Belt, AHIMA ICD-10-CM/PCS Trainer
As August 21, 2020 marks the 24th anniversary of Bill Clinton’s HIPAA Law, it is not a bad time to reflect on the how the law has been doing. As with any big changes in healthcare, whether the advent of electronic health systems (EHRs) in the past decade or a pandemic like COVID-19, nothing stays the same. All laws, rules and regulation occasionally need some breathing room and this also applies to HIPAA. Here is an update on HIPPA changes and some examples of what not to do.
The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) is responsible for enforcing various rules and regulations issued under HIPAA which was amended by the Health Information Technology for Economic and Clinical Health (HITECH) Act to protect the privacy and security of protected health information.
New Telecommunication Rules
During the COVID-19 national emergency, which also constitutes a nationwide public health emergency, health care providers covered by HIPAA can now communicate with patients and provide telehealth services through remote communications technologies. Some of these technologies, and the manner in which they are used by HIPAA’s coverage of health care providers, may now not fully comply with the requirements of the HIPAA Rules.
As an example, a covered health care provider that wants to use audio or video communication technology to provide telehealth to patients during the COVID-19 nationwide public health emergency can do so. However, this does not mean or imply that the HIPPA rules are not offering the same basic laws of protecting patient’s confidential medical information which they were designed to do. It simply makes the jobs of providers a bit easier while delivering the same level of service to patients suffering from COVID-19.
OCR will also no longer impose penalties against providers and their business associates for violations of certain provisions of the HIPAA Privacy Rule. This change covers good faith uses and disclosures of PHI by business associates for public health and health oversight activities during the COVID-19 pandemic. It is designed to support federal public health authorities and health oversight agencies (such as the CDC and CMS), state and local health departments, and state emergency operations centers who need access to COVID-19 related data from business associates. These partners can now share this data without risk of a HIPAA penalty.