There is some confusion surrounding the March 15th announcement of a limited HIPAA enforcement waiver. The waiver lifts penalties for certain privacy violations during the Coronavirus outbreak. Alex Azar, Secretary of Health and Human Services, has exercised the authority to waive sanctions and penalties against a covered hospital not complying with certain provisions of the HIPAA Privacy Rule.
Penalties will be temporarily waived for hospitals for these violations:
Requirements to obtain a patient's agreement to speak with family members or friends involved in the patient’s care. See 45 CFR 164.510(b)
Requirement to honor a request to opt out of the facility directory. See 45 CFR 164.510(a)
Requirement to distribute a notice of privacy practices. See 45 CFR 164.520
Patient's right to request privacy restrictions. See 45 CFR 164.522(a)
Patient's right to request confidential communications. See 45 CFR 164.522(b)
It bears repeating that this temporary waiver is for hospitals only. The dental community must continue to adhere to all HIPAA privacy rules. The American Dental Association (ADA) recommends dentists, including the 15,000 licensed dentists across Texas, pause elective procedures and concentrate on dental emergencies. The ADA hopes the emergency-only recommendation will ease strain on hospitals by reducing emergency department dental care.
If you are providing emergency care and need to share electronic Protected Health Information (ePHI) with hospitals or other practitioners, your communications must meet each of these HIPAA mandates:
Encrypted Transmission. Use the highest level available on the market
Recipient Verification. Ensure your secure email provider authenticates the identity of the receiving doctor
Automatic Log-off. Regardless of whether you are sending patient records from the office or your home, you must ensure that no one can access your screen when you are done
Audit-Ready Software. You may be audited at any time. Check that your software can instantly produce an audit trail
Message Integrity. Any data sent back and forth must remain unaltered and encrypted at all times
Stored Securely. All the data in your secure emails must be stored on HIPAA-compliant servers for 6 years
For additional information on the developing COVID-19 landscape, patient safety and privacy, reach out to firstname.lastname@example.org or call 888-810-7706.