The coronavirus pandemic has impacted hospitals and private practices in many ways. Leaders in these organizations need to change how they operate their practices to better ensure patients receive the care they need while also reducing the risk of exposure to the virus for patients and medical care providers.
These new methods of operation may make it difficult to manage typical information security protocols. Various government agencies have recognized this reality and adaptations to regulations are the in the works. For example, the Office for Civil Rights of the United States Department of Health and Human Services (HHS) recently announced a relaxation of penalties for potential violations of the Privacy, Security, and Breach Notification Rules under the Health Insurance Portability and Accountability Act (HIPAA).
What does this mean?
The change allows hospitals to share a limited amount of patient information if done so in good faith to aid in the community-based testing site’s mission. The agency has encouraged those operating these testing sties to take reasonable safeguards to protect patients’ privacy. Such measures include setting up canopies or a similar barrier to provide some privacy while collecting samples and establishing a buffer zone to prevent the media or members of the public from observing patients using the site.
When does the change start?
The agency made the announcement in early April, but it is retroactive to March 13, 2020. The HHS states the changes will run until the public health emergency no longer exists.
Who is covered?
The agency states covered entities include certain health care providers as well as some large pharmacy chains and clinical laboratories who participate in the operation of these testing sites. The agency also states the testing site must only provide COVID-19 specimen collection or testing services to qualify. A failure to meet these requirements could result in an investigation and allegations of wrongdoing.