Confidentiality, Privacy and Security

  • 1.  HIPAA Waivers

    Posted 07-06-2020 18:09
    Though DHHS has exercised its authority to waive sanctions and penalties against covered hospitals that do not comply with the following requirements of the Privacy Rule in response to the COVID-19 public health emergency:

    • To obtain a patient's agreement to speak with family members or friends involved in the patient's care
    • To honor a request to opt out of the facility directory
    • To distribute a notice of privacy practices
    • The patient's right to request privacy restrictions
    • The patient's right to request confidential communications
    ...are people necessarily making similar, temporary changes in their processes to the above requirements?

    I am not seeing much in the way of process changes...BUT...I do see some relief for those instances where there may be an "oops" along the way.  For example, the patient is listed in the hospital's directory though the patient has requested to opt out and when the patient finds out they are listed in the directory, they file a compliant with OCR. At least for now, this will not result in sanctions or penalties.

    Frank Ruelas
    Compliance Professional