March 19, 2020

HHS Waives Penalties for Certain HIPAA Violations Amidst COVID-19 Emergency Declaration

HHS has announced that it is issuing a limited waiver of HIPAA sanctions and penalties during the COVID-19 outbreak. The waiver, effective March 15, applies to noncompliance by covered hospitals with the following provisions of the HIPAA Privacy Rule: (1) obtaining a patient's agreement to speak with family members or friends involved in the patient’s care; (2) honoring a request to opt out of the facility directory; (3) distributing a notice of privacy practices; (4) the patient's right to request privacy restrictions; and (5) the patient's right to request confidential communications. The waiver only applies to hospitals that have instituted a disaster protocol in emergency areas for 72 hours after the hospital has implemented the disaster protocol. European data protection authorities in several countries, including SpainLuxembourg, and Switzerland, have also addressed patient privacy in light of the COVID-19 global pandemic by releasing guidance on the issue.

Entity:
Topic: