HHS will not impose penalties on healthcare providers or their business associates in disaster zones.
To be compliant with this waiver, a hospital must be located in an emergency area for the emergency declaration period and have instituted a disaster protocol. The waiver only applies for up to 72 hours after the disaster protocol was implemented.
HHS will waive sanctions or penalties for the following five HIPAA provisions:
1. The requirement to obtain a patient’s agreement to speak with family or friends members involved in the patient’s care
2. The requirement to honor a request to opt-out of the facility director.
3. The requirement to distribute a notice of privacy practices
4. The patient’s right to request privacy restrictions
5. The patient’s right to request confidential communications
To learn more, click here.
More articles on cybersecurity:
Scammers post fake vaccine registration website, pose as Ohio health system
State data protection bills gain traction amid pandemic
Email phishing attack at Michigan clinic exposes 2,500 patients’ info
