OCR lifts HIPAA penalties for COVID-19 vaccine scheduling apps: 5 details

HHS’ Office for Civil Rights will not impose penalties for potential HIPAA violations of healthcare providers and their business associates who use online or web-based scheduling applications to coordinate COVID-19 vaccine appointments.

Advertisement

Five details: 

1. OCR on Jan. 19 announced its enforcement discretion, which is effective immediately and has a retroactive date of Dec. 11, 2020. 

2. The enforcement discretion aims to help speed up the vaccination process for HIPAA-covered entities, which must quickly schedule a mass amount of patient visits for COVID-19 vaccines.  

3. OCR is lifting penalties associated with online and web-based scheduling apps when “used in good faith and only for the limited purpose of scheduling individual appointments for COVID-19 vaccinations during the COVID-19 nationwide public health emergency,” according to the news release. 

4. The enforcement action does not include appointment scheduling tech that connects directly to the EHR. 

5. The notification does encourage healthcare providers and business associates to continue using safeguards that protect the privacy and security of individuals’ protected health information, such as encryption tech and enabling all privacy settings. 

More articles on cybersecurity: 
Texas health system cyber attack exposes patients’ personal info: 4 details
Hackers altered Moderna, Pfizer data from EU before posting online to undermine public’s trust in vaccines
Are proposed HIPAA changes good for healthcare? 3 hospital execs weigh in

Advertisement

Next Up in Cybersecurity

Advertisement

Comments are closed.