Five details:
1. OCR on Jan. 19 announced its enforcement discretion, which is effective immediately and has a retroactive date of Dec. 11, 2020.
2. The enforcement discretion aims to help speed up the vaccination process for HIPAA-covered entities, which must quickly schedule a mass amount of patient visits for COVID-19 vaccines.
3. OCR is lifting penalties associated with online and web-based scheduling apps when “used in good faith and only for the limited purpose of scheduling individual appointments for COVID-19 vaccinations during the COVID-19 nationwide public health emergency,” according to the news release.
4. The enforcement action does not include appointment scheduling tech that connects directly to the EHR.
5. The notification does encourage healthcare providers and business associates to continue using safeguards that protect the privacy and security of individuals’ protected health information, such as encryption tech and enabling all privacy settings.
More articles on cybersecurity:
Texas health system cyber attack exposes patients’ personal info: 4 details
Hackers altered Moderna, Pfizer data from EU before posting online to undermine public’s trust in vaccines
Are proposed HIPAA changes good for healthcare? 3 hospital execs weigh in