HIPAA and the coronavirus

Updated as of Wednesday, March 18, 2020.

March Bulletin

On Tuesday, March 17, the Office for Civil Rights (OCR) announced it will exercise "enforcement discretion and will waive potential penalties for HIPAA violations" against providers serving patients through "everyday communications" during the COVID-19 nationwide public health emergency.

This announcement applies to the "good faith" use of such apps as FaceTime, Facebook Messenger, or Skype for any telehealth purposes, regardless of whether the telehealth services are directly related to treating COVID-19. Read more from the OCR here.

February Bulletin

In light of the coronavirus outbreak, the HHS OCR issued guidance on the ways that patient information may be shared under HIPAA during an outbreak of infectious disease or other emergency situation.

Misunderstandings about HIPAA can create obstacles to public health efforts. The HHS guidance — released on February 3 — explains how health care professionals have the broad ability to share health information with public health authorities during certain crisis situations without violating HIPAA privacy regulations.

Appropriate uses and disclosures can be made when necessary to treat a patient, to protect the public health, and for other critical purposes.