COVID-19 Is Changing HIPAA Compliance- How Can Organizations Adapt?

The novel coronavirus is affecting the whole world like a raging wildfire. As more and more people are being infected with the unstoppable virus, hospitals are being overflowed with patients. As the number of patients increases in the US, questions regarding their health conditions and health information are also needed as quickly as possible to start monitoring their health with their conditions in mind. The US healthcare system is probably facing its biggest challenge along with the rest of the world. 

Some Barriers

However, the problem of sharing such information is that it is known as Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA). This act aims to protect a patient’s sensitive healthcare information so that it cannot be misused. 

The Privacy Rule was established to protect “individually identifiable health information” so that it cannot be used or disclosed without authorized permission. However, the rule protects the privacy of the information but can be shared during important healthcare scenarios. 

You might also like to read: How‌ ‌to‌ ‌Ensure‌ ‌Patient‌ ‌Protection‌ ‌During‌ ‌ Telehealth‌ ‌Visits‌

This all means that hospitals can only share a patient’s information when they get written permission, although, exceptions can be made if the patient requires urgent care or it helps with the protection of the public.

No HIPAA penalties for faster care

The coronavirus pandemic has eased some burden of the organizations without fear of HIPAA violations or penalties. For example, HHS (Department of Health and Human Services) announced that the OCR will be not penalizing when organizations are using communication tools to help speed up patient care in the US. Healthcare organizations don’t have to worry about penalties or HIPAA violations during this pandemic when they use non-public facing audio and video tools. This makes it easier for patients to receive faster care, and it is not only limited to COVID-19 but any illness during this period. 

Also, the OCR updated some guidelines which had permitted use and disclosure of PHI which are related to COVID-19 to improve response times. Even Business Associates are allowed to share patient data “in good faith” and they do not have to worry about HIPAA noncompliance issues. Usually, Business Associate Agreements explicitly state that they cannot share the Protected Health Information unless it is in the agreement. However, the new changes remove that blockade for now. Several public health authorities, as well as health oversight agencies, are in urgent need of the affected patients’ data for providing urgent care during this pandemic. 

While this is a welcome change, the covered entities, as well as the business associates, will need to update policies, provide training, maintain any new documentation required and abide by any other law required for HIPAA Compliance. Many of the laws under the act are still in place and are still complex for any given organization to follow. 

You might also like to read: Healthcare Data Breaches – Why and how do they happen?

Moreover, data breaches are not stopping anytime soon, and organizations have to report them within 60 days if they do not wish to receive a penalty. 

Make HIPAA compliance easier

All these are extremely hectic for any organization, no matter how big or small. If it needs to be HIPAA compliant, it needs to follow the rules and regulations to the T. This is where HIPAA Ready comes into play. It is a HIPAA compliance management application that helps organizations to be worry-free regarding HIPAA. You can add all the latest HIPAA policies and updates, have digital checklists to ensure you follow them, schedule training for your staff, report and manage incidents, and keep all your HIPAA documents in one place. This way, whenever there’s an audit or inspection regarding HIPAA compliance, you can stay on top of the game by using the application, making HIPAA compliance easier than ever. 

Leave a Reply

Your email address will not be published. Required fields are marked *