Clarifying HIPAA Privacy Changes Amid COVID-19 Pandemic

Last Updated: March 19, 2020

Robert McDermott, President and CEO, iCoreConnect

There is some confusion surrounding the March 15th announcement of a limited HIPAA enforcement waiver. The waiver1 lifts penalties for certain privacy violations during the Coronavirus outbreak. Alex Azar, Secretary of Health and Human Services, has exercised the authority to waive sanctions and penalties against a covered hospital not complying with certain provisions of the HIPAA Privacy Rule. Penalties will be temporarily waived for hospitals for these violations:

●Requirements to obtain a patient's agreement to speak with family members or friends involved in the patient’s care. See 45 CFR 164.510(b)
● Requirement to honor a request to opt out of the facility directory. See 45 CFR 164.510(a)
● Requirement to distribute a notice of privacy practices. See 45 CFR 164.520
● Patient's right to request privacy restrictions. See 45 CFR 164.522(a)
● Patient's right to request confidential communications. See 45 CFR 164.522(b)

It bears repeating that this temporary waiver is for hospitals only. The dental community must continue to adhere to all HIPAA privacy rules. The American Dental Association (ADA) recommends dentists pause elective procedures and concentrate on dental emergencies. The ADA hopes the emergency-only recommendation will ease strain on hospitals by reducing emergency department dental care.

If you are providing emergency care and need to share electronic Protected Health Information (ePHI) with hospitals or other practitioners, your communications must meet each of these HIPAA mandates:

● Encrypted Transmission. Use the highest level available on the market
● Recipient Verification. Ensure your secure email provider authenticates the identity of the receiving doctor
● Automatic Log-off. Regardless of whether you are sending patient records from the office or your home, you must ensure that no one can access your screen when you are done
● Audit-Ready Software. You may be audited at any time. Check that your software can instantly produce an audit trail
● Message Integrity. Any data sent back and forth must remain unaltered and encrypted at all times
● Stored Securely. All the data in your secure emails must be stored on HIPAA-compliant servers for 6 years

For additional information on the developing COVID-19 landscape, patient safety and privacy, regularly visit the NYSDA site. ICoreExchange fully HIPAA-compliant, secure, cloud-based email service is a proud partner of the New York State Dental Association. For more information, reach out to salesinfo@icoreconnect.com or call 888-810-7706.


1 https://www.hhs.gov/sites/default/files/hipaa-and-covid-19-limited-hipaa-waiver-bulletin-508.pdf

21823878618