With the use of telehealth increasing in response to the COVID-19 pandemic, there is growing concern the technology may pose risks to patient privacy. In particular, any telehealth services quickly established at the beginning of the pandemic may need a close review to ensure they do not result in data breaches.
Working from home is the new normal and will be for many healthcare employees for a while, so adjustments are necessary to maintain compliance with HIPAA. Protected health information must be managed properly whether the employee is in the healthcare facility or at home.
Remember that the pandemic response may create unique Health Insurance Portability and Accountability Act compliance risks. Time, staffing, and focus are at a premium, but staying cognizant of patients’ privacy remains important.
The Department of Health and Human Services Office for Civil Rights has issued waivers and notices of enforcement discretion for several issues related to Health Insurance Portability and Accountability Act compliance, but healthcare organizations still must be careful to comply with the privacy law even during the pandemic.
The Department of Health and Human Services Office for Civil Rights will disregard some HIPAA violations during the pandemic response. Risk managers should understand which parts of the privacy rule are affected.