Patient confidentiality is rightly one of the cornerstones of the medical profession. If we want patients to be forthcoming, they need to feel confident that they can be completely open with their providers without their most private information being shared. However, when policies designed to protect patients instead become obstacles to administering care it’s time to take a hard look at those policies. That’s exactly what the Department of Health and Human Services has done in reaction to the COVID-19 pandemic. HHS just announced that effective March 15 it has waived waive sanctions and penalties against healthcare providers who do not comply with the following portions of the HIPAA Privacy Rule:
- the requirement to obtain a patient’s agreement to speak with family members or friends involved in a patient’s care
- the requirement to honor a request to opt out of the facility directory
- the requirement to distribute a notice of privacy practices
- the patient’s right to request privacy restrictions
- the patient’s right to request confidential communications
At the same time, HHS specified that the limited waiver applies only if facilities meet the following criteria:
- there has been no determination that fraud or abuse has occurred
- the facility must have 1) designed and 2) activated a disaster recovery plan
- the facility is located in a geographic area which is covered by the health emergency declaration
The waiver is only applicable for up to 72 hours from the time the facility activates its disaster recovery plan. When the health emergency declaration terminates, the facility must revert back to compliance with all the requirements of the Privacy Rule for any patient still under its care. For more information, consult the following HHS documents:
Waiver or Modification of Requirements Under Section 1135 of the Social Security Act