To help meet the challenges of the COVID-19 pandemic, the federal government has eased the enforcement of regulations in various industries including in the health care sector. One important area this has affected is the enforcement of the Health Insurance Portability and Accountability Act (HIPAA), which protects sensitive patient information.
In this article, we will give a brief background of HIPAA, discuss where the enforcement of regulations has been eased, and analyze what this means for health care companies as well as the business associates that work with them.
What Is HIPAA And Who Must Comply With It?
HIPAA (the Health Insurance Portability and Accountability Act), was passed in 1996 to improve the nation’s health care system by mandating the standards-based implementation of security controls by all health care entities that create, store, or transmit health information.
If your company is involved in any way with the use or management of the personal health information (PHI) of individuals, you are required to follow stringent security guidelines to protect this sensitive information. Importantly, this requirement not only applies to health care companies such as physician offices, but to any business associates who work with this private information such as IT companies, billing services, attorneys, and accounting firms.
Penalties For Not Following HIPAA
Since its implementation, many health care providers and organizations, as well as their business associates, have paid millions of dollars in fines for not following HIPAA’s privacy requirements. In addition, these companies have suffered from the negative impact of having publicly disclosed violations, which are posted on the Department of Health and Human Services online “Wall of Shame.” As a result of these possible harsh consequences, organizations have tended to do even more than the minimum to ensure they are protecting patient health information.
Easing Of Penalty Enforcement Because Of COVID-19
With the need for quicker sharing of patient information and the huge growth in telehealth during the pandemic, the Office for Civil Rights (OCR), which enforces HIPAA requirements, has issued public notices concerning the enforcement of penalties. While HIPAA still remains in effect, and the authorities still strongly recommend following all HIPAA regulations as much as possible, they have made clear that they will not be enforcing certain violations.
The main reason the OCR has made these changes is to allow health care providers to better treat their patients using telehealth methods. The easing of penalties allows providers to speak with their patients via audio or video communication methods regardless of their security safeguards. These methods include non-public facing video chats that do not comply with HIPAA rules. In addition, the OCR noted they will not impose penalties on providers for not having a Business Associate Agreement with communication vendors.
This easing of penalty enforcement has also made it easier for first responders and other health care personnel to receive PHI regarding patients exposed to or infected with COVID-19. This easier access to patient information makes their job more secure, enables more effective treatment, and protects the community.
In addition, business associates are similarly protected from any possible violations. The OCR announced they will not impose penalties against business associates for any potential HIPAA violations as long as the sharing or disclosure of information is in good faith and for public health or health oversight activities during the nationwide public emergency. This suspension of penalties overrides the terms of any applicable Business Associate Agreements. However, the business associate is required to inform the covered entities of the disclosure within 10 days and to keep a record of this notification.
Organizations Should Be Careful About Relaxing Their Privacy Safeguards
Even though this relaxation of penalty enforcement for HIPAA violations is reassuring to health care companies and business associates during this stressful time, it is important that small businesses continue to focus their attention on maintaining a high level of security for sensitive personal information. Although companies may not face the legal and financial consequences of HIPAA violations, a breach of patient information will still negatively affect your company’s reputation and balance sheet.
It is important to note that the level of cybercrime and other scamming activity has reached unprecedented levels as determined criminals try to exploit the chaos caused by this pandemic. The bad actors are particularly drawn toward organizations that may have decreased their focus on IT security, especially as a result of the prevalence of remote work and poor cyber hygiene. Most experts recommend that small businesses, an increasingly more attractive target for hackers, should enhance their IT security budget and efforts to address these formidable challenges.
Consult With An IT Support Partner
In order to protect your organization against the increased level of cybercrime brought about by COVID-19 and to ensure you are HIPAA-compliant, we would recommend consulting with a trusted IT Support partner, such as Network Depot.
A reliable IT partner can assist your company in making sure that your company and client sensitive information is secure and that your network and business processes are in compliance with HIPAA and other applicable regulations. For health care companies, an IT partner can implement, install, and support your Electronic Medical Records (EMR) system, making sure your company is HIPAA-compliant with all private patient information stored securely. For business associates of healthcare companies, an IT Support partner can assist in performing a company assessment and advise on and implement any necessary changes to ensure your organization is HIPAA-compliant.
As with many other parts of everyday life, COVID-19 has impacted HIPAA and the way companies of all types do business. The most important lesson your company can take from any changes is to maintain the highest level of protection for your sensitive company and client information. Working with a trusted IT Support partner to understand and overcome these challenges will help your organization remain safe and productive during this pandemic.