HHS Waives Certain HIPAA Sanctions – COVID19 Response

March 18, 2020deecantrell Healthcare Policy

Alex Azar issued a limited waiver of certain HIPAA sanctions to improve data sharing and patient care during the pandemic.

HHS first declared the Coronavirus a public health emergency on January 31. COVID-19 is increasing data sharing challenges within the healthcare sector, including what information can be shared with family members, public health officials, and emergency personnel.

The Project BioShield Act of 2004 allows HHS to waive some HIPAA provisions to remove some of those barriers and clarify HIPAA rules. Under the waiver, hospitals will not be penalized for failing to comply with HIPAA requirements found in 45 CFR:

to obtain a patient’s agreement to speak with family members or friends involved in the patient’s care
the requirement to honor a request to opt out of the facility directory
the requirement to distribute a notice of privacy practices
the patient’s right to request privacy restrictions
the patient’s right to request confidential communications

This waiver first went into effect on March 15, but it only applies to providers located in the emergency area identified in the public health emergency declaration, as well as hospitals that implemented disaster protocols and up to 72 hours from the time a hospital makes that declaration.

Necessary actions to further support all of us making it through this pandemic!

Dee Cantrell, RN, BSN,MS, FHIMSS

Sr. Executive Healthcare Adviser and CIO

HealthAll Consulting, LLC

Dee Cantrell is an accomplished Senior Executive, Advisor, and Thought Leader with more than 39 years of success across the healthcare industry. Her broad areas of expertise include Information technology strategy, healthcare information technology, business process improvement, organizational leadership, data analytics and cybersecurity. For her exceptional leadership, she has been recognized for the Top 50 Health Care Leader by Becker’s Hospital Review, the Top 10 Women Leaders in Health IT by Healthcare IT News, and has twice been named the Georgia CIO of the Year by the Georgia CIO Leadership Association (GCLA). Dee obtained her Master of Science in Organizational Management from Capella University as well as a Bachelor of Science in Nursing from Brenau University.