Security Analyst. The global spread of COVID-19 has generated countless privacy, data protection, security, and compliance questions for companies working hard to provide care in our new reality of “socially distant” interactions. For all organizations that depend on direct customer engagement, adopting new technologies to enable and support remote audio and video communications is the only path toward remaining in business. Healthcare providers are particularly affected by this paradigm shift. Many smaller providers that only offered in-person services have been forced to quickly adopt new technologies and platforms as a means to offer care to patients. Protecting the security and privacy of patient health-related information is challenging at the best of times, and it is now made even more difficult during the current crisis. The Health Insurance Portability and Accountability Act (HIPAA) requires all entities with access to Electronic Protected Health Information (ePHI) to protect the security and privacy of that information. The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has issued waivers and notices of enforcement discretion for several issues related to HIPAA compliance during the pandemic. The following paragraph summarizes the key actions that OCR has taken to modify HIPAA in response to the COVID-19 pandemic: “OCR’s enforcement discretion for noncompliance with HIPAA regulations against providers leveraging telehealth platforms that may not comply with the privacy rule. The waiver allows covered providers to potentially use any non-public facing remote, audio, or video communication platforms available to provide telehealth and communicate with patients during the pandemic. OCR will not penalize those providers for using potentially non-HIPAA-compliant tools, regardless of whether or not the service is used to diagnose or treat COVID-19-related conditions.” Learn more about how to get started with HIPPA Compliance with Posture https://www.episerver.com/guides/covid-19-privacy-considerations https://www.lexology.com/library/detail.aspx?g=21679085-cbe5-4c3e-b6de-fa255f3e5828 https://www.rd-alliance.org/rda-recommendations-and-guidelines-data-sharing-covid-19 https://www.reliasmedia.com/articles/146286-covid-19-changes-hipaa-compliance-but-caution-necessary https://www.jdsupra.com/legalnews/key-hipaa-changes-in-light-of-covid-19-26761/ https://postured.io/2020/04/07/hipaa-secure-telehealth/
By Kimberley Whyte.
Regulatory Requirements and Changes Due to COVID-19
Recommendations and Best Practices for Security Data During Pandemic
Helpful Resources and References