The coronavirus pandemic has upended millions of lives around the world and has impacted it in an unprecedented way. It is spreading like wildfire, destroying everything in its path. Cities are under lockdown to help curb the transmission. Whenever you open the news, all you hear about is how hundreds of people are getting infected, need immediate attention, and how hospitals are facing the biggest challenge they have in decades. Even after having arguably one of the biggest and most advanced healthcare systems in the world, the US is struggling to contain the situation, much like the rest of the world.
What has changed?
The situation is so unpredictably grave, that even the Office for Civil Rights (OCR) is permitting Business Associates to share patient data during the coronavirus pandemic, just to ensure faster response times and lower the burden for the overall healthcare system.
This new enforcement discretion permits them to share Protected Health Information (PHI) with public health authorities “in good faith” and they will not have to worry about HIPAA noncompliance penalties from the OCR. This is another welcome change, as the OCR recently lifted the penalties for using telehealth during the pandemic. All of these changes are being done so that the evergrowing number of patients are getting the best care within the shortest amount of time.
Why was it necessary?
The notice said that these changes were required to provide protected health information and support regarding it to various public health authorities as well as health oversight agencies like the Centers for Disease Control and Prevention during this crucial period.
HIPAA allows covered entities to already share such information with business associates. However, HIPAA dictates that the business associates under it are allowed to disclose and utilize such protected health information for public health as well as health oversight agencies only if it was stated within the agreement they made with their respective covered entities.
However, thanks to the new direction, business associates are allowed to share protected health information in the same way and they do not require explicit permission in the Business Associate Agreement – all of it without violating HIPAA or being penalized by the OCR.
Such a change was extremely necessary, as a lot of healthcare organizations like health oversight agencies, public health authorities, state and local health departments as well as state emergency operation centers were facing severe challenges because they were not receiving protected health information in due time from the business associates, which severely jeopardized the lives of the patients suffering from the coronavirus.
Thus, the change was made so that the information could be accessed quickly and the required state and local health departments could fight the pandemic more effectively, armed with the right information at the right time. This could very well contribute to flattening the curve as well as save numerous lives in the process.
The new enforcement discretion allows a business associate to utilize and disclose protected health information in the cases of public health and health oversight activities during this crucial period.
However, the business associate needs to inform the respective covered entities of the disclosure or use within 10 days since the disclosure.
There is also a lot of other information, rules, and regulations which need to be strictly followed by business associates. Thus as the pandemic unfolds, the US healthcare system also evolves and adapts to fight it the best way it possibly can.
It waived penalties, but HIPAA Compliance is still complex
Maintaining HIPAA Compliance is a never-ending process and as can be seen from the changes, these new rules need to be maintained, documented and conveyed to the business associates’ staff who will need to play a role to combat this pandemic.
The business associates will need to update their policies, train the relevant employees, and ensure that they comply with this new change. Even though there are no penalties, following these intricate rules and regulations can be quite challenging for anyone.
This is where HIPAA Ready comes in. It is a HIPAA Compliance Software that was made to help organizations compliant in a simple and effective manner. It ensures that your organization is always up to date regarding the latest HIPAA policies and procedures. It makes HIPAA compliance easier than ever by providing a centralized database where the employees can report incidents, see the latest updates, schedule training, and more.