City, State, and Federal agencies have variously required or advised that offices should be closed and workers have transitioned to work in their own homes. Does this mean that HIPAA requirements no longer apply? This is an emergency situation right? Surely some of the rules don’t apply now.
Limited Waiver
The Department of Health and Human Services announced with a special bulletin that a limited waiver is in place. Does it release all business associates and covered entities from HIPAA rules?
https://www.hhs.gov/sites/default/files/hipaa-and-covid-19-limited-hipaa-waiver-bulletin-508.pdf
Safeguarding Patient Information
In an emergency situation, covered entities must continue to implement reasonable safeguards to protect patient information against intentional or unintentional impermissible uses and disclosures. Further, covered entities (and their business associates) must apply the administrative, physical, and technical safeguards of the HIPAA Security Rule to electronic protected health information.
Securing Communictions
HHS says that covered entities and BAs are still responsible for secure communications. Email, phone calls, text messaging are often used in unsecure ways. Remember, when you’re working at home, you still need to use private and HIPAA compliant electronic communication methods to converse with patients or other associates and agencies.
So, keep it secure with DATA and your health!