On January 19, 2021 the U.S. Department of Health and Human Services, Office for Civil Rights (“HHS”) announced that it will not impose penalties for violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Rules in connection with the good faith use of online or web-based scheduling applications to schedule individual appointments for COVID-19 vaccinations. This applies to both covered health care providers and their business associates.
This exercise of OCR’s enforcement discretion is effective immediately and is retroactive to December 11, 2020.
This decision only applies when the use of the web-based scheduling is used in good faith and is limited only to appointments for the vaccine during the COVID-19 nationwide public health emergency. OCR also continues to strongly encourage the use of reasonable safeguards to protect the privacy and security of individuals’ protected health information.
You can read the Notification of Enforcement Discretion for Use of Online or Web-Based Scheduling Applications during the COVID-19 Nationwide Public Health Emergency here: https://www.hhs.gov/sites/default/files/hipaa-vaccine-ned.pdf
If you would like guidance on how you can prevent HIPAA violations from occurring, or how to handle a HIPAA violation, please contact Danielle Dietrich at 412-227-0284 or firstname.lastname@example.org.