HealthcareCISO

In light of the coronavirus (COVID-19) outbreak and public health emergency, healthcare providers and other parties subject to the Health Insurance Portability and Accountability Act of 1996 and its implementing statutes and regulations (collectively, HIPAA) are asking how health privacy restrictions apply during this unprecedented pandemic.

To address these questions, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) has issued multiple bulletins (OCR Bulletin). They are designed to ensure HIPAA covered entities and their business associates are aware of the ways that patient information may be shared under HIPAA in an outbreak of infectious disease or other emergency situations. The bulletins also serve as a reminder that the protections of the Privacy Rule are not set aside during an emergency. Please note, governmental responses to COVID-19 continue to develop so the information outlined below is subject to change.

HIPAA applies only to covered entities and business associates

It is important to note the HIPAA Privacy Rule only applies to disclosures made by ...