Last night, the Office of Civil Rights Division of the United States Department of Health and Human Services (“OCR”) issued further guidance regarding enforcement of the Privacy Rule and related regulations due to the COVID-19/novel coronavirus pandemic as it relates to business associates of covered entities. Under the Privacy Rule and related regulations, business associates of covered entities may disclose private health information for public health and oversight activities only with prior authorization from patients. In light of the pandemic, OCR has declared that it will exercise its discretion and not enforce this requirement until the Secretary of the Department of Health and Human Services decides that the public emergency has passed. Attorneys like the members of the Healthcare practice group of CSKL who provide legal services directly to healthcare providers and facilities fall within the class of business associates to whom this wavier of action applies. The waiver is limited to the use for public health and oversight activities only and not to broader litigation, to which the existing rules, regulations, and laws still apply.
The guidance can be found by clicking here.
Stay tuned for more information about HIPAA and other healthcare related legal news in the ever evolving world of the COVID-19 pandemic.