The Department of Health and Human Services, Office of Civil Rights (OCR) recently released guidance and helpful examples illustrating how Covered Entities can comply with HIPAA and the Privacy Rule and still disclose protected health information (PHI) about individuals infected with or exposed to COVID-19 to Essential Providers. Read the full post on our Healthcare
On March 20, 2020 OCR released a Frequently Asked Questions list to help further clarify its March 17th Waiver. In the FAQ, OCR clarifies that the waiver not only allows providers to utilize platforms that do not comply with the requirements of the Security Rule (discussed in our original post), but it also applies to the Breach Notification and Privacy Rules that may be implicated when using a less secure platform. OCR also assures providers that if protected health information is intercepted and during the the “good faith provision of telehealth,” OCR will not pursue otherwise applicable penalties.
Keypoint: Individuals and businesses should take steps to prevent against becoming victims of the rapid rise in Coronavirus-related hacking scams.
On March 20, 2020, the FBI issued an alert warning that cyber thieves are actively trying to exploit the Coronavirus pandemic to steal money, commit identity theft, and engage in other hacking-related activity. The Cybersecurity and Infrastructure Security Agency (CISA) issued a similar alert earlier this month.