Today, the Office for Civil Rights (OCR) at the U.S Department of Health and Human Services (HHS) announced that it will exercise its enforcement discretion and will not impose penalties for violations of the HIPAA Rules on covered health care providers or their business associates in connection with the good faith use of online or web-based scheduling applications (collectively, “WBSAs”) for the scheduling of individual appointments for COVID-19 vaccinations during the COVID-19 nationwide public health emergency. This exercise of enforcement discretion is effective immediately, but has retroactive effect to December 11, 2020.