OCR Announces Notification of Enforcement Discretion for Use of Online or Web-Based Scheduling Applications for the Scheduling of COVID-19 Vaccination Appointments

Today, the Office for Civil Rights (OCR) at the U.S Department of Health and Human Services (HHS) announced that it will exercise its enforcement discretion and will not impose penalties for violations of the HIPAA Rules on covered health care providers or their business associates in connection with the good faith use of online or web-based scheduling applications (collectively, “WBSAs”) for the scheduling of individual appointments for COVID-19 vaccinations during the COVID-19 nationwide public health emergency.  This exercise of enforcement discretion is effective immediately, but has retroactive effect to December 11, 2020.

OCR Settles Fourteenth Investigation in HIPAA Right of Access Initiative

The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services announces its fourteenth settlement of an enforcement action in its HIPAA Right of Access Initiative. OCR announced this initiative as an enforcement priority in 2019 to support individuals’ right to timely access their health records at a reasonable cost under the HIPAA Privacy Rule.

Report: COVID-19 Telehealth Risks and Best Practice Privacy, Security

Highlighting the risks posed by lifted  restrictions on communication apps amid the COVID-19 pandemic, new research published in the Journal of the American Medical Informatics Association urged healthcare organizations to take steps to bolster telehealth privacy and cybersecurity measures.