Enforcement Discretion Regarding Online or Web-Based Scheduling Applications for the Scheduling of Individual Appointments for COVID-19 Vaccination during the COVID-19 Nationwide Public Health Emergency

This notification is to inform the public that the Department of Health and Human Services (HHS) is exercising its discretion in how it applies the Privacy, Security, and Breach Notification Rules promulgated under the Health Insurance Portability and Accountability Act of 1996 and the Health Information Technology for Economic and Clinical Health (HITECH) Act (“HIPAA Rules”).

Balancing Privacy With Data Sharing for the Public Good

Governments and technology companies are increasingly collecting vast amounts of personal data, prompting new laws, myriad investigations and calls for stricter regulation to protect individual privacy. Yet despite these issues, economics tells us that society needs more data sharing rather than less, because the benefits of publicly available data often outweigh the costs. Public access to sensitive health records sped up the development of lifesaving medical treatments like the messenger-RNA coronavirus vaccines produced by Moderna and Pfizer. Better economic data could vastly improve policy responses to the next crisis.

Privacy Q&A with Rep. Suzan DelBene

Virginia’s Senate on Friday passed the state’s privacy bill, now landing on the governor’s desk — the latest of several state privacy measures that seem to be advancing faster than Congress can move. We checked in last week with DelBene, whose home state of Washington recently resumed talks on its own privacy bill, to see how she’s thinking about the state-level action and what it means for the path forward on federal legislation. “I feel a great sense of urgency,” said DelBene, chair of the New Democrat Coalition.

2021 Texas Winter Storm & HIPAA Bulletin: Limited Waiver of HIPAA Sanctions and Penalties During a Declared Emergency

Severe disasters – such as the 2021 Texas Winter Storm – impose additional challenges on health care providers. Often questions arise about the ability of entities covered by the HIPAA regulations to share individuals’ health information, including with friends and family, public health officials, and emergency personnel. As summarized in more detail below, the HIPAA Privacy Rule allows patient information to be shared to assist in disaster relief efforts, and to assist patients in receiving the care they need. In addition, while the HIPAA Privacy Rule is not suspended during a public health or other emergency, the Secretary of HHS may waive certain provisions of the Privacy Rule under section 1135(b)(7) of the Social Security Act.