Insights

Effective March 15, the U.S. Department of Health and Human Services (HHS), in response to President Trump's declaration of a nationwide emergency concerning COVID-19 and Secretary Azar's earlier declaration of a public health emergency, announced that certain requirements under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule would be waived for hospitals covered under HIPAA.

Until the public health emergency caused by the spread of COVID-19 ends, covered hospitals will not be penalized or sanctioned for failing to comply with the following provisions of the Privacy Rule:

• the requirement to obtain a patient's agreement to speak with family members or friends involved in the patient's care, 45 CFR 164.510(b)
• the requirement to honor a request to opt out of the facility directory, 45 CFR 164.510(a)
• the requirement to distribute a notice of privacy practices, 45 CFR 164.520
• the patient's right to request privacy restrictions, 45 CFR 164.522(a)
• the patient's right to request confidential communications, 45 CFR 164.522(b)

These waivers apply only in the emergency area identified in the public health emergency declaration, to a hospital that has instituted its disaster protocols, and for up to 72 hours from the time the hospital implements its disaster protocol.

The Privacy Rule is otherwise not suspended, and entities and business associates covered by HIPAA are still required to comply with the Privacy Rule. While the recent waivers are limited to the above-listed provisions and only applicable to covered hospitals, other covered entities and business associates are permitted to share patient information for treatment, payment, health care operations, and public health activities; to prevent or lessen a serious and imminent threat; and for other purposes authorized by HIPAA.

For the full HHS bulletin, see here.

For more Day Pitney alerts and articles related to the impact of COVID-19, as well as information from other reliable sources, please visit our COVID-19 Resource Center.

COVID-19 DISCLAIMER: As you are aware, as a result of the COVID-19 pandemic, things are changing quickly and the effect, enforceability and interpretation of laws may be affected by future events. The material set forth in this document is not an unequivocal statement of law, but instead represents our best interpretation of where things stand as of the date of first publication. We have not attempted to address the potential impacts of all local, state and federal orders that may have been issued in response to the COVID-19 pandemic.