U.S. Department of Health and Human Services

HHS makes significant changes to COVID-19 reporting process

The Department of Health and Human services has announced major changes for hospitals’ COVID-19 data reporting processes. HHS has also made changes to the types of data that hospitals must report, expanding the data collection. This includes new information requests for disaggregated information about adult and pediatric patients, to name a few of the changes. The reporting requirements do contain patient flows, but there are still unknown aspects to the new COVID-19 reporting requirements regarding individual-level data and certain privacy considerations.

May 19, 2020 WPF Statement regarding HHS Secretary’s Section 1135 COVID-19 HIPAA Waiver

This statement discusses a 72-hour “statutory waiver” of 5 basic HIPAA rights (including the right to confidential communications). The waiver is triggered by the Secretary of HHS and applies for a 72-hour period beginning upon implementation of a hospital disaster protocol. This statement discusses this waiver, what it is, what is means, who is impacted, and our recommendations.

April 15, 2020 WPF Statement on the COVID-19 Community Based Testing Sites HIPAA Waiver

In response to the COVID-19 (coronavirus) pandemic, the U.S. Department of Health and Human Services announced a HIPAA waiver April 9, 2020 regarding Community Based Testing Sites, which waives enforcement of all HIPAA privacy and security protections and data breach rules from some health care activities affecting COVID-19 testing.  This statement from WPF includes the following information:  
-What are the changes the Community Based Testing Sites HIPAA waiver creates? 
-What are the privacy concerns? 
-WPF recommendations to correct the privacy problems in the Community Based Testing Sites HIPAA waiver  
-Background on HIPAA waivers and a list of all current waivers in force

April 6, 2020 WPF Statement on COVID-19 Business Associate HIPAA Waiver

In response to the COVID-19 (coronavirus) pandemic, the U.S. Department of Health and Human Services announced a HIPAA waiver April 2, 2020 regarding Business Associates. The April 2 waiver is consequential and poses significant privacy challenges. This statement from WPF includes the following information:  
-What are the changes to HIPAA the April 2 waiver creates? 
-What are the privacy concerns? 
-WPF recommendations to correct the problems in the April 2, 2020 waiver  

HHS takes first-ever enforcement action under HIPAA’s right of access to health records

The Office of Civil Rights in the US Department of Health and Human Services has taken its first enforcement action under the HIPAA right of patient access to health records. HHS announced that it fined a health care provider $85,000 for failing to provide health care records to a patient upon written request, stating in