Feds Relax HIPAA Enforcement At Coronavirus Testing Sites

By Danielle Nichole Smith
Law360 is providing free access to its coronavirus coverage to make sure all members of the legal community have accurate information in this time of uncertainty and change. Use the form below to sign up for any of our weekly newsletters. Signing up for any of our section newsletters will opt you in to the weekly Coronavirus briefing.

Sign up for our Cybersecurity & Privacy newsletter

You must correct or enter the following before you can sign up:

Select more newsletters to receive for free [+] Show less [-]

Thank You!



Law360 (April 9, 2020, 6:08 PM EDT) -- Health care providers are getting some more leeway when it comes to HIPAA compliance, as the U.S. Department of Health and Human Services announced Thursday it won't be imposing penalties for violations stemming from the "good faith participation" in COVID-19 testing sites.

According to the statement, HHS' Office of Civil Rights won't be hitting "covered entities or business associates" with penalties for violations of Health Insurance Portability and Accountability Act rules connected to their work with the testing sites during the nationwide public health emergency resulting from the outbreak of COVID-19.

Roger Severino, the director of the OCR, told Law360 in a statement Thursday that the "administration is making every effort to ramp up mobile testing sites across the country."

"OCR's enforcement discretion supports these critical efforts to test and diagnose patients during this nationwide emergency," Severino said.

The office said that the decision — which is retroactive to March 13 — is meant to support certain health care providers taking part in sites that are only offering COVID-19 specimen collection or testing. The covered providers include some large pharmacy chains, according to the office. 

"President [Donald] Trump has ordered the federal government to use every tool available to help save lives during this crisis, and this announcement is another concrete example of putting the president's directive into action," Severino said in the agency's statement.

On April 2, the OCR announced that it wouldn't be handing out penalties to health care providers for violations of the HIPAA privacy rule that stemmed from "good faith uses and disclosures of protected health information by business associates for public health and health oversight activities" during the emergency.

And in March, the office released guidance that it wouldn't penalize providers for HIPAA violations resulting from "their good faith provision of telehealth using communication technologies" while the public health emergency is ongoing.

--Editing by Jay Jackson Jr.

For a reprint of this article, please contact reprints@law360.com.

Hello! I'm Law360's automated support bot.

How can I help you today?

For example, you can type:
  • I forgot my password
  • I took a free trial but didn't get a verification email
  • How do I sign up for a newsletter?
Ask a question!