COVID-19 has prompted the world to hunker down and work from home. For the average person with a desk job, this doesn’t pose regulatory problems, but for healthcare providers, the use of personal devices and lack of oversight from an organization’s IT department is leaving them and their companies susceptible to violations of the Health Insurance Portability and Accountability Act (HIPAA).
Enforcers of HIPAA, the Office of Civil Rights (OCR) and the Department of Health and Human Services (HHS), announced on March 17 that they would be using “enforcement discretion” regarding HIPAA violations, potentially waiving some penalties for healthcare providers who serve patients through “everyday communications technologies” during the COVID-19 nationwide public health emergency.