Analysis: Impact of HHS' HIPAA Moves for COVID-19 CrisisAttorney Kirk Nahra Provides Overview of Regulatory Actions - And Potential Areas of Confusion
Recent HIPAA-related moves by federal regulators aim to improve health information sharing and care coordination as the U.S. healthcare community battles the COVID-19 outbreak, says privacy attorney Kirk Nahra of the law firm WilmerHale.
But some of the actions taken by the Department of Health and Human Services - including issuing certain limited waivers related to the HIPAA Privacy Rule - could create even more confusion, he says in an interview with Information Security Media Group.
The provision "potentially most concerning" waives the requirement to comply with patients' requests for "confidential communication" involving their health records, he says.
Meanwhile, among the most important waivers issued by HHS are those designed to help expand telehealth services by allowing the use of certain video chat services, he says (see: COVID-19: HHS Issues Limited HIPAA Waivers).
"I would put the telehealth waivers in the context of ongoing issues HHS has had where basically there are technologies that are convenient to patients, but providers haven't been sure they're allowed to use them under the HIPAA Security Rule."
In the interview (see audio link below photo), Nahra also discusses:
- The potential impact of HIPAA waivers issued by HHS' Office for Civil Rights;
- Privacy and security considerations for healthcare entities as COVID-19 testing expands nationwide;
- Recent HHS OCR guidance about COVID-19-related patient information disclosures to first responders and public health authorities;
- The potential impact of the COVID-19 crisis on regulatory deadlines contained in HHS' recently issued final rules pertaining to patient access, interoperability and information blocking;
- A provision in Congress' pending COVID-19 stimulus package regarding disclosures of records relating to substance use disorders;
- OCR's long-term plans to modify the HIPAA rules.
Nahra is a partner at the law firm WilmerHale in Washington, where he co-chairs the global cybersecurity and privacy practice. He analyzes the requirements of privacy and security laws across the country and internationally, providing advice on data breach issues, enforcement actions, big data issues, contract negotiations, business strategy and overall privacy, data security and cybersecurity compliance.