We always know when serious stuff has happened behind the scenes and OCR got involved. Some major violations of privacy rights must have happened when we see the OCR notice reminding everyone that you can not share patient information with the media without authorization.
In this episode:
HIPAA Privacy Rights Still Exist – Ep 256
2020 COVID Session Dates
August 18, 19, 20
For info go to TheHIPAABootCamp.com
Share Help Me With HIPAA with one person this week!
Thanks to our donors. We appreciate your support!
If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com.
Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA
HIPAA Privacy Rights Still Exist
The guidance was released May 5th and clearly meant to make a point about protecting privacy of COVID-19 patients being treated in facilities where reporters and cameras are around.
The notice included a special “cheat sheet” or FAQ. I didn’t think it was necessary to reiterate this but then I watched anything about COVID and remembered why they did it.
This virus is going to be with us for a while. There are plenty of things we must learn in order to handle it as part of our normal routines. Whether that is wearing masks or allowing us to have personal space it takes some getting used to for all of us. Even hand washing has been a new reality to some. But, having the right to privacy as a patient in your care is not something that is new or something that has changed. Period.
Let’s review. What things were eased for the crisis will not stay that way (well except maybe NPP paperwork). There was never a point that the patient’s right to privacy was eased in any way. Get in line everyone. If we are opening back up you have to put your big girl panties back on and behave as you know you should. Well for some that means putting on clothes but that is irrelevant here.
The documents released have simple information but it seems we all need to make sure those under our tutelage will need to be reminded of certain things. Just look at what the FAQ included:
Does the COVID-19 Public Health Emergency alter the HIPAA Privacy Rule’s restrictions on disclosures of protected health information to the media?
It never did change. Not at all. They had to be this specific in the guidance:
They added the emphasis. I know they wanted to do it in all caps but that really comes later.
May HIPAA-covered health care providers allow media or film crews to film patients in their facilities where patients’ protected health information will be accessible without the patients’ authorization if the patients’ faces are blurred or their identities are otherwise masked in the video?
This one made me take a deep breath. It is like they think it is ok for the reporters, film crew and anyone else that needs to be involved in production to see them and have access to the information as long as they blur out the images when it is broadcast to the public! Really people. I know it feels like the virus is eating our brains even when we don’t have it but come on. This is not new information. Take a minute and think about your patients.
It is important to acknowledge that everyone is one the edge and that probably is a major reason why people made mistakes. But, we all know that some of those mistakes would be made with or without a crisis. Those are the ones that drive me most nuts. I can understand making mistakes under the enormous pressure but other people are supposed to be there to make these kinds of decisions. Maintaining privacy in a crisis should be part of your incident response and business continuity plans. If it is not, add it now.
They pointed out this is not new either. Remember the filming crew settlements a few years ago. We did an episode on them.
Can a covered health care provider ever allow the media to film patients in areas of their facilities where patients’ PHI will be accessible?
Here is what they said in a very polite way to address this one more time.
I just see the way Tom Hanks screams “THERE’S NO CRYING IN BASEBALL!” and OCR wanting to scream the same way saying “ONLY WITH AN AUTHORIZATION!!!”
More privacy rights failure cases out there
From a listener:
The people diagnosed with COVID-19 still have privacy rights. If they aren’t quarantining properly to protect the public that is a different story. This woman was staying home and doing what she has been asked to do. There was no reason for the violation of her privacy rights at all. Delivering mail to a mailbox out by the street doesn’t expose you to COVID-19.
Privacy Rights Before and After COVID-19
Now seems like a good time to make a list of the things that were eased for the crisis. These protections were not removed in any way. Privacy rights were never suspended by any of these announcements. Time to get ready to go back to HIPAA as normal folks. To be sure we don’t miss anything let’s review the timeline of OCR announcements once again. This time we will make specific points as to what you should make sure you are prepared to return to normal.
Update on HIPAA and COVID-19 Webinar April 24, 2020
HIPAA and COVID-19 Updates
- February Bulletin on HIPAA and COVID-19
- Notification of Enforcement Discretion on Telehealth Remote Communications
- Guidance on Telehealth Remote Communications
- Guidance on Disclosures to Law Enforcement, Paramedics, Other First Responders, and Public Health Authorities
- Notification of Enforcement Discretion on Uses and Disclosures of Protected Health
- Information (PHI) by Business Associates for Public Health and Health Oversight Activities
- Notification of Enforcement Discretion Regarding COVID-19 Community-Based Testing Sites
These OCR updates explain where they may relax the enforcement of the rules and regulations to help us get through the crisis. It does not say that the rules are gone. Please keep in mind that we all have privacy rights until we do something that allows others to step in. Even then that should be done by proper authorities following proper procedures.
As we figure out how to live with COVID-19 there will be a lot of missteps and disagreements over what can be shared by whom and with whom. Unless there is a major change made, HIPAA still exists and very little will change once they remove the enforcement discretion period. If anything, we may have to worry about more specific protections for patients who test positive for the disease. It is unlikely these rights and protections will just be removed. We must educate all parties involved, as best we can, to protect everyone in a reasonable and appropriate manner.
Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word. As always, send in your questions and ideas!