The HHS Office for Civil Rights last week announced that it will exercise its enforcement discretion and not penalize healthcare providers or their business associates for good-faith violation of HIPAA rules pertaining to online or web-based scheduling applications for scheduling COVID-19 vaccinations. The announcement is retroactive to Dec. 11, 2020, and will be in effect during the COVID-19 public health emergency. Practices should note, however, that the enforcement discretion is limited and will not apply if the covered entity/business associate uses a web-based scheduling application whose terms of service prohibit its use for scheduling health care services or state that the application may sell personal information that it collects. To learn more, click here.
All Curi recommendations are based on current CDC criteria at the time of publication. CDC guidance for SARS-CoV-2 infection may, or may not, be adopted by state and local health departments to respond to rapidly changing local circumstances. Providers should always check with their local health department to see if the CDC’s guidance on any given topic has been modified (particularly if more restrictive) from the CDC’s recommended guidelines. Follow this link https://www.cdc.gov/publichealthgateway/healthdirectories/index.html for contact information to your state/local health department. If local recommendations vary from those of the CDC, and you are unsure what recommendations to follow, then it is safer to follow the more restrictive guidelines/recommendations.