HHS’ Office for Civil Rights will not impose penalties for potential HIPAA violations of healthcare providers and their business associates who use online or web-based scheduling applications to coordinate COVID-19 vaccine appointments.

Five Details

ONE: OCR on Jan. 19 announced its enforcement discretion, which is effective immediately and has a retroactive date of Dec. 11, 2020.

TWO: The enforcement discretion aims to help speed up the vaccination process for HIPAA-covered entities, which must quickly schedule a mass amount of patient visits for COVID-19 vaccines.

THREE: OCR is lifting penalties associated with online and web-based scheduling apps when “used in good faith and only for the limited purpose of scheduling individual appointments for COVID-19 vaccinations during the COVID-19 nationwide public health emergency,” according to the news release.

FOUR: The enforcement action does not include appointment scheduling tech that connects directly to the EHR.

FIVE: The notification does encourage healthcare providers and business associates to continue using safeguards that protect the privacy and security of individuals’ protected health information, such as encryption tech and enabling all privacy settings.


This post was first shared on Beckers Hospital Review, OCR Lifts HIPAA Penalties for COVID-19 Vaccine Scheduling: 5 Details, on January 20, 2021.