The Office for Civil Rights within the U.S. Department of Health and Human Services on Sept 31, 2021, released guidance for the public to clarify how HIPAA applies when businesses and employers request from customers and employees information on their COVID-19 vaccination status and test results. Highlights of the guidance provided by the Department of Health and Human Services include:
OCR announced March 15, 2020, that "it will exercise its enforcement discretion and will waive potential penalties for HIPAA violations against health care providers that serve patients through everyday communications technologies during the COVID-19 nationwide public health emergency."
The communications technology should not be public-facing. Examples of non-public facing communications technologies include Skype, Apple Facetime and video chat via Facebook Messenger, Jabber, WhatsApp, and Google Hangouts. In normal circumstances, HIPAA requires a covered entity to have a business associate agreement with these platforms and to have included these technologies in its security risk analysis prior to utilization. Once the emergency ceases, a covered entity is expected to be in full compliance with the regulations.
To protect patient privacy during the emergency period, a dentist should converse with a patient in a private location and should confirm that the patient also is in a private setting or else agrees to receive teledental services in a public or semi-public setting. Use reasonable safeguards such as lowering the voice and not using a speakerphone. When investigating a complaint or incident that occurs at this time, OCR will consider all facts and circumstances when determining what constitutes a good faith provision of telehealth services.
Already a CDA Member?
to keep exploring our resource library.
Learn more about CDA Member Benefits.
Go back to the previous page.