Call Us Today 314-272-2600 |

Guiding Your Compliance Through COVID-19

HIPAAtrek understands this is a challenging time for our nation, our clients, and the healthcare industry. We are working diligently to keep you updated on OCR announcements and guidance on managing your HIPAA compliance during this public health emergency. 

We recognize the incredible sacrifice healthcare workers are making to protect our communities and nation. The risk  to your personal health and the health of your families is appreciated! To help ensure your compliance programs also remain healthy, we have compiled resources to help you adapt and maintain your compliance. 

As always, please do not hesitate to reach out with any questions or concerns. We are here to help! Together we will rise up to beat COVID-19! 

Stay healthy! 

OCR Announcements of Waivers and Guidance 

OCR COVID-19 Resources page

Limited HIPAA Privacy Waiver Announcement

OCR Bulletin: HIPAA, Civil Rights, and the Coronavirus

Telehealth FAQ

HIPAA Disclosures to First Responders and Law Enforcement

Telehealth Enforcement Discretion

Business Associate Enforcement Discretion 

FBI Guidance on Video TeleConferencing Security

COVID-19 Testing Enforcement Discretion 

OCR Security Announcement: COVID-19 Exploited Malicious Cyber Actors 

April 3rd OCR Fraud Alert: 

It has come to OCR’s attention that an individual posing as an OCR Investigator has contacted HIPAA covered entities in an attempt to obtain protected health information (PHI).  The individual identifies themselves on the telephone as an OCR investigator, but does not provide an OCR complaint transaction number or any other verifiable information relating to an OCR investigation. 

HIPAA covered entities and business associates should alert their workforce members, and can take action to verify that someone is an OCR investigator by asking for the investigator’s email address, which will end in, and asking for a confirming email from the OCR investigator’s email address.  If organizations have additional questions or concerns, please send an email to:

Suspected incidents of individuals posing as federal law enforcement should be reported to the Federal Bureau of Investigation (FBI).  The FBI issued a public service announcement about COVID-19 fraud schemes at:

HIPAA Compliance Package

Everything You Need to Effectively Manage Your HIPAA Compliance During COVID-19

We have created a HIPAA compliance package to help you navigate the changing regulatory waivers and your modified workflows. In this package you will receive: 

  • Employee Training Videos
  • Compliance Reminder Templates
  • COVID-19 HIPAA Policies
  • COVID-19 HIPAA Forms
  • Priority Access to Webinars
  • Roundtables with other compliance officers and our compliance experts
  • Remote Workforce Guidance Template
  • Access to our Audit Platform to conduct compliance audits 

Package value is over $7,000. We are giving this to you for $499. 

Request Access to your package today! 

Request Access

HIPAA Compliance is STILL A Journey

Cybercriminal activity is increasing during COVID-19

While the nation is responding to patient emergencies during COVID-19, cybercriminals are taking advantage of our diverted attention. Now is the time to assess your cybersecurity program. 

HIPAAtrek is offering virtual security risk assessments during the public health emergency. Contact us for more information! 

Request Information

Facilitating HIPAA Compliance During the COVID-19 Pandemic

On Demand Webinar

Sponsored by Azalea Health

As the nation continues to respond to the COVID-19 pandemic, our healthcare systems are facing unprecedented workflow challenges. During this time, compliance officers will face challenges in preparing for public health disclosures and remote workforces. In this webinar, attendees will learn how:
• HIPAA requirements for disclosures involving infectious disease outbreaks
• Avoiding disclosure pitfalls
• Managing remote workforces in a compliant manner
• What is covered by the Limited Waiver on the Privacy Rule
• Telehealth discretion on HIPAA penalties

Watch Now!

Downloadable Policies and Forms 

These policies and forms are designed to help you facilitate your HIPAA compliance during the COVID-19 and beyond. Be sure to review and modify these templates to fit your organization’s unique workflows. Email any questions to

Bring Your Own Device Policy Template

Acknowledgement of Risk of Privacy with Non-Secure Telehealth Communication

Tips for Compliance Officers During COVID-19

Presented with unique compliance challenges, you can STILL manage your compliance effectively.
  1. Be Available: Your employees are likely to have more questions now. Your remote workers are new to working remotely and may have questions on how to work remotely in a secure, private, and compliant manner. Your employees on the front lines of this pandemic are facing never before seen situations and will need your guidance to help ensure they do not cause a compliance headache for you. 
  2. Reporting Issues or Concerns: Make sure your employees know how to report issues, compliance incidents, or concerns. This is especially important if your workflows have changed during this public health emergency. 
  3. Stay in Contact With Your Employees: This is along the same lines as being available. However, if you are working remotely, or if your employees are working remotely, it can be isolating and confusing. Remote work also lends itself to lax security and privacy practices. Staying in contact with your employees helps them to know that you are still there and more importantly, still taking compliance seriously. 
  4. Conduct Audits: Cybercriminals have no morals. They do not care that we are in the midst of a global public health pandemic. They are taking advantage of this pandemic as an opportunity. Your own employees also pose a threat. Record snooping is increasing due to concerns of their own health and the health of their loved ones. Conducting more frequent audits will help to catch unauthorized access by both cybercriminals and your employees. Let your employees know that you are conducting more frequent audits. 
  5. Inquire About Remote Workers Home Setup: Before you ship folks off to work from home, ask them about how they are going to facilitate their duties from home. Where will they work? Do they have a location away from other household members? What about connectivity to your applications containing PHI? Do they have smart home devices (ie Google Home, Amazon Echo, and so on)? Conduct a mini security and privacy assessment. If you have already sent employees to work from home, it isn’t too late to conduct a limited assessment to determine how your employees can still facilitate compliance. 
  6. Train Your Staff: This is more than your routine compliance training. Create compliance training focused on managing compliance in the current environment. 
Request a Demo

COVID-19 Articles

Cybersecurity During COVID-19

Cybersecurity During COVID-19

Watch out for COVID-19 cyber scams Sarah Badahman, CHPSE, Founder/CEO, HIPAAtrek Bethany Baty, Digital Marketing Director, HIPAAtrek Margaret Scavotto, JD, CHC, President, MPA The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA)...

Telehealth During COVID-19

Telehealth During COVID-19

Sarah Badahman, CHPSE, Founder/CEO, HIPAAtrek Bethany Baty, Digital Marketing Director, HIPAAtrek Margaret Scavotto, JD, CHC, President, MPA On March 17, the Office for Civil Rights (OCR) issued a Notification of Enforcement Discretion for Telehealth Remote...

Business Associate Disclosures During COVID-19

Business Associate Disclosures During COVID-19

Written By: Margaret Scavotto, MPA and Sarah Badahman, HIPAAtrek On April 2, 2020, the OCR issued a Notification of Enforcement Discretion under HIPAA to Allow Uses and Disclosures of Protected Health Information by Business Associates for Public Health and Health...

Coronavirus Disclosure: Pitfalls to Avoid

Coronavirus Disclosure: Pitfalls to Avoid

COVID-19 is a national emergency. Healthcare providers and public health agencies are working in overdrive to prevent the further spread of the virus. As healthcare professionals are identifying new cases of COVID-19, they are following the required protocols for notifying public health agencies and alerting those that may be at risk of exposure to the virus.

Disclosures Involving the Coronavirus Pandemic

Disclosures Involving the Coronavirus Pandemic

While healthcare facilities are preparing for the coronavirus pandemic, hospitals are facing increased workloads. Healthcare providers are required to report cases of COVID-19 to public health agencies as a part of the response effort.  It is still important to remember that Minimum Necessary policies and other privacy and security requirements must remain in place.