Guiding Your Compliance Through COVID-19
HIPAAtrek understands this is a challenging time for our nation, our clients, and the healthcare industry. We are working diligently to keep you updated on OCR announcements and guidance on managing your HIPAA compliance during this public health emergency.
We recognize the incredible sacrifice healthcare workers are making to protect our communities and nation. The risk to your personal health and the health of your families is appreciated! To help ensure your compliance programs also remain healthy, we have compiled resources to help you adapt and maintain your compliance.
As always, please do not hesitate to reach out with any questions or concerns. We are here to help! Together we will rise up to beat COVID-19!
OCR Announcements of Waivers and Guidance
April 3rd OCR Fraud Alert:
It has come to OCR’s attention that an individual posing as an OCR Investigator has contacted HIPAA covered entities in an attempt to obtain protected health information (PHI). The individual identifies themselves on the telephone as an OCR investigator, but does not provide an OCR complaint transaction number or any other verifiable information relating to an OCR investigation.
HIPAA covered entities and business associates should alert their workforce members, and can take action to verify that someone is an OCR investigator by asking for the investigator’s email address, which will end in @hhs.gov, and asking for a confirming email from the OCR investigator’s hhs.gov email address. If organizations have additional questions or concerns, please send an email to: OCRMail@hhs.gov.
Suspected incidents of individuals posing as federal law enforcement should be reported to the Federal Bureau of Investigation (FBI). The FBI issued a public service announcement about COVID-19 fraud schemes at: https://www.ic3.gov/media/2020/200320.aspx.
HIPAA Compliance PackageEverything You Need to Effectively Manage Your HIPAA Compliance During COVID-19
We have created a HIPAA compliance package to help you navigate the changing regulatory waivers and your modified workflows. In this package you will receive:
- Employee Training Videos
- Compliance Reminder Templates
- COVID-19 HIPAA Policies
- COVID-19 HIPAA Forms
- Priority Access to Webinars
- Roundtables with other compliance officers and our compliance experts
- Remote Workforce Guidance Template
- Access to our Audit Platform to conduct compliance audits
Package value is over $7,000. We are giving this to you for $499.
Request Access to your package today!
HIPAA Compliance is STILL A JourneyCybercriminal activity is increasing during COVID-19
While the nation is responding to patient emergencies during COVID-19, cybercriminals are taking advantage of our diverted attention. Now is the time to assess your cybersecurity program.
HIPAAtrek is offering virtual security risk assessments during the public health emergency. Contact us for more information!
Facilitating HIPAA Compliance During the COVID-19 PandemicOn Demand Webinar
As the nation continues to respond to the COVID-19 pandemic, our healthcare systems are facing unprecedented workflow challenges. During this time, compliance officers will face challenges in preparing for public health disclosures and remote workforces. In this webinar, attendees will learn how:
• HIPAA requirements for disclosures involving infectious disease outbreaks
• Avoiding disclosure pitfalls
• Managing remote workforces in a compliant manner
• What is covered by the Limited Waiver on the Privacy Rule
• Telehealth discretion on HIPAA penalties
Downloadable Policies and Forms
These policies and forms are designed to help you facilitate your HIPAA compliance during the COVID-19 and beyond. Be sure to review and modify these templates to fit your organization’s unique workflows. Email any questions to email@example.com
Bring Your Own Device Policy Template
Acknowledgement of Risk of Privacy with Non-Secure Telehealth Communication
Tips for Compliance Officers During COVID-19Presented with unique compliance challenges, you can STILL manage your compliance effectively.
- Be Available: Your employees are likely to have more questions now. Your remote workers are new to working remotely and may have questions on how to work remotely in a secure, private, and compliant manner. Your employees on the front lines of this pandemic are facing never before seen situations and will need your guidance to help ensure they do not cause a compliance headache for you.
- Reporting Issues or Concerns: Make sure your employees know how to report issues, compliance incidents, or concerns. This is especially important if your workflows have changed during this public health emergency.
- Stay in Contact With Your Employees: This is along the same lines as being available. However, if you are working remotely, or if your employees are working remotely, it can be isolating and confusing. Remote work also lends itself to lax security and privacy practices. Staying in contact with your employees helps them to know that you are still there and more importantly, still taking compliance seriously.
- Conduct Audits: Cybercriminals have no morals. They do not care that we are in the midst of a global public health pandemic. They are taking advantage of this pandemic as an opportunity. Your own employees also pose a threat. Record snooping is increasing due to concerns of their own health and the health of their loved ones. Conducting more frequent audits will help to catch unauthorized access by both cybercriminals and your employees. Let your employees know that you are conducting more frequent audits.
- Inquire About Remote Workers Home Setup: Before you ship folks off to work from home, ask them about how they are going to facilitate their duties from home. Where will they work? Do they have a location away from other household members? What about connectivity to your applications containing PHI? Do they have smart home devices (ie Google Home, Amazon Echo, and so on)? Conduct a mini security and privacy assessment. If you have already sent employees to work from home, it isn’t too late to conduct a limited assessment to determine how your employees can still facilitate compliance.
- Train Your Staff: This is more than your routine compliance training. Create compliance training focused on managing compliance in the current environment.
On April 9, 2020, the OCR announced it will use its enforcement discretion for Community Based Testing Sites for COVID-19 testing. The enforcement discretion is being retro-dated to March 13, 2020 and will remain active as long as the public health emergency...
With the increase in use of remote work and telehealth, cybercriminal activity and video conference hijacking are also increasing. On April 2, 2020, the FBI released an article on defending against video conference hijacking. This is particularly important information...
Watch out for COVID-19 cyber scams Sarah Badahman, CHPSE, Founder/CEO, HIPAAtrek Bethany Baty, Digital Marketing Director, HIPAAtrek Margaret Scavotto, JD, CHC, President, MPA The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA)...
Sarah Badahman, CHPSE, Founder/CEO, HIPAAtrek Bethany Baty, Digital Marketing Director, HIPAAtrek Margaret Scavotto, JD, CHC, President, MPA On March 17, the Office for Civil Rights (OCR) issued a Notification of Enforcement Discretion for Telehealth Remote...
Written By: Margaret Scavotto, MPA and Sarah Badahman, HIPAAtrek On April 2, 2020, the OCR issued a Notification of Enforcement Discretion under HIPAA to Allow Uses and Disclosures of Protected Health Information by Business Associates for Public Health and Health...
As the nation continues to respond to the COVID-19 pandemic, it is important that we work together to help facilitate the effort to contain and prevent. An integral part of this effort is requiring staff to work remotely, this includes compliance professionals. At...
COVID-19 is a national emergency. Healthcare providers and public health agencies are working in overdrive to prevent the further spread of the virus. As healthcare professionals are identifying new cases of COVID-19, they are following the required protocols for notifying public health agencies and alerting those that may be at risk of exposure to the virus.
While healthcare facilities are preparing for the coronavirus pandemic, hospitals are facing increased workloads. Healthcare providers are required to report cases of COVID-19 to public health agencies as a part of the response effort. It is still important to remember that Minimum Necessary policies and other privacy and security requirements must remain in place.