Medicare Compliance & Reimbursement

If your practice is scrambling to assist patients with COVID-19 vaccination appointments via web-based scheduling applications (WBSAs), you and your vendor can heave a HIPAA sigh of relief.

On Jan. 19, the HHS Office for Civil Rights (OCR) announced another COVID-19 public health emergency (PHE)-inspired notification of enforcement discretion. This one concerns covered entities (CEs) use of WBSAs to assist their patients with COVID-19 vaccine registration.

OCR “will exercise its enforcement discretion and will not impose penalties for violations of the HIPAA Rules on covered healthcare providers or their business associate [BAs] in connection with the good faith use of online or web-based scheduling applications for the scheduling of individual appointments for COVID-19 vaccinations during” the PHE, said a release on the notification. The agency goes on to explain that the HIPAA enforcement discretion concerns specifically CEs and their BAs — including WBSA vendors — and “only for the limited purpose of scheduling individual appointments for COVID-19 vaccinations” through the duration of the PHE.

“OCR is using all available means to support the efficient and safe administration of COVID-19 vaccines to as many people as possible,” said March Bell, Acting OCR Director.

Resource: Review the latest notification of enforcement discretion at www.hhs.gov/sites/default/files/hipaa-vaccine-ned.pdf. Find COVID-19-related HIPAA advice, previous notifications of enforcement discretion, and other OCR guidance at www.hhs.gov/hipaa/for-professionals/special-topics/hipaa-covid19/index.html.