top of page

For public health & health oversight activities during the COVID-19 nationwide public health emerge

The Office for Civil Rights (OCR) at the U.S Department of Health and Human Services (HHS) made an important announcement regarding HIPAA Privacy Rule during COVID-19.

OCR announced that it will "exercise its enforcement discretion and will not impose penalties for violations of certain provisions of the HIPAA Privacy Rule against health care providers or their business associates for the good faith uses and disclosures of protected health information (PHI) by business associates for public health and health oversight activities during the COVID-19 nationwide public health emergency."

The announcement was made in an effort to support Federal public health authorities, such as, the Centers for Disease Control and Prevention (CDC), who may need access to COVID-19 related data, including Protected Health Information (PHI).

"The CDC, CMS, and state and local health departments need quick access to COVID-19 related health data to fight this pandemic," said Roger Severino, OCR Director. "Granting HIPAA business associates greater freedom to cooperate and exchange information with public health and oversight agencies can help flatten the curve and potentially save lives," Severino added.

What can you do?

It's important to remember, that a business associate is a ‘person’ or ‘entity’. This means there is no business associate too small or too large to comply with the Federal HIPAA regulations. Again, if you haven’t completed an accurate and thorough security risk assessment, you could also be penalized under ‘willful neglect’. This category alone is $50,000 per violation!

Live Compliance offers a FREE Organization Assessment to help you understand your organization's Technical, Administrative and Physical vulnerabilities and possible deficiencies, before they become a problem. For more information and to register for your FREE Organization Assessment, click here.

Lastly, it is important to ensure that employees who are working remotely, or from home, still comply with HIPAA regulations.

Live Compliance also offers Workstation use and Security Safeguards training and policies. This online course provides your workforce with the education that they need to safeguard Protected Health Information, even while working from home.

If you have further questions, contact Jim Johnson at or (980) 999-1585.



bottom of page