HIPAA was enacted in 1996. At that time, no one could have predicted the recent COVID-19 pandemic.

This quickly became evident as the virus swept the nation. Both providers and patients suffered confusion and frustration as the pandemic progressed. Many simply did not understand the full impact of HIPAA on the pandemic.

To prevent this suffering from happening in the future, it is important to understand how HIPAA and COVID-19 affected one another.
Here's what patients, providers, and everyone else needs to know.

What Is HIPAA and What Is Its Purpose?

For many patients, the pandemic was their first real exposure to HIPAA. Many found themselves asking questions like "what does HIPAA stand for? What does it mean?"

These are important questions and the perfect place to start. HIPAA is short for the Healthcare Insurance Portability and Accountability Act. Initially, the law was created to:
  • Help patients retain health insurance coverage between jobs
  • Reduce waste and fraud in healthcare and health insurance
  • Simplify healthcare administration
  • Encourage providers to move toward digital medical records
  • In 2003, HIPAA's Privacy Rule went into effect. The rule aimed to protect patient privacy by limiting:
  • What Protected Health Information (PHI) providers could collect
  • How providers could collect PHI
  • Who providers could share PHI with and under what circumstances

Specifically, the law prevented providers from sharing PHI without patients' informed consent. Providers can share information only with approved parties or as needed to secure appropriate treatment for a patient. This includes sharing with insurance providers for billing purposes.

Related post Penalties for HIPAA Violations

More recently, HIPAA has been updated to protect patients' access to their own records, as well. These days, HIPAA is most commonly known for and associated with its patient privacy regulations.

Providers are legally required to train their staff on HIPAA regulations. Patients, by contrast, often cannot answer simple questions like:
  • What are 3 major things addressed in the HIPAA law?
  • A HIPAA authorization has which of the following characteristics?
  • COVID-19 brought these knowledge gaps to the forefront of medical care in often unpleasant ways.
  • COVID-19 and HIPAA
  • COVID raised dozens of unique questions related to HIPAA law. Examples included:
  • How do providers comply with HIPAA Training in overflowing ERs and other non-private spaces?
  • How do providers comply with HIPAA during telehealth conversations?
  • How can providers respect HIPPA and participate in mandatory reporting to health authorities?
  • How can providers contact patients to encourage them to participate in research toward a cure without violating HIPAA?
While providers were grappling with these questions, patients and their families had concerns of their own.

Many families could not get information on their ill loved ones. This happened because the patient had not authorized doctors to share their health information in advance. This left loved ones scared and out of the loop.

Families also could not get clear information on whether individuals had contracted the virus or not. This made it difficult to make decisions about quarantining. This led to delays which contributed to the spread of infection.

Employers faced many of the same problems. They had difficulty getting information on their workers and the spread of COVID. When they did get information, they often weren't able to share it in productive ways.

In all of these examples, the end result is the same. HIPAA directly impacted the pandemic by complicating and muddying communication. This affected the nation and its responses at every level.

HIPAA Waivers

Early in the pandemic, authorities became aware of these problems. They recognized that HIPAA was designed with day-to-day operations in mind. With medical facilities operating at maximum capacity and often short on staff, the strict regulations became less viable.

In March of 2020, the OCR issued a waiver. The waiver effectively stated that:
  • Complying with HIPAA was not always possible under pandemic conditions
  • Delivering the best possible patient care had to take priority
  • Providers should continue to make good-faith efforts to comply with HIPAA as much as possible
  • The OCR would not penalize or prosecute providers for HIPAA violations that resulted from pandemic conditions
  • The OCR also issued guidance on specific questions. For example, it provided instructions on how providers could encourage patients to participate in COVID research without violating HIPAA.
  • These changes and clarifications significantly eased concerns for everyone. They made it easier for providers to deliver quality care. They also made it easier for patients and their families to get the information they needed.

Lessons Learned

The primary lesson to come out of the intersection of HIPAA and COVID-19 is that there is no substitute for preparedness. Well-trained and well-informed workplaces simply do better, especially when faced with the unexpected.