COVID-19 , Governance & Risk Management , HIPAA/HITECH
Safeguarding PHI During COVID-19 Crisis: Emerging ChallengesPrivacy Attorney Iliana Peters on Mitigating Risks to Data as New Clinicians Recruited
As some cities and states quickly recruit retired healthcare professionals, new medical school graduates and clinicians from other regions to assist in their COVID-19 responses, it's critical to ensure these workers understand the importance of protecting patient information, says privacy attorney Iliana Peters of the law firm Polsinelli.
"The HIPAA rules do require that individuals who will be interacting with protected health information are trained on the requirements of the HIPAA rules," she says in an interview with Information Security Media Group.
HIPAA training requirements have not been relaxed in any way as part of recent HIPAA provision waivers issued by the Department of Health and Human Service's Office for Civil Rights in recent weeks as the healthcare sector battles the COVID-19 outbreak, she notes.
"It's really important on some level to make sure that everyone handling PHI understands their responsibilities to keep that information private and secure. But [with the COVID-19 chaos] we may not have the time or the resources for some of these healthcare professionals re-entering the workforce in this incredibly important response to get really robust ... training on the HIPAA requirements."
At the very least, it's important for these individuals to understand their responsibility to safeguard PHI as part of their roles every day, she adds.
"So for example, if you have volunteers working in healthcare facilities who are going to interact with social media or news media, this is a huge area of risk for HIPAA covered entities and business associates," she warns.
In this interview (see audio link below photo), Peters also discusses:
- Recent OCR limited waivers involving certain HIPAA privacy provisions;
- Clarification of recent moves by HHS to expand the use of certain telehealth applications;
- OCR's recent notifications of HIPAA enforcement discretion involving business associates using or disclosing PHI for public health activities and also involving community-based COVID-19 testing centers;
- Privacy and security considerations involving workforce members of covered entities and business associates telecommuting during the COVID-19 crisis.
Peters is a Polsinelli law firm shareholder and an attorney in its national healthcare operations practice. She previously spent more than a decade at OCR, including as the acting deputy director of health information privacy and as the senior adviser for HIPAA compliance and enforcement. Before joining the OCR team in Washington, Peters worked as an investigator in OCR's Dallas regional office.