HHS Office of Civil Rights (OCR), the entity responsible for enforcing regulations under HIPAA, stated, effective immediately, it will exercise enforcement discretion and will not impose penalties for HIPAA violations against covered healthcare providers if patients are served on a good faith basis during the COVID-19 nationwide public health emergency. Find out what this means in implementation by accessing this issue brief.

This slide deck provides health centers with information and a presentation template overview of the HIPAA and electronic PHI risks related to texting and messaging that are important for health center leadership and IT managers to understand in making organizational decisions for these types of tools.

We are adding additional telehealth policy information relevant to coronavirus/ COVID-19 pandemic as it impacts health centers as it becomes available.

Frequently Asked Questions (FAQs) and Fact Sheets regarding the Substance Abuse Confidentiality Regulations. 

Two fact sheets include: 

• Disclosure of Substance Use Disorder Patient Records: Does Part 2 Apply to Me?
  • This fact sheet explains a 42 CFR Part 2 Program and how healthcare providers can determine how Part 2 applies to them.
• Disclosure of Substance Use Disorder Patient Records: How Do I Exchange Part 2 Data?
  • This fact sheet describes how 42 CFR Part 2 applies to the electronic exchange of healthcare records with a Part 2 Program.

FAQs about Applying the Substance Abuse Confidentiality Regulations, answers provided by Substance Abuse and Mental Health Services Administration (SAMHSA)

General cybersecurity guidance would suggest that Health IT breach should not be considered a matter of “if”, but rather a matter of “when”. How Health Centers prepare and respond to an episode of a breach is just as important as defending itself from the breach.