HHS Removes Safeguards for Personal Health Data, Suspends Public Comment
April 3, 2020
Health and Human Services announced today it will reduce privacy safeguards for personal health data. Under the federal patient privacy law (HIPAA), a third party "business associate" that receives personal data from a health care provider or insurer must have express permission to redisclose the data. HHS has now suspended that protection, as long as "business associates" disclose personal health data in "good faith" for "public health activities" and provide notice within 10 days.There was no opportunity for public comment on the rule change. Previously, HHS announced that it would not take enforcement action against health care providers that violate the HIPAA when consulting with patients remotely.