HIPAA violation reporting during Covid-19

21 of July, 2022

The HIPAA act of 1996 is a strong pillar of Human Resources in the United States, particularly in the medical industry. With the global pandemic the stress of maintaining Protected Health Information has become twofold. Many journalists and employers wanted hospitals to disclose negative and positive results of workers or celebrities. However, the management and release of Protected Health Information (PHI) is strictly regulated. HIPPA violation reporting is difficult to understand, so we prepared this article to explain all the details.

Is it a HIPAA violation to reveal someone has Covid-19?

The question of whether it is a HIPAA violation to reveal if someone has Covid-19 is thus important to address. Revealing someone has Covid-19 can seem like the right thing to do if it involves warning others in your community that someone was tested positive to ensure that others. But we can see that, if you fall under the HIPAA’s criteria for covered entities of the legislation, you could be in serious legal trouble by disclosing names.

What violations of HIPAA should I look out for during Covid-19?

The public interest in Protected Health Information has grown exponentially during the global Covid-19 pandemic. USA has a particular set of rules that determine whether you can release information on a medical diagnosis to the public though.

A hospital manager, medical center or Health Centre should particularly look out for revelation of Public Health Information, which can include:

• Revealing someone has Covid-19 in a press release without the consent of the patient, which can incur a huge fine.
• Allowing the filming of a Covid-19 ward with Covid-19 patients without their consent, which can also incur a fine.
• Allowing third parties to come in and collect data with patients name or personal details clearly available. When statisticians from another company come to investigate how the hospital is dealing with Covid-19, or the local journalist is running a special piece and wants data, you must check the HIPAA rules that.
• Let’s say you are an employer offering health insurance. You disclose to your staff that someone took out that health insurance to be treated for Covid-19. This is also a violation of HIPAA.

What are some less known HIPAA violation reporting actions to look for during Covid-19?

HIPAA violation reporting can spring a surprise on you as a doctor or a Human Resources team in a hospital. So watch out for these examples of relatively easy breaches of HIPAA.

• If you are subject to a data breach, you must remember to inform relevant parties within 60 days. The HIPAA Breach Notification says that you have a duty to inform patients if their data has been breached. This has to be done within 60 days. This is a common violation. Hospitals tend to look for the perpetrator without informing the affected actors.
• You must, in light of the pandemic and the effect of having remote working conditions, have a secure database of patient or employee health information. This should be encrypted and look towards guaranteeing privacy.

To summarize, it is a violation of HIPAA to disclose the personal diagnosis of a patient or employee. Namely one who took out insurance for treatment to friends, family or fellow colleagues. You must only discuss their diagnosis with the relevant care team. You must also watch out for any third parties. They could either malevolently; or merely out of an information request, try to obtain information on a Covid-19 diagnosis. Having a secure place for all your employees documents is a good way to start.