Compliance Corner

Published June 8, 2020

PPE TRAINING – PPE training is available in Compliance Manager, in the training library. It includes the proper donning and doffing of PPE, through videos and infographics. There is a quiz to ensure the training was retained. A certificate is available upon completion.

COVID -19 Privacy Exceptions - Due to the pandemic, the Office for Civil Rights (OCR) and The U.S. Department of Health and Human Services (HHS) has issued several HIPAA exception notices:
- PHI can be disclosed to a public health authority, such as a state or local health department or the CDC, to report cases of COVID-19. This is called “active surveillance”.
- PHI can be disclosed to those who may have been exposed to a communicable disease or may be at risk of contracting or spreading a disease or condition to control the spread of the disease. It is very important to remember that only the minimum amount of PHI should be disclosed.
- PHI can be disclosed to family members, friends, and others involved in a patient’s care but only as it applies to the current treatment or authorization from the patient.
- Business associates may share PHI for public health purposes related to COVID-19, so that the CDC and other public health authorities can have quicker access to critical statistics.
- All other PHI disclosures remain restricted according to HIPAA guidelines. These exceptions will be in place until further notice from the OCR.

COVID -19 Phishing Attacks - Stay vigilant! Most common forms of attack:
- Phishing using the subject of coronavirus or COVID-19 as a lure. Examples of recent phishing email subject lines:
  - 2020 Coronavirus Updates
  - Coronavirus Updates
  - 2010-nCov: New confirmed cases in your city
- Malware distribution, using coronavirus or COVID-19 themed lures
- Registration of a new domain names containing wording related to coronavirus or COVID-19
- Attacks against newly and often rapidly deployed remote access and teleworking infrastructure

Find a Doctor