Skip to content

Menu

LexBlog, Inc. logo
NetworkSub-MenuBrowse by SubjectBrowse by PublisherBrowse by ChannelAbout the NetworkJoin the NetworkProductsSub-MenuProducts OverviewBlog ProBlog PlusBlog PremierMicrositeSyndication PortalsAbout UsContactSubscribeSupport
Book a Demo
Search
Close

OCR to Waive Penalties for Community-Based COVID-19 Testing Sites

By Wakaba Tessier & Erica M. Ash on April 10, 2020
Email this postTweet this postLike this postShare this post on LinkedIn

On April 8, 2020, the U.S. Department of Health & Human Services (HHS) Office of the Assistant Secretary for Health released guidance authorizing pharmacists to order and administer COVID-19 tests.  Immediately following this guidance, on April 9, 2020, the HHS Office of Civil Rights (OCR) announced that it will exercise its enforcement discretion and will refrain from imposing penalties for violations of HIPAA for covered entities or business associates participating, in good faith, in the operation of COVID-19 Community-Based Testing Sites (CBTS) during the nationwide public health emergency.  The guidance regarding pharmacists testing for COVID-19 and the notice related to the relaxation of HIPAA rules comes on the heels of pharmacies, such as CVS and Walgreens, taking on a more active and critical role in the fight against the COVID-19 pandemic.

OCR noted that this decision was issued to support certain covered health care providers, including some large pharmacy chains, and their business associates that choose to participate in the operation of a CBTS. These CBTS include mobile, drive-through, or walk-up sites that only provide COVID-19 specimen collection or testing services to the public.

This waiver does not, however, give covered entities carte blanch to run CBTS in whatever manner they choose. Rather,  OCR noted that each CBTS should still take reasonable safeguards to protect patient privacy. Such reasonable safeguards may include:

  • Using and disclosing only the minimum protected health information (PHI) necessary, except when disclosing PHI for treatment.
  • Setting up canopies or similar opaque barriers at a CBTS to provide some privacy to individuals during the collection of samples.
  • Controlling foot and car traffic to create adequate distancing at the point of service to minimize the ability of persons to see or overhear screening interactions at a CBTS.

Further, OCR included a note of caution that this notice does not protect covered entities or their business associates from enforcement actions when such entities are performing non-CBTS related activities.  For example:

  • A pharmacy that participates in the operation of a CBTS in the parking lot of its retail facility could be subject to a civil money penalty for HIPAA violations that occur inside its retail facility at that location that are unrelated to the CBTS.
  • A clinical laboratory that has workforce members working on site at a CBTS could be subject to a civil money penalty for HIPAA violations that occur at the laboratory itself.
  • A covered health care provider that experiences a breach of PHI in its existing electronic health record system, which includes PHI gathered from the operation of a CBTS, could be subject to a civil money penalty for violations of the HIPAA Breach Notification Rule if it fails to notify all individuals affected by the breach (including individuals whose PHI was created or received from the operation of a CBTS).

If you are a pharmacy or pharmacist thinking about operating a CBTS, please contact one of our healthcare attorneys.  We can assist in ensuring that proper compliance measures are in place before the commencement of COVID-19 community testing.

Photo of Wakaba Tessier Wakaba Tessier

Wakaba’s work requires mastery not just of the law but also the rapidly changing healthcare marketplace and its many regulations. She focuses on the unique issues faced by specialty pharmacies, such as licensing and other compliance challenges.

Email
Photo of Erica M. Ash Erica M. Ash

Erica helps healthcare clients navigate regulatory matters so they can get back to the business of patient care. She assists clients with compliance, transactional and licensure matters, including Health Insurance Portability and Accountability Act (HIPAA) compliance, Medicare and Medicaid reimbursement procedures, Stark Law

…

Erica helps healthcare clients navigate regulatory matters so they can get back to the business of patient care. She assists clients with compliance, transactional and licensure matters, including Health Insurance Portability and Accountability Act (HIPAA) compliance, Medicare and Medicaid reimbursement procedures, Stark Law compliance, and fraud, waste and abuse issues.

Email
Show more Show less
  • Posted in:
    Health Care
  • Blog:
    Healthcare Law Insights
  • Organization:
    Husch Blackwell LLP
  • Article: View Original Source

LexBlog, Inc. logo
Facebook LinkedIn Twitter RSS
Real Lawyers
99 Park Row
  • About LexBlog
  • Careers
  • Press
  • Contact LexBlog
  • Privacy Policy
  • Editorial Policy
  • Disclaimer
  • Terms of Service
  • RSS Terms of Service
  • Products
  • Blog Pro
  • Blog Plus
  • Blog Premier
  • Microsite
  • Syndication Portals
  • LexBlog Community
  • Resource Center
  • 1-800-913-0988
  • Submit a Request
  • Support Center
  • System Status
  • Resource Center
  • Blogging 101

New to the Network

  • Tennessee Insurance Litigation Blog
  • Claims & Sustains
  • New Jersey Restraining Order Lawyers
  • New Jersey Gun Lawyers
  • Blog of Reason
Copyright © 2025, LexBlog, Inc. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo