Abstract

The COVID-19 emergency poses particularly high infection risks in a clinical setting, where patients and health care providers are placed in the same room. Due to these risks, patients are encouraged to avoid clinics and instead use Telemedicine for safer consultations and diagnoses. In March, the Office for Civil Rights (OCR) at the U.S. Department for Health and Human Services (HHS) issued a notice titled Notification of Enforcement Discretion for Telehealth Remote Communications During the COVID-19 Nationwide Public Health Emergency (the ‘Notification’). The Notification relaxes the enforcement of privacy and security safeguards established by the Health Insurance Portability and Accountability Act (HIPAA) until further notice, in order to facilitate the transition to telehealth services for the broader purpose of promoting public health during the pandemic. Specifically, covered healthcare providers can use telehealth to provide all services that, in their professional judgment, they believe can be provided through telehealth. If providers make good faith efforts to provide the most timely and accessible care possible, they will not be subject to penalties for breaching the HIPAA Privacy, Security, and Breach Notification Rules. This paper examines the implications of the Notification on patients’ health information privacy. It recommends that patients should undertake a careful reading of provider privacy policies to make sure their protected health information (PHI) is not at risk before switching to telehealth consultation. Acknowledging the limitations of patient self-protection from bad privacy practices when in need for medical treatment during pandemic, the paper proposes that consumers’ data privacy should be protected through one of two alternative regulatory interventions: the FTC’s authority under §5, or HIPAA’s business associates agreements.

中文翻译：

---

COVID-19中远程医疗消费者的数据隐私注意事项

摘要

COVID-19紧急情况在将患者和医疗服务提供者放置在同一房间的临床环境中造成特别高的感染风险。由于这些风险，建议患者避开诊所，而应使用远程医疗进行更安全的咨询和诊断。3月，美国卫生与公共服务部（HHS）的民权办公室（OCR）发布了标题为在COVID-19全国公共卫生紧急事件期间远程医疗远程通信的执法自由裁量权的通知（“通知”）。该通知放宽了《健康保险携带和责任法案》（HIPAA）所确立的隐私和安全保障措施的执行，直至另行通知，以促进向远程医疗服务的过渡，以期在大流行期间促进公共卫生。具体而言，承保范围内的医疗保健提供者可以使用远程医疗来提供他们认为可以通过远程医疗提供的所有服务，这些服务是他们的专业判断。如果提供者真诚地努力提供尽可能及时和可及的护理，他们将不会因违反《 HIPAA隐私权，安全性和违约通知规则》而受到处罚。本文研究了通知对患者健康信息隐私的影响。它建议患者在转至远程医疗咨询之前，应仔细阅读提供商的隐私政策，以确保其受保护的健康信息（PHI）不受威胁。认识到在大流行期间需要医疗时，患者会受到不良隐私习惯的自我保护的局限性，该论文建议，应通过以下两种替代监管措施之一来保护消费者的数据隐私：FTC根据§5授权或HIPAA关联协议。