Federal Register - February 24, 2021
Versión en texto ¿Qué es?Dateas es un sitio independiente no afiliado a entidades gubernamentales. La fuente de los documentos PDF aquí publicados es la entidad gubernamental indicada en cada uno de ellos. Las versiones en texto son transcripciones no oficiales que realizamos para facilitar el acceso y la búsqueda de información, pero pueden contener errores o no estar completas.
Fuente: Federal Register
Federal Register / Vol. 86, No. 35 / Wednesday, February 24, 2021 / Rules and Regulations
khammond on DSKJM1Z7X2PROD with RULES
III. What are reasonable safeguards that covered health care providers and their business associates should consider implementing?
OCR encourages covered health care providers and their business associates using WBSAs in good faith for the scheduling of individual appointments for COVID19 vaccination to implement reasonable safeguards to protect the privacy and security of individuals PHI.
OCR recommends that covered health care providers and their business associates consider the following recommended reasonable safeguards:
Using and disclosing only the minimum PHI necessary for the purpose e.g., an individuals name and phone number may be the minimum necessary PHI for scheduling the appointment.
Using encryption technology to protect PHI.
Enabling all available privacy settings e.g., adjusting WSBA calendar display settings, as needed, to hide names or show only individuals initials instead of full names on calendar screens.
Ensuring that storage of any PHI
including metadata that constitutes PHI by the vendor is only temporary e.g., the PHI is returned to the covered health care provider or destroyed as soon as practicable, but no later than 30
days after the appointment.10
Ensuring the WBSA vendor does not use or disclose ePHI in a manner that is inconsistent with the HIPAA
Rules e.g., does not engage in the sale of ePHI 11 collected from individuals using the WBSA to schedule a COVID
19 vaccination.
Although covered health care providers and business associates are encouraged to implement these reasonable safeguards when using a WBSA to schedule individuals for appointments for COVID19
vaccination, OCR will exercise its enforcement discretion and not impose penalties for noncompliance with the regulatory requirements under the HIPAA Rules against covered health care providers or their business associates in connection with the good faith provision of COVID19
vaccination during the COVID19
nationwide public health emergency.
Failure to implement the recommended reasonable safeguards above will not, in itself, cause OCR to determine that a covered health care provider or its 10 Once the WBSA vendor securely returns or destroys the ePHI as determined by its arrangements with the covered health care provider, the WBSA vendor is no longer a business associate to that covered health care provider.
11 See 45 CFR 164.502a5B2.
VerDate Sep<11>2014
16:14 Feb 23, 2021
Jkt 253001
business associate failed to act in good faith for purposes of this Notification.
Covered health care providers and their business associates that seek additional privacy protections for ePHI
collected while using WBSAs are encouraged to use application vendors that represent that their WBSAs support compliance with the HIPAA Rules and that the vendors will enter into BAAs in connection with the use of their WBSAs.
Note: OCR does not endorse, certify, or recommend specific technology, software, applications, or products.
IV. Who/what is not covered under this Notification?
This Notification does not apply to activities of a covered health care provider and its business associates other than the scheduling of COVID19
vaccinations. Other activities, such as the handling of PHI unrelated to the scheduling of COVID19 vaccinations, are not included within the scope of this exercise of enforcement discretion.
Potential HIPAA penalties still apply to all other HIPAA-covered operations of the covered health care provider and its business associates, unless otherwise stated by OCR.12
Additionally, this Notification does not apply to a covered health care provider or business associate when it fails to act in good faith. For example, OCR will not consider a covered health care provider or business associate to be acting in good faith with respect to the use of a WBSA for the scheduling of individual appointments for COVID19
vaccination where the covered health care provider or business associate uses a WBSA:
Whose terms of service prohibit the use of the WBSA for scheduling health care services or state that the WBSA
may sell personal information that it collects.
To conduct services other than scheduling appointments for COVID19
vaccination e.g., to determine individuals eligibility for COVID19
vaccination.
Without reasonable security safeguards e.g., access controls to prevent the PHI from being readily accessed or viewed by unauthorized persons.
To screen individuals for COVID
19 prior to individuals in-person health care visits.
12 OCRs Notifications of Enforcement Discretion and other materials relating to the COVID19 public health emergency are available at https
www.hhs.gov/hipaa/for-professionals/specialtopics/hipaa-covid19/index.html.
PO 00000
Frm 00051
Fmt 4700
Sfmt 4700
11141
V. Collection of Information Requirements This Notification of Enforcement Discretion creates no legal obligations and no legal rights. Because this notice imposes no information collection requirements, it need not be reviewed by the Office of Management and Budget under the Paperwork Reduction Act of 1995 44 U.S.C. 3501 et seq..
Dated: February 12, 2021.
Robinsue Frohboese Acting Director and Principal Deputy Director, Office for Civil Rights, U.S.
Department of Health and Human Services.
FR Doc. 202103348 Filed 22321; 8:45 am BILLING CODE 415301P
CORPORATION FOR NATIONAL AND
COMMUNITY SERVICE
45 CFR Parts 2522 and 2540
RIN 3045AA69
National Service Criminal History Check Corporation for National and Community Service.
ACTION: Final rule.
AGENCY:
The Corporation for National and Community Service CNCS revised existing National Service Criminal History Check NSCHC regulations under the National and Community Service Act of 1990, as amended. These revisions will clarify and simplify the NSCHC requirements.
DATES: This rule is effective May 1, 2021.
SUMMARY:
FOR FURTHER INFORMATION CONTACT:
Amy Borgstrom at the Corporation for National and Community Service, 250 E
Street SW, Washington, DC 20525, aborgstrom@cns.gov, phone 202422
2781.
SUPPLEMENTARY INFORMATION:
I. Background CNCS, which operates as AmeriCorps, is updating its National Service Criminal History Check NSCHC
regulations. The agency first established its NSCHC regulation in 2007. In 2009, Congress codified NSCHC requirements in Section 189D of the National and Community Service Act of 1990
NCSA, as amended by the Serve America Act. The agency issued regulations in 2009 and 2012
implementing the Serve America Act NSCHC provisions.
Grant recipient and subrecipient compliance with the NSCHC
requirements has been an ongoing
E:FRFM24FER1.SGM
24FER1
