Hospitals in many American cities anticipated unprecedented surges in incoming patients due to the fears surrounding the COVID-19 outbreak that began in China and spread throughout the world rapidly in early 2020.

Some hospitals were harder hit than others. Many of the hardest-hit hospitals were overwhelmed. In an attempt to streamline the information-sharing process between the healthcare providers treating patients as well as with the families of COVID-19 victims, relaxations were made to the normally strict healthcare compliance laws that severely restrict access to and sharing of patient records.

The Healthcare Insurance Portability and Accountability Act (HIPAA) is the most well-known and comprehensive set of guidelines for safeguarding patient information. It was signed in 1996, and since then has made an enormous impact on how the medical industry stores and processes sensitive patient information.

The agency in the federal government normally responsible for issuing fines to HIPAA violators, the Department of Health and Human Services’ Office for Civil Rights (OCR), has relaxed its fining practices during the COVID-19 outbreak in certain instances.

For example, providers that utilize telehealth services – a term to refer to the use of communication technology for the enhanced delivery of healthcare – are temporarily relieved from complying with the often-onerous HIPAA guidelines that dictate their business practices.

The type of information that HIPAA safeguards is called protected health information (PHI), an umbrella term for any sensitive information related to a patient’s health status.

Moving forward, one of the significant challenges that many providers will face is reverting to HIPAA compliance once the restrictions are lifted. Although no definitive date has been issued for the resumption of fines and other enforcement mechanisms, the government will reinstate them at some point. When the restrictions are again in place, some providers might have problems re-orienting their workflows to comply.

Text messaging has become an important component of communication between patients, various providers, and their families during the crisis. At the moment, much of this communication via text messaging does not meet HIPAA standards. This will present an issue in the future once the previously discussed HIPAA requirements are re-instated.

However, providers can become HIPAA-compliant in this regard by developing a well-defined, clear “opt-in” and “opt-out” feature in which patients consent to sharing information via text messaging upfront and also have the option to cease communication using the method.

Moving forward, we can expect even more innovations in terms of transitioning telehealth communication models into HIPAA compliance.