New COVID-related information out on HIPAA, face masks, privileging and more

COVID-19 related information continues to be released at a furious rate.

The Joint Commission (TJC) has issued a statement supporting hospitals letting staff bring in their own masks when other personal protective equipment (PPE) is in short supply and has posted several updated or new FAQs about human resource requirements for volunteers, 1135 waivers, 1:1 monitoring of high-risk patients with COVID symptoms, telehealth requirements and other key topics.

The Department of Health and Human Services (HHS) prepublished a notice on the Federal Register about data releases related to the COVID-19 pandemic.

And the CDC continues to update information about conserving PPE and the reuse and disinfection of masks in areas where supplies are scarce.

TJC and HFAP have created COVID-19 resource pages on their websites that include information about telehealth as well as credentialing and privileging during a national emergency.

TJC’s FAQs can be found on their newly redesigned website by going under the Standards page, and selecting the FAQs topic on the left. FAQs can then be sorted by time, subject or healthcare organization type.

The recent statement by TJC on masks says it recognizes that “hospitals must conserve personal protective equipment (PPE) when these items are in short supply to protect staff who perform high-risk procedures,” and that “the degree to which privately-owned masks and respirators will increase the protection of healthcare workers is uncertain, but the balance of evidence suggests that it is positive.”

While there are no standards that prohibit PPE brought from home, TJC does caution, “homemade masks are an extreme measure and should be used only when standard PPE of proven protective value is unavailable.”

HIPAA data release

The notice from HHS prepublished Thursday is an enforcement discretion aimed at business associates.

According to a notice published in Part B News, a Simplify Compliance partner, providers won’t be punished if a business associate releases data needed to control the COVID-19 pandemic to federal, state or local public health agencies. That’s the gist of the latest notice of enforcement discretion from the HHS Office for Civil Rights (OCR), according to PBN.

The flow of necessary information was being blocked because “some HIPAA business associates have been unable to timely participate in these efforts because their BAAs do not expressly permit them to make such uses and disclosures of PHI,” the OCR noted.

Providers should note that their business associates won’t have to ask their permission before the disclosure, but they do have to tell a provider within 10 calendar days of the disclosure. Providers can help by informing their business associates of the notice.

CDC updates continue

The CDC has put together a two-page fact sheet to help providers remember how to don and doff PPE.

And according to the Association for Professionals in Infection Control and Epidemiology (APIC), the CDC has also updated its information on optimizing available PPE supplies and equipment. However, the CDC page does not immediately indicate what is new.

However, the page does have a section on decontamination and reuse of filtering face masks.