During the COVID-19 national emergency, the Office for Civil Rights (OCR) has issued a HIPAA guideline for healthcare providers regarding media and film crew’s access to their facilities where Protected Health Information (PHI) could be accessible without the patient’s authorization. The latest HIPAA guideline was issued on 5th May 2020, and it’s not the first time OCR has reminded healthcare providers about the risks of inappropriate disclosure of PHI to the media since the pandemic started.

The last thing hospital patients need to worry about during the COVID-19 crisis is a film crew walking around their bed shooting ‘B-roll”, says the Director of OCR Roger Severino. He added: “healthcare providers and hospitals should first obtain a patient’s authorization before allowing the media to access their medical records”. 

Several healthcare providers have been hit with heavy civil monetary penalties and corrective actions in the past for failing to follow HIPAA guidelines regarding media access. New York Presbyterian Hospital settled for $2.2 million with OCR in 2016 for allowing an ABC media crew to film patients without permission, which resulted in the disclosure of two patient’s Protected Health Information (PHI) to the news media. In 2018, Boston Medical Center, Brigham and Women’s Hospital, and Massachusetts General Hospital settled with OCR for nearly $1 million each for similar infringements.

HIPAA Ready
HIPAA Ready
HIPAA Compliance Management Application

Reduce Administrative Burden

See all the information in a centralized space

Keep your team updated with regular information

Contact Us

Latest HIPAA guidelines regarding media crew access during the COVID-19 pandemic

  1. In the previous HIPAA guideline, The United States Department of Health & Human Services (HHS) relaxed enforcing some HIPAA regulations to promote information sharing between public officials and healthcare providers for the pandemic. However, the relaxation does not change HIPAA regulations surrounding media coverage.
  2. In the latest HIPAA guideline, OCR has reminded covered entities that HIPAA does not permit the media, including film crews, access to any areas of their facilities from where the patient’s PHI can be accessible in any form (written, verbal, electronic, visual, or audio) without first obtaining a written authorization from each patient whose PHI would be accessible to the media. 
  3. OCR has further asserted that blurring or masking patients’ faces in an attempt to obscure patients’ identities, does not remove the obligation to secure HIPAA authorization prior to filming.
  4. The latest HIPAA guideline also states that healthcare providers cannot require a patient to sign a HIPAA authorization as a condition for receiving treatment.
  5. Media and film crews are permitted to film patients where PHI could be accessible, only if all the patients who are already present or will be in the area where the filming takes place, first sign a valid HIPAA authorization allowing the access to occur.
  6. However, even with valid HIPAA authorizations, covered entities are required to have appropriate safeguards in place for protection against unauthorized disclosure of PHI. The HIPAA guideline states that covered entities should consider implementing computer monitor privacy screens to prevent the film crews from viewing PHI on monitors and setting up opaque barriers to shield media access to PHI of patients who did not provide authorization to the access.

Stay up-to-date with HIPAAReady

stay-up-to-date-with-hipaa-ready

HIPAA is an ever-changing federal law and to meet the urgent needs of this COVID-19 crisis, OCR may publish further guidelines. Nevertheless, HIPAAReady ensures that you are always up-to-date on the latest developments and avoid violations.

It is important for healthcare providers and hospitals to conduct appropriate staff education to ensure adherence to HIPAA guidelines regarding media coverage. With HIPAA Ready compliance software, providers will be easily able to provide training to their employees and manage all aspects of HIPAA compliance management from a single platform. HIPAAReady enables organizations to reduce the administrative burden and cost of compliance. To find out more about HIPAAReady, leave a comment and we will contact you within 24 hours.

What is CloudApper AI Platform?

CloudApper AI is an advanced platform that enables organizations to integrate AI into their existing enterprise systems effortlessly, without the need for technical expertise, costly development, or upgrading the underlying infrastructure. By transforming legacy systems into AI-capable solutions, CloudApper allows companies to harness the power of Generative AI quickly and efficiently. This approach has been successfully implemented with leading systems like UKG, Workday, Oracle, Paradox, Amazon AWS Bedrock and can be applied across various industries, helping businesses enhance productivity, automate processes, and gain deeper insights without the usual complexities. With CloudApper AI, you can start experiencing the transformative benefits of AI today. Learn More