Patient Confidentiality & COVID-19

March 27, 2020

Access the On-Demand Webinar here.

As health centers adapted to providing care during the COVID-19 public health emergency, the federal government issued waivers, notices, and guidance documents affecting the compliance requirements under HIPAA and 42 CFR Part 2 (“Part 2”). 


  • On March 15th, the Office for Civil Rights (OCR)’s limited waiver of certain HIPAA sanctions and penalties became effective.
  • On March 17th, OCR announced that it will waive potential HIPAA penalties for covered entities that serve patients through non-public communication technologies during the COVID-19 public health emergency. Where a covered entity would typically be required to execute a business associate agreement (BAA) with a vendor providing video communication products, under the notice, covered entities may use non-public communication technologies, such as FaceTime and Skype, without an executed BAA. Covered entities are prohibited from using public communication technologies, such as FaceBook Live, Twitch, and TikTok. 
  • On March 19th, the Substance Abuse and Mental Health Services Administration (SAMHSA) issued a guidance document on the use and disclosure of Part 2-protected information during medical emergencies. 

In this complimentary webinar, we will review the permitted uses and disclosures of patient information during emergencies under both HIPAA and Part 2 and discuss the most recent updates from OCR and SAMHSA. 

We will also provide responses to health center’s most frequently asked questions and suggest best practices to ensure on-going compliance during this challenging period.    

The On-Demand version of this webinar will be available for viewing within two (2) business days of the live webinar. 

Target Audience

  • HIPAA Privacy and Security Officers
  • Compliance Officers and Risk Managers
  • Medical Leadership and Staff
  • Administrative/Operations Leadership and Staff
  • Substance Use Disorder Services Leadership and Staff

Learning Objectives

After this webinar, you will be better able to:

  • Understand when your health center can use non-public communication technologies (such as FaceTime and Skype) to provide patient care without an executed BAA;
  • Develop staff procedures and patient notices to ensure appropriate use of non-public communication technologies; and
  • Understand how Part 2-protected information may be disclosed during a medical emergency.
Course summary
Available credit: 
  • 1.00 Certificate of Attendance
Course opens: 
Course expires: 
Event starts: 
03/27/2020 - 2:00pm EDT
Event ends: 
03/27/2020 - 3:00pm EDT


A Partner in the firm’s health law practice group, Molly advises health centers on the management of clinical, employment and workforce-related risks, with a particular focus on professional liability, Federal Tort Claims Act, and HIPAA matters. From her experience as both a private attorney and in-house counsel, Molly knows the importance of managing liability and risk issues in mission-driven organizations. [Full Bio]


As Partner and Compliance Counsel with the firm’s health law practice group, Dianne advises health centers on implementing effective compliance programs and on addressing top compliance risk areas. Dianne counsels health centers and other organizations on developing compliance programs that include the OIG’s seven elements, respond to identified compliance risk areas, and reflect the organization’s culture.  Dianne also advises health centers and other organizations on patient privacy and confidentiality, including the HIPAA Privacy Rule and 42 CFR Part 2.  She has experience responding to privacy and security incidents, including determining whether there has been a breach, notifying patients and the government, and creating corrective action plans. [Full Bio]

Certificates of Attendance: We verify attendance upon completion of a webinar (live or recorded version) and will only issue certificates in the name of the account holder enrolled in the course. If you need to document attendance for someone other than the account holder, we provide blank Certificates of Attendance for a supervisor to sign and certify that a different individual viewed the course. 

Group Attendance: Due to the online nature of webinars, we cannot verify participation by more than one person. For groups, we provide an attendance record form and blank Certificates of Attendance to record attendance at a group viewing session and document each individual's participation. We recommend that a supervisor or colleague sign the certificate to certify attendance. 

Read more about maintaining an attendance record in our FAQs.

Available Credit

  • 1.00 Certificate of Attendance
Please login or register to take this course.

This webinar is complimentary: there is no registration fee, but you will need to create an account in our system. To register, click the gray Enroll button above. To register for the full webinar series, click here.


The webinars in this course are only available individually or as an entire webinar series. Registering for this webinar grants you complimentary access to both the live and on-demand versions. You will have access to the recordings for 180 days after the recorded webinar is posted.


The on-demand version of this webinar will be available in your account within two (2) business days of the live session. Once posted to your account, you can view the webinar anytime on-demand during the access period. For additional information on viewing and accessing webinars, view our full terms and conditions here.

Required Hardware/Software

Google Chrome and Mozilla Firefox are the preferred browsers.