Enforcement Discretion Regarding COVID-19 Community-Based Testing Sites (CBTS) During the COVID-19 Nationwide Public Health Emergency, 29637-29638 [2020-09099]
Download as PDF
<![CDATA[
Federal Register / Vol. 85, No. 96 / Monday, May 18, 2020 / Rules and Regulations
Register. This action is not a ‘‘major
rule’’ as defined by 5 U.S.C. 804(2).
This notification is to inform
the public that the Department of Health
and Human Services (HHS) is exercising
List of Subjects in 40 CFR Part 180
its discretion in how it applies the
Environmental protection,
Privacy, Security, and Breach
Administrative practice and procedure,
Notification Rules under the Health
Agricultural commodities, Pesticides
Insurance Portability and
and pests, Reporting and recordkeeping Accountability Act of 1996 (HIPAA). As
requirements.
a matter of enforcement discretion, the
HHS Office for Civil Rights (OCR) will
Dated: April 13, 2020.
not impose penalties for noncompliance
Michael Goodis,
with the regulatory requirements under
Director, Registration Division, Office of
the HIPAA Rules against covered health
Pesticide Programs.
care providers or their business
Therefore, 40 CFR chapter I is
associates in connection with the good
amended as follows:
faith participation in the operation of a
COVID–19 Community-Based Testing
PART 180—[AMENDED]
Site (CBTS) during the COVID–19
nationwide public health emergency.
■ 1. The authority citation for part 180
continues to read as follows:
DATES: The notification of enforcement
discretion was effective on April 9,
Authority: 21 U.S.C. 321(q), 346a and 371.
2020, and had a retroactive effect to
■ 2. Amend § 180.420 by:
March 13, 2020, and will remain in
■ a. Adding alphabetically entries for
‘‘Avocado’’; ‘‘Fruit, stone, group 12–12’’; effect until the Secretary of HHS
declares that the public health
‘‘Pistachio’’; ‘‘Pomegranate’’; and
emergency no longer exists, or upon the
‘‘Tangerine’’ in the table in paragraph
expiration date of the declared public
(a)(2); and
health emergency, including any
■ b. Removing the entries ‘‘Avocado’’;
and ‘‘Fruit, stone, group 12’’ in the table extensions, (as determined by 42 U.S.C.
247d),1 whichever occurs first.
in paragraph (d).
The additions read as follows:
FOR FURTHER INFORMATION CONTACT:
Rachel Seeger at (202) 619–0403 or (800)
§ 180.420 Fluridone; tolerances for
537–7697 (TDD).
residues.
SUPPLEMENTARY INFORMATION: HHS is
(a) * * *
informing the public that it is exercising
(2) * * *
its discretion in how it applies the
Privacy, Security, and Breach
Parts
per
Commodity
Notification Rules under the Health
million
Insurance Portability and
Avocado ................................
0.1 Accountability Act of 1996 (HIPAA) 2
during the nationwide public health
*
*
*
*
*
emergency declared by the Secretary of
Fruit, stone, group 12–12 .....
0.1
HHS.3
*
*
*
Pistachio ...............................
Pomegranate ........................
*
*
*
*
Tangerine ..............................
*
*
*
*
*
SUMMARY:
*
0.1
0.1
*
*
BILLING CODE 6560–50–P
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
jbell on DSKJLSW7X2PROD with RULES
45 CFR Parts 160 and 164
Enforcement Discretion Regarding
COVID–19 Community-Based Testing
Sites (CBTS) During the COVID–19
Nationwide Public Health Emergency
Office of the Secretary, HHS.
Notification of enforcement
discretion.
AGENCY:
ACTION:
16:02 May 15, 2020
The Office for Civil Rights (OCR) at
the U.S. Department of Health and
Human Services (HHS) is responsible
0.1
[FR Doc. 2020–08963 Filed 5–15–20; 8:45 am]
VerDate Sep<11>2014
I. Background
Jkt 250001
1 Public Health Emergency Declaration issued by
HHS Secretary, pursuant to Section 319 of the
Public Health Service Act, on January 31, 2020,
with retroactive effective date of January 27, 2020.
For more information, see https://www.phe.gov/
emergency/news/healthactions/phe/Pages/2019nCoV.aspx.
2 Due to the public health emergency posed by
COVID–19, the HHS Office for Civil Rights (OCR)
is exercising its enforcement discretion under the
conditions outlined herein. We believe that this
guidance is a statement of agency policy not subject
to the notice and comment requirements of the
Administrative Procedure Act (APA). 5 U.S.C.
553(b)(3)(A). OCR additionally finds that, even if
this guidance were subject to the public
participation provisions of the APA, prior notice
and comment for this guidance is impracticable,
and there is good cause to issue this guidance
without prior public comment and without a
delayed effective date. 5 U.S.C. 553(b)(3)(B) & (d)(3).
3 https://www.phe.gov/emergency/news/
healthactions/phe/Pages/2019-nCoV.aspx.
PO 00000
Frm 00045
Fmt 4700
Sfmt 4700
29637
for enforcing certain regulations issued
under the Health Insurance Portability
and Accountability Act of 1996
(HIPAA), and the Health Information
Technology for Economic and Clinical
Health (HITECH) Act, to protect the
privacy and security of protected health
information (PHI), namely the HIPAA
Privacy, Security, and Breach
Notification Rules (HIPAA Rules).
During the COVID–19 national
emergency,4 which also constitutes a
nationwide public health emergency,5
certain covered health care providers,
including some large pharmacy chains,
and their business associates may
choose to participate in the operation of
COVID–19 specimen collection and
testing sites (Community-Based Testing
Sites, or CBTS). For purposes of this
notification, a CBTS includes mobile,
drive-through, or walk-up sites that only
provide COVID–19 specimen collection
or testing services to the public.
OCR will exercise its enforcement
discretion and will not impose penalties
for noncompliance with regulatory
requirements under the HIPAA Rules
against covered health care providers
and their business associates in
connection with the good faith
participation in the operation of a CBTS
during the COVID–19 nationwide public
health emergency as described below.
II. Who/what is covered by this
notification?
This notification applies to all HIPAA
covered health care providers and their
business associates when such entities
are, in good faith, participating in the
operation of a CBTS. The operation of
a CBTS includes all activities that
support the collection of specimens
from individuals for COVID–19 testing.
III. Covered Health Care Providers and
Their Business Associates Should
Implement Reasonable Safeguards
OCR encourages covered health care
providers participating in the good faith
operation of a CBTS to implement
reasonable safeguards to protect the
privacy and security of individuals’ PHI.
Reasonable safeguards include the
following:
• Using and disclosing only the
minimum PHI necessary except when
disclosing PHI for treatment.
4 Presidential Proclamation on Declaring a
National Emergency Concerning the Novel
Coronavirus Disease (COVID–19) Outbreak (Mar 13,
2020), available at https://www.whitehouse.gov/
presidential-actions/proclamation-declaringnational-emergency-concerning-novel-coronavirusdisease-covid-19-outbreak/.
5 Secretary of HHS Alex M. Azar, Determination
that a Public Health Emergency Exists (Jan. 31,
2020), available at https://www.phe.gov/emergency/
news/healthactions/phe/Pages/2019-nCoV.aspx.
E:\FR\FM\18MYR1.SGM
18MYR1
29638
Federal Register / Vol. 85, No. 96 / Monday, May 18, 2020 / Rules and Regulations
jbell on DSKJLSW7X2PROD with RULES
• Setting up canopies or similar
opaque barriers at a CBTS to provide
some privacy to individuals during the
collection of samples.
• Controlling foot and car traffic to
create adequate distancing at the point
of service to minimize the ability of
persons to see or overhear screening
interactions at a CBTS. (A six foot
distance would serve this purpose as
well as supporting recommended social
distancing measures to minimize the
risk of spreading COVID–19.)
• Establishing a ‘‘buffer zone’’ to
prevent members of the media or public
from observing or filming individuals
who approach a CBTS, and posting
signs prohibiting filming.
• Using secure technology at a CBTS
to record and transmit electronic PHI.
• Posting a Notice of Privacy
Practices (NPP), or information about
how to find the NPP online, if
applicable, in a place that is readily
viewable by individuals who approach
a CBTS.
Although covered health care
providers and business associates are
encouraged to implement these
reasonable safeguards at a CBTS, OCR
will not impose penalties for violations
of the HIPAA Privacy, Security, and
Breach Notification Rules that occur in
connection with the good faith
operation of a CBTS.
IV. Who/what is not covered by this
notification?
This notification does not apply to
health plans or health care
clearinghouses when they are
performing health plan and
clearinghouse functions. To the extent
that an entity performs both plan and
provider functions, the Notification
applies to the entity only in its role as
a covered health care provider and only
to the extent that it participates in a
CBTS.
This notification also does not apply
to covered health care providers or their
business associates when such entities
are performing non-CBTS related
activities, including the handling of PHI
outside of the operation of a CBTS.
Potential HIPAA penalties still apply to
all other HIPAA-covered operations of
the covered health care provider or
business associate, unless otherwise
stated by OCR.6
For example:
• A pharmacy that participates in the
operation of a CBTS in the parking lot
of its retail facility could be subject to
6 OCR’s Notifications of Enforcement Discretion
and other materials relating to the COVID–19 public
health emergency are available at https://
www.hhs.gov/hipaa/for-professionals/specialtopics/hipaa-covid19/.
VerDate Sep<11>2014
16:02 May 15, 2020
Jkt 250001
a civil money penalty for HIPAA
violations that occur inside its retail
facility at that location that are
unrelated to the CBTS.
• A covered clinical laboratory that
has workforce members working on site
at a CBTS could be subject to a civil
money penalty for HIPAA violations
that occur at the laboratory itself.
• A covered health care provider that
experiences a breach of PHI in its
existing electronic health record system,
which includes PHI gathered from the
operation of a CBTS, could be subject to
a civil money penalty for violations of
the HIPAA Breach Notification Rule if it
fails to notify all individuals affected by
the breach (including individuals whose
PHI was created or received from the
operation of a CBTS).
V. Collection of Information
Requirements
This notification of enforcement
discretion creates no legal obligations
and no legal rights. Because this
document imposes no information
collection requirements, it need not be
reviewed by the Office of Management
and Budget under the Paperwork
Reduction Act of 1995 (44 U.S.C. 3501
et seq.).
Dated: April 14, 2020.
Roger T. Severino
Director, Office for Civil Rights Department
of Health and Human Services.
[FR Doc. 2020–09099 Filed 5–15–20; 8:45 am]
BILLING CODE 4153–01–P
FEDERAL MARITIME COMMISSION
46 CFR Part 545
[Docket No. 19–05]
RIN 3072–AC76
Interpretive Rule on Demurrage and
Detention Under the Shipping Act
Federal Maritime Commission.
Final rule.
AGENCY:
ACTION:
The Federal Maritime
Commission is clarifying its
interpretation of the Shipping Act
prohibition against failing to establish,
observe, and enforce just and reasonable
regulations and practices relating to or
connected with receiving, handling,
storing, or delivering property with
respect to demurrage and detention.
Specifically, the Commission is
providing guidance as to what it may
consider in assessing whether a
demurrage or detention practice is
unjust or unreasonable.
DATES: This final rule is effective May
18, 2020.
SUMMARY:
PO 00000
Frm 00046
Fmt 4700
Sfmt 4700
FOR FURTHER INFORMATION CONTACT:
Rachel E. Dickon, Secretary; Phone:
(202) 523–5725; Email: secretary@
fmc.gov.
SUPPLEMENTARY INFORMATION:
I. Introduction
On September 17, 2019, the
Commission published proposed
guidance, in the form of an interpretive
rule, about factors it may consider when
assessing the reasonableness of
demurrage and detention practices and
regulations under 46 U.S.C. 41102(c) 1
and 46 CFR 545.4(d).2 The rule followed
years of complaints from U.S. importers,
exporters, transportation intermediaries,
and drayage truckers that ocean carrier
and marine terminal operator demurrage
and detention practices unfairly
penalized shippers, intermediaries, and
truckers for circumstances outside their
control.3 These complaints led the
Commission to open a Fact Finding
Investigation that substantiated many of
these concerns. Based on the
investigation and previous experience
with demurrage and detention issues,
the Commission developed guidance
and sought comment in a Notice of
Proposed Rulemaking (NPRM).4 The
interpretive rule was intended to reflect
three general principles:
1. Importers, exporters, intermediaries, and
truckers should not be penalized by
demurrage and detention practices when
circumstances are such that they cannot
retrieve containers from, or return containers
to, marine terminals because under those
circumstances the charges cannot serve their
incentive function.
2. Importers should be notified when their
cargo is actually available for retrieval.
3. Demurrage and detention policies
should be accessible, clear, and, to the extent
possible, use consistent terminology.5
1 Section 41102(c) represents the recodification of
section 10(d)(1) of the Shipping Act of 1984. Some
authorities cited herein refer to section 41102(c)
while others refer to section 10(d)(1). For ease of
reading, we will generally refer to section 41102(c)
in analyzing these authorities.
2 Notice of Proposed Rulemaking: Interpretive
Rule on Demurrage and Detention Under the
Shipping Act, 84 FR 48850 (Sept. 17, 2019).
3 The term ‘‘ocean carrier’’ in this document
refers to ocean common carriers subject to 46 U.S.C.
41102(c). See 46 U.S.C. 40102(18). Although the
rule focuses on the practices of ocean carriers, i.e.,
vessel-operating common carriers, and marine
terminal operators as defined in the Shipping Act,
section 41102(c) also applies to ocean
transportation intermediaries, and some entities,
specifically, non-vessel operating common carriers,
are both ‘‘common carriers’’ and ‘‘ocean
transportation intermediaries.’’ 46 U.S.C. 40102(17),
(20).
4 84 FR at 48850–56.
5 See 84 FR at 48851–53; Fact Finding
Investigation No. 28 Final Report at 32 ((Dec. 3,
2018) (Final Report), https://www2.fmc.gov/
readingroom/docs/FF%20No.%2028/FF-28_FR.pdf.
E:\FR\FM\18MYR1.SGM
18MYR1
]]>Agencies
[Federal Register Volume 85, Number 96 (Monday, May 18, 2020)]
[Rules and Regulations]
[Pages 29637-29638]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-09099]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
45 CFR Parts 160 and 164
Enforcement Discretion Regarding COVID-19 Community-Based Testing
Sites (CBTS) During the COVID-19 Nationwide Public Health Emergency
AGENCY: Office of the Secretary, HHS.
ACTION: Notification of enforcement discretion.
-----------------------------------------------------------------------
SUMMARY: This notification is to inform the public that the Department
of Health and Human Services (HHS) is exercising its discretion in how
it applies the Privacy, Security, and Breach Notification Rules under
the Health Insurance Portability and Accountability Act of 1996
(HIPAA). As a matter of enforcement discretion, the HHS Office for
Civil Rights (OCR) will not impose penalties for noncompliance with the
regulatory requirements under the HIPAA Rules against covered health
care providers or their business associates in connection with the good
faith participation in the operation of a COVID-19 Community-Based
Testing Site (CBTS) during the COVID-19 nationwide public health
emergency.
DATES: The notification of enforcement discretion was effective on
April 9, 2020, and had a retroactive effect to March 13, 2020, and will
remain in effect until the Secretary of HHS declares that the public
health emergency no longer exists, or upon the expiration date of the
declared public health emergency, including any extensions, (as
determined by 42 U.S.C. 247d),\1\ whichever occurs first.
---------------------------------------------------------------------------
\1\ Public Health Emergency Declaration issued by HHS Secretary,
pursuant to Section 319 of the Public Health Service Act, on January
31, 2020, with retroactive effective date of January 27, 2020. For
more information, see https://www.phe.gov/emergency/news/healthactions/phe/Pages/2019-nCoV.aspx.
FOR FURTHER INFORMATION CONTACT: Rachel Seeger at (202) 619-0403 or
---------------------------------------------------------------------------
(800) 537-7697 (TDD).
SUPPLEMENTARY INFORMATION: HHS is informing the public that it is
exercising its discretion in how it applies the Privacy, Security, and
Breach Notification Rules under the Health Insurance Portability and
Accountability Act of 1996 (HIPAA) \2\ during the nationwide public
health emergency declared by the Secretary of HHS.\3\
---------------------------------------------------------------------------
\2\ Due to the public health emergency posed by COVID-19, the
HHS Office for Civil Rights (OCR) is exercising its enforcement
discretion under the conditions outlined herein. We believe that
this guidance is a statement of agency policy not subject to the
notice and comment requirements of the Administrative Procedure Act
(APA). 5 U.S.C. 553(b)(3)(A). OCR additionally finds that, even if
this guidance were subject to the public participation provisions of
the APA, prior notice and comment for this guidance is
impracticable, and there is good cause to issue this guidance
without prior public comment and without a delayed effective date. 5
U.S.C. 553(b)(3)(B) & (d)(3).
\3\ https://www.phe.gov/emergency/news/healthactions/phe/Pages/2019-nCoV.aspx.
---------------------------------------------------------------------------
I. Background
The Office for Civil Rights (OCR) at the U.S. Department of Health
and Human Services (HHS) is responsible for enforcing certain
regulations issued under the Health Insurance Portability and
Accountability Act of 1996 (HIPAA), and the Health Information
Technology for Economic and Clinical Health (HITECH) Act, to protect
the privacy and security of protected health information (PHI), namely
the HIPAA Privacy, Security, and Breach Notification Rules (HIPAA
Rules).
During the COVID-19 national emergency,\4\ which also constitutes a
nationwide public health emergency,\5\ certain covered health care
providers, including some large pharmacy chains, and their business
associates may choose to participate in the operation of COVID-19
specimen collection and testing sites (Community-Based Testing Sites,
or CBTS). For purposes of this notification, a CBTS includes mobile,
drive-through, or walk-up sites that only provide COVID-19 specimen
collection or testing services to the public.
---------------------------------------------------------------------------
\4\ Presidential Proclamation on Declaring a National Emergency
Concerning the Novel Coronavirus Disease (COVID-19) Outbreak (Mar
13, 2020), available at https://www.whitehouse.gov/presidential-actions/proclamation-declaring-national-emergency-concerning-novel-coronavirus-disease-covid-19-outbreak/.
\5\ Secretary of HHS Alex M. Azar, Determination that a Public
Health Emergency Exists (Jan. 31, 2020), available at https://www.phe.gov/emergency/news/healthactions/phe/Pages/2019-nCoV.aspx.
---------------------------------------------------------------------------
OCR will exercise its enforcement discretion and will not impose
penalties for noncompliance with regulatory requirements under the
HIPAA Rules against covered health care providers and their business
associates in connection with the good faith participation in the
operation of a CBTS during the COVID-19 nationwide public health
emergency as described below.
II. Who/what is covered by this notification?
This notification applies to all HIPAA covered health care
providers and their business associates when such entities are, in good
faith, participating in the operation of a CBTS. The operation of a
CBTS includes all activities that support the collection of specimens
from individuals for COVID-19 testing.
III. Covered Health Care Providers and Their Business Associates Should
Implement Reasonable Safeguards
OCR encourages covered health care providers participating in the
good faith operation of a CBTS to implement reasonable safeguards to
protect the privacy and security of individuals' PHI. Reasonable
safeguards include the following:
Using and disclosing only the minimum PHI necessary except
when disclosing PHI for treatment.
[[Page 29638]]
Setting up canopies or similar opaque barriers at a CBTS
to provide some privacy to individuals during the collection of
samples.
Controlling foot and car traffic to create adequate
distancing at the point of service to minimize the ability of persons
to see or overhear screening interactions at a CBTS. (A six foot
distance would serve this purpose as well as supporting recommended
social distancing measures to minimize the risk of spreading COVID-19.)
Establishing a ``buffer zone'' to prevent members of the
media or public from observing or filming individuals who approach a
CBTS, and posting signs prohibiting filming.
Using secure technology at a CBTS to record and transmit
electronic PHI.
Posting a Notice of Privacy Practices (NPP), or
information about how to find the NPP online, if applicable, in a place
that is readily viewable by individuals who approach a CBTS.
Although covered health care providers and business associates are
encouraged to implement these reasonable safeguards at a CBTS, OCR will
not impose penalties for violations of the HIPAA Privacy, Security, and
Breach Notification Rules that occur in connection with the good faith
operation of a CBTS.
IV. Who/what is not covered by this notification?
This notification does not apply to health plans or health care
clearinghouses when they are performing health plan and clearinghouse
functions. To the extent that an entity performs both plan and provider
functions, the Notification applies to the entity only in its role as a
covered health care provider and only to the extent that it
participates in a CBTS.
This notification also does not apply to covered health care
providers or their business associates when such entities are
performing non-CBTS related activities, including the handling of PHI
outside of the operation of a CBTS. Potential HIPAA penalties still
apply to all other HIPAA-covered operations of the covered health care
provider or business associate, unless otherwise stated by OCR.\6\
---------------------------------------------------------------------------
\6\ OCR's Notifications of Enforcement Discretion and other
materials relating to the COVID-19 public health emergency are
available at https://www.hhs.gov/hipaa/for-professionals/special-topics/hipaa-covid19/.
---------------------------------------------------------------------------
For example:
A pharmacy that participates in the operation of a CBTS in
the parking lot of its retail facility could be subject to a civil
money penalty for HIPAA violations that occur inside its retail
facility at that location that are unrelated to the CBTS.
A covered clinical laboratory that has workforce members
working on site at a CBTS could be subject to a civil money penalty for
HIPAA violations that occur at the laboratory itself.
A covered health care provider that experiences a breach
of PHI in its existing electronic health record system, which includes
PHI gathered from the operation of a CBTS, could be subject to a civil
money penalty for violations of the HIPAA Breach Notification Rule if
it fails to notify all individuals affected by the breach (including
individuals whose PHI was created or received from the operation of a
CBTS).
V. Collection of Information Requirements
This notification of enforcement discretion creates no legal
obligations and no legal rights. Because this document imposes no
information collection requirements, it need not be reviewed by the
Office of Management and Budget under the Paperwork Reduction Act of
1995 (44 U.S.C. 3501 et seq.).
Dated: April 14, 2020.
Roger T. Severino
Director, Office for Civil Rights Department of Health and Human
Services.
[FR Doc. 2020-09099 Filed 5-15-20; 8:45 am]
BILLING CODE 4153-01-P
