Attention Psychiatrists in All States

On September 30, 2021, the U.S. Department of Health & Human Services (HHS) clarified any misconceptions about the applicability of HIPAA to COVID-19 vaccination information. HHS announced that the HIPAA Privacy Rule does not prohibit any person, individual or entity, including HIPAA covered entities and business associates, from asking whether an individual has received a particular vaccine, including COVID-19 vaccines.

HHS states that the HIPAA Privacy Rule does not apply when an individual:

  • Is asked about his/her vaccination status by a school, employer, store, restaurant, entertainment venue, or another individual
  • Asks another individual, his/her doctor, or a service provider whether he/she is vaccinated
  • Asks a company, such as a home health agency, whether its workforce members are vaccinated

In short, the HIPAA Privacy Rule prohibits unauthorized disclosure of personal health information (PHI), but it does not prohibit asking about PHI.


Attention California Psychiatrists

On July 26, 2021, the Governor of California and the California Department of Public Health (CDPH) announced that certain individuals, including health care workers, are required to (1) submit to COVID-19 testing at least once per week and wear Personal Protective Equipment (PPE) or (2) provide evidence of full vaccination. On August 5, 2021, the CDPH ordered health care workers to be COVID-vaccinated by September 30, 2021. The term health care worker includes paid and unpaid individuals who work in an indoor setting where care is provided to patients or patients have access for any purpose. The order applies to workers including but not limited to:

  • Acute Care Hospitals
  • Skilled Nursing Facilities (including Subacute Facilities)
  • Intermediate Care Facilities
  • Acute Psychiatric Hospitals
  • Adult Day Health Care Centers
  • Chemical Dependency Recovery Hospitals, Clinics and Doctor Offices (including behavioral health)
  • Hospice Facilities
  • Residential Substance Use Treatment and Mental Health Treatment Facilities

Attention Connecticut Psychiatrists

P.A. 21-119 (H.B. 6607)

On July 6, 2021, Connecticut enacted a bill that provides that if a covered entity maintains and complies with a written cybersecurity program that conforms with an “industry standard” framework (which are listed in the law), in the event a covered entity is sued under Connecticut law for a data breach, that entity is not be liable for punitive damages for an alleged failure to implement reasonable cybersecurity controls. Covered entities can also receive safe harbor protection if they are subject to and in compliance with the cybersecurity program requirements of HIPAA, Gramm-Leach-Bliley, the Federal Information Security Modernization Act (FISMA) or HITECH. Covered entities may also comply with the Payment Card Industry Data Security Standard (PCI DSS) and one of the industry recognized frameworks outlined in the law.

P.A. 21-59 (H.B. 5310)

On June 16, 2021, Connecticut enacted a bill that expands the state data breach law’s definition of “personal data” and shortens the breach notification deadline to notify the Connecticut Attorney General’s Office (CAG), the affected party and the CT Department of Health and Human Services (CT DHHS) of the data breach from no later than 90 days to no later than 60 days. Reporting to the CAG is a new additional requirement.

Attention Mississippi Psychiatrists

H.B. 277

In March 2021, Mississippi included tribal identification card numbers in its definition of “personal information.” As a result, personal information includes an individual’s first name or first initial and last name in combination with the individual’s tribal identification card number.

Attention New Jersey Psychiatrists

Governor Murphy issued Executive Order 252, effective September 7, 2021, requiring employers in covered healthcare and other high risk congregate settings, including hospitals, correctional facilities and certain long-term care facilities, to establish a policy that, among other things, mandates proof of full vaccination or weekly testing for “covered workers (inclusive of full and part-time employees and contractors), a minimum of one to two times per week until the individual is fully vaccinated.”

“Covered” healthcare settings include, but are not limited to:

  • Acute, pediatric, inpatient rehabilitation, and psychiatric hospitals (including specialty hospitals, and ambulatory surgical centers)
  • Long-term care facilities
  • Intermediate care facilities
  • Residential detox, short-term, and long-term residential substance abuse disorder treatment facilities
  • Clinic-based settings (e.g., ambulatory care, urgent care clinics, dialysis centers, Federally Qualified Health Centers, family planning sites, and opioid treatment programs)
  • Community-based healthcare settings (e.g., Program of All-Inclusive Care for the Elderly, pediatric and adult medical daycare programs, high risk congregate settings and licensed home health agencies and registered healthcare service firms).

Attention New York Psychiatrists

On August 16, 2021, New York Governor Andrew Cuomo announced that all healthcare workers in New York State, including staff at hospitals and long-term care facilities such as nursing homes, adult care facilities and other congregate care settings, are required to be vaccinated against COVID-19. Healthcare workers must receive their first dose of the vaccination by September 27, 2021. This mandate is not only limited to public employees, but also extends to privately employed healthcare workers.

Attention Oregon Psychiatrists

Effective September 30, 2021, the Oregon Health Authority (OHA) will require either (1) proof of vaccination or (2) weekly COVID-19 testing for all “Healthcare Providers” and “Healthcare Staff” working in any “Healthcare Setting.” Employers, Healthcare Providers, and even Healthcare Staff themselves who violate the rule are subject to a fine of $500 per day, per violation – the maximum penalty OHA is authorized to impose. It includes any person – paid or unpaid – who is working, learning, studying, assisting, observing, or volunteering in a Healthcare Setting that provides direct patient or residential care. The OHA specifically includes:

  • Hospitals, ambulatory surgical centers, birthing centers, special inpatient care facilities, and pharmacies
  • Long-term acute care facilities, inpatient rehabilitation facilities, inpatient hospice facilities, nursing facilities, assisted living facilities, adult foster homes, residential facilities, residential behavioral health facilities, and hospices
  • Vehicles or temporary sites where healthcare is delivered (for example, mobile clinics, ambulances)
  • Outpatient facilities, such as dialysis centers, healthcare provider offices, behavioral healthcare offices, urgent care centers, counseling offices, offices that provide complementary and alternative medicine such as acupuncture, homeopathy, naturopathy, chiropractic and osteopathic medicine, and other specialty centers