Feb 23, 2021 12:37pm Providers won't be penalized for potential HIPAA violations related to good faith use of web-based tools to schedule COVID-19 vaccine appointments. (Getty/andrei_r) Healthcare organizations won't be penalized for potential Health Insurance Portability and Accountability Act (HIPAA) violations related to the good faith use of online or web-based scheduling applications for COVID-19 vaccine appointments. The Office for Civil Rights (OCR) at the U.S Department of Health and Human Services announced (PDF) this week that it won't enforce fines against providers when using apps and other digital tools that don't fully comply with HIPAA. The enforcement discretion applies to covered healthcare providers and their business associates, including online or web-based scheduling applications vendors (WBSAs), when the vendors are used in good faith and only for the limited purpose of scheduling individual appointments for COVID-19 vaccinations during the nationwide public health emergency.