Sharing Safely During an Emergency

By Art Gross, President and CEO, HIPAA Secure Now!
Twitter: @HIPAASecureNow
Read other articles by this author

When an emergency situation occurs, like that of the recent Novel Coronavirus (2019-nCoV) outbreak that is said to have originated in mainland China, the healthcare industry is affected worldwide. From the individual patients all the way up to the largest facilities for patient care, it’s imperative to share knowledge and information, but it MUST be done in accordance with HIPAA rules and regulations.

The Department of Health and Human Services has issued a reminder to HIPAA covered entities confirming that all rules must continue to apply to administrative, technical and physical safeguards that ensure the integrity, confidentiality, and availability of protected health information (PHI).

During times of emergency, like when patients have contracted an infectious disease like the Coronavirus, there is a need for that information to be shared with public health authorities and entities to ensure the public’s health and safety. That PHI allows them to act on the behalf of the greater good, and in such cases, the HIPAA Privacy Rule allows the covered entities to share the information without the individual authorization of the patient. It is this allowance that enables the Centers for Disease Control and Prevention (CDC) and state and other health departments to obtain that important information needed to control the spread of the disease, or in some cases further injury. This balance ensures that information is appropriately disclosed to protect the nation’s health.

Additionally, when under the guidance of a public health authority, PHI may be exchanged with foreign government agencies that are working alongside those (local) public health authorities to prevent the further spread of a disease or to lessen the impact on public health. Verbal permission should always be given by the patient if it can be obtained, and if they are incapacitated, professional judgment can prevail.

Remember, even though sharing this information is critical, patient data that identifies the individual should never be given to the media or disclosed publicly.

This article was originally published on HIPAA Secure Now! and is republished here with permission. HIPAA Secure Now offers annual online subscriptions to help covered entities and business associates keep up with compliance. Learn more here.

HIPAA Secure Now! now offers PHIshMD training for CEs and BAs to help protect your organization from security threats.

Technology safeguards put a virtual wall around your network, but what happens when the bad actors climb over that wall? It’s up to your employees. Over 90% of breaches get caused by human error according to Kaspersky Lab, and if you’re not educating users HOW to protect your organization in this ever-changing threat landscape, your organization could be next. LEARN MORE