Physician Practice

Q&A: Protecting privacy during a public health emergency or natural disaster

Physician Practice Insider, August 25, 2015

Q: In the event of a natural disaster or public health emergency, do organizations still need to comply with the HIPAA Privacy Rule and release of information requirements? If the rule is waived during such instances, which provisions do we need to follow and which should be overlooked in the interest of public health?

A: Nearly every statute relating to patient privacy has an exception for a true emergency situation where taking care of the patient must prevail over any privacy concerns. Disasters and public health emergencies are not always true emergencies for each individual patient, and HIPAA should not be suspended just because it is expedient to do so.

HHS provides some guidance about what to do if there is a declared emergency (including what enforcement waivers may be temporarily granted). However, the bottom line is to do your best to protect patient privacy and the security of information even as you are dealing with the emergency.

HHS published an interesting memo to address this subject when Hurricane Katrina struck.

Note that nothing in HIPAA precludes sharing information to provide treatment for the patient or notifications of next of kin, etc.

This question was answered by Chris Simons, director of health information and privacy officer at Cheshire Medical Center/Dartmouth-Hitchcock in Keene, New Hampshire. This question originally appeared in the September issue of Medical Records Briefing.

Most Popular