Feds clarify Patient Communications During Pandemic

Compliance Toolkit for COVID-19

Permissible Disclosures during Crisis – From the Office for Civil Rights:

A new memo from the U.S. Office for Civil Rights (OCR) clarifies permissible disclosures of private health information during this time of nationwide emergency over the novel coronavirus. The memo further announces that for 72-hour-periods of time, some requirements relating to patient communications will be eased for hospitals as they put disaster plans in place.

The important context is this:

Under the Health Insurance Portability and Accountability Act (HIPAA), providers have latitude in releasing information to protect the public health.

However, HIPAA security protections remain critical, and access to databases should be tightly controlled. The last thing any provider needs is an IT intrusion to add to the chaos.

Much of the OCR memo reiterates permissible disclosures that are nothing new to HIPAA. These are common-sense provisions that say yes, you can release information as needed, and without prior patient authorization, to:

• Public health authorities or others responsible for public safety;
• Family and friends involved in a patient’s care;
• Those who might face serious harm or be at risk of contracting or spreading a disease.

The following excerpt summarizes the leverage accorded to health professionals:

“Providers may disclose a patient’s health information to anyone who is in a position to prevent or lessen serious and imminent threat, including family, friends, caregivers, and law enforcement without a patient’s permission. HIPAA expressly defers to the professional judgment of health professionals in making determinations about the nature and severity of the threat to health and safety.”

In sum:  Use professional judgment. Act in good faith. Disclose the minimum necessary.   Meanwhile, beef up IT security to mitigate the risk of another kind of virus at the worst possible time.

Diane Evans is Publisher for MyHIPAA Guide, a HIPAA consultancy and subscription service. She can be reached at [email protected].

Upcoming Webinars

[add_eventon_list hide_month_headers="no" hide_empty_months="yes" event_order="ASC" number_of_months="3" ]

New Social Media Course

November 10, 2023 No Comments

MyHIPAA Guide is offering a new social media course that will help you protect your organization from potential privacy violations that result from social media

Read More »

Upcoming Events

10 Steps to Compliance

MyHIPAA Guide helps HIPAA-covered organizations understand what they need to do on a daily basis. Subscribers gain access to a comprehensive, human-centered HIPAA program.

CALL US TODAY:  (234) 281-4310

MyHIPAA Guide

Product

Discover

DISCLAIMER: MyHIPAA Guide content, including newsletters, is for informational purposes only. MyHIPAA Guide is not intended as legal advice or as a recommendation for a provider’s specific circumstances, and it is not intended as an exhaustive or definitive source on protecting health information from privacy and security risks. Providers and professionals seeking expert advice should consult an attorney and/or a risk assessment professional.

NOTICE TO READERS: We will do our best to report updates on HIPAA rules as quickly as possible following public notifications. In submitting questions or comments to MyHIPAAGuide.com, NEVER SEND THE PROTECTED HEALTH INFORMATION OF A PATIENT.

Copyright © by M.E.D. Media Mart LLC - Published by M.E.D. Media Mart LLC.