The recent events surrounding the arrival of Ebola inside the United States has prompted the Office of Civil Rights (OCR) at the department of Health and Human Services (HHS) to create a new document about HIPAA Privacy in Emergency Situations.
In light of the Ebola outbreak and other events, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), is providing this bulletin to ensure that HIPAA covered entities and their business associates are aware of the ways in which patient information may be shared under the HIPAA Privacy Rule in an emergency situation, and to serve as a reminder that the protections of the Privacy Rule are not set aside during an emergency.
The HIPAA Privacy Rule protects the privacy of patients’ health information (protected health information) but is balanced to ensure that appropriate uses and disclosures of the information still may be made when necessary to treat a patient, to protect the nation’s public health, and for other critical purposes.
In the months following Hurricane Katrina, HHS developed clear procedures and a decision tool for use in emergency situations. Having a clear plan of action in emergencies is part of the requirement placed upon Covered Entities and their Business Associates who are in possession of protected health information.
Behavioral Health providers are affected by hurricanes, snowstorms, floods and tornadoes, just like the rest of the residents and businesses in their communities; but as healthcare providers, we have additional concerns. Protecting our employees and our offices are only part of the picture. Protecting the privacy of our patients and the security of their records is another facet that must be considered.
Take a look at these new and revised documents when you get a chance . . . and let’s hope that we are not confronted with public health or environmental emergencies in the near future!