Burr & Forman

01.5.2015   |   Articles / Publications

Birmingham Medical News : HIPAA Privacy During Emergency Situations

A patient arrives at your facility with Ebola-like symptoms. After taking the necessary precautions, you run the requisite tests, conduct a patient interview, and determine that in fact the patient has contracted the Ebola virus. You also learn that the symptoms have been present for a couple of days, but like many people, the patient delayed seeking treatment until the symptoms got worse. After questioning the patient, you discover that since returning from West Africa one week earlier, the patient has returned to work, visited with family, attended church, and been shopping at the local mall, all while exhibiting symptoms. Thus, hundreds of people living in the community have potentially been exposed. What do you do? What information can you release to the public? Do you need the patient’s consent to warn the public about the potential exposure?

The U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”), the entity responsible for overseeing compliance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), recently issued guidance on how to address HIPAA privacy in emergency situations, such as the one described above. Importantly, while there are a number of ways in which protected health information can be shared in an emergency situation, you should keep in mind that the protections of HIPAA are not set aside during an emergency. Thus, while it is important to alert the public to the potential exposure, it must be done in a manner that is compliant with HIPAA. HIPAA, however, does provide several mechanisms through which information may be released:

To download the full article, please click here.

Related Attorneys