HIPAA privacy in emergency situations

March 3, 2014

Due to recent events, such as the Ebola outbreak, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), is reminding HIPAA-covered entities and their business associates that protections of the HIPAA Privacy Rule are not “set aside” during an emergency. The bulletin also aims to increase awareness of ways in which patient information may be shared under the HIPAA Privacy Rule.

As stated by the OCR, “The HIPAA Privacy Rule protects the privacy of patients’ health information (protected health information) but is balanced to ensure that appropriate uses and disclosures of the information still may be made when necessary to treat a patient, to protect the nation’s public health, and for other critical purposes.”

Read the full bulletin on HIPAA Privacy in Emergency Situations here.

Other helpful links to resources on this topic:

Charging for copies of medical records: Rules released

The amount you can charge for supplying copies of medical records has changed, as the Office of Civil Right...

No More Articles

Podcast: Tech, Telemedicine, Tomorrow

LISTEN

Return to Hub Home

HIPAA privacy in emergency situations

Previous Article

Other content in this Stream

The OCR has issued a warning about a false postcard notifying recipients of a mandatory HIPAA risk assessment.

The OCR is warning about an increase in malicious behavior by cyber criminals seeking access to protected health information.

Our increased dependency on teleconferencing has created new opportunities and incentives for cyber criminals to hack into video calls.

On-demand webinar discussing: HIPAA and patient privacy; sharing PHI with public health authorities; and preparing for coronavirus in your practice.

Learn about the current cyber security landscape, what your cyber insurance policy should cover, and more.

The hospital received an email invoice from the ED group with instructions to send payment to a new account.

HHS OCR announced it will waive potential HIPAA penalties against health care providers using telehealth services to care for patients during the COVID-19 national emergency.

HIPAA and public health emergencies: updates from the OCR

John Southrey, director of consulting services at TMLT, describes the costs - both direct and indirect - of a cyber data breach.

John Southrey, director of consulting services at TMLT, describes cyber extortion threats, like ransomware, and what to do if you receive this kind of threat.

The actions taken in the hours and days after a cyber breach are critical, especially in protecting evidence. In this webinar, attorney Adrian Senyszyn, discusses the most important steps that covered

Providers can take steps following an attack to help preserve evidence, which may help them meet their burden of proof and conclude that there was a low probability of compromise to ePHI.

Corrective actions taken to enhance privacy and security may introduce usability issues.

Cathy Bryant, manager of product development & consulting services at TMLT, discusses the pros and cons of "BYOD," or "Bring Your Own Device."

What happens when a system failure brings down the EMR?

Includes case studies of actual ransomware attacks on health care organizations.

Improper disposal of electronic devices and media puts the information stored on those devices at risk for a breach. And when devices contain protected health information (PHI), it puts your patient’s

Cathy Bryant, manager of product development & consulting services at TMLT, provides five steps to help health care entities prevent a cyber breach.

These incidents highlight the catastrophic consequences of ransomware attacks.