When an emergency situation occurs, like that of the recent Novel Coronavirus (2019-nCoV) outbreak that is said to have originated in mainland China, the healthcare industry is affected worldwide.  From the individual patients all the way up to the largest facilities for patient care, it’s imperative to share knowledge and information, but it MUST be done in accordance with HIPAA rules and regulations.  

The Department of Health and Human Services has issued a reminder to HIPAA covered entities confirming that all rules must continue to apply to administrative, technical and physical safeguards that ensure the integrity, confidentiality, and availability of protected health information (PHI). 

During times of emergency, like when patients have contracted an infectious disease like the Coronavirus, there is a need for that information to be shared with public health authorities and entities to ensure the public’s health and safety.  That PHI allows them to act on the behalf of the greater good, and in such cases, the HIPAA Privacy Rule allows the covered entities to share the information without the individual authorization of the patient. It is this allowance that enables the Centers for Disease Control and Prevention (CDC) and state and other health departments to obtain that important information needed to control the spread of the disease, or in some cases further injury.  This balance ensures that information is appropriately disclosed to protect the nation’s health.  

Additionally, when under the guidance of a public health authority, PHI may be exchanged with foreign government agencies that are working alongside those (local) public health authorities to prevent the further spread of a disease or to lessen the impact on public health.  Verbal permission should always be given by the patient if it can be obtained, and if they are incapacitated, professional judgment can prevail.   

Remember, even though sharing this information is critical, patient data that identifies the individual should never be given to the media or disclosed publicly.  

  • Josh Koons Josh KoonsPublished on February 19th, 2020

Tech insights

Employee Errors

Learn more

Cybersecurity for Lawyers

Learn more

Security Awareness Training For Your Employees

Learn more