Key Facts About HIPAA Compliance – What You Need to Know – Part 5

Key Facts About HIPAA Compliance – What You Need to Know – Part 5

by ih-coc admin

Our series is designed to explain best practices about HIPAA compliance, HIPAA settlements, and the various requirements an organization must have in place under the HIPAA Security & Privacy Rules. 

Responding to Emergency Situations

Whether it is a man-made or natural disaster emergency, there will be occasions when organizations will need to provide services and support during these situations.

The HIPAA Privacy Rule already allows for certain permitted disclosures of protected health information (PHI) without patient authorized.  These permitted disclosures will still apply in emergency situations. 

Should the President declare an emergency or disaster and the Secretary of HHS declares a public health emergency, the Secretary may waive sanctions and penalties against a covered hospital that does not comply with certain provisions of the Privacy Rule.  These waivers are limited in scope, situationally applied, in place only for limited periods of time, and the Privacy Rule still remains in effect.

What Type of PHI can be Disclosure?

An organization is permitted, but not required, to use and disclose PHI, without an individual’s authorization, for the following purposes or situations:

  1.      To the Individual (unless required for access or accounting of disclosures);
  2.      Treatment, Payment, and Health Care Operations;
  3.      Opportunity to Agree or Object;
  4.      Incident to an otherwise permitted use and disclosure;
  5.      Public Interest and Benefit Activities; and
  6.      Limited Data Set for the purposes of research, public health or health care operations. 

What is important to know, is healthcare practitioners may rely on professional ethics and the best interest of the patient in deciding which of these permissive uses and disclosures to make.

Help with HIPAA Compliance

Our goal at Colington is to help keep your organization one step ahead in making sure those tasked with implementing a Contingency Plan understands the requirements.  

Have a question about HIPAA compliance? Let us know and we would be pleased to discuss it with you and perhaps also address it in this series.