Information sharing between healthcare professionals is vital and during a pandemic like the one we are experiencing with COVID-19, sharing data is paramount. Information regarding the efficacy of certain treatment plans or the infection and hospitalization rate of the virus can be vital for saving lives.
However, even in these difficult times, the patient healthcare data privacy protections outlined under the Health Information Privacy and Accountability Act (HIPAA) are still in effect. Healthcare providers and business associates are expected to continue to follow the requirements of the Privacy Rule to maintain HIPAA compliance during the COVID-19 outbreak.
Related Reading: 3 Things for HIPAA Compliance When Returning to Normal Operations
HIPAA’s Privacy Rule does include special provisions for information sharing during an outbreak of an infectious disease or another disaster scenario. We've outlined below the various scenarios in which the sharing of patient data without authorization is permissible.
The broadest category for the release of patient data is to enable the treatment of the patient or other patients. Healthcare providers can share patients’ medical records with other healthcare providers without patient consent in order to improve their ability to provide treatment.
Healthcare providers are also authorized to release patients’ personal health data without authorization in order to protect public health and safety. The HIPAA Privacy Rule allows the release of patient records without consent to:
The HIPAA Privacy Rule acknowledges the need to share patients’ care information with friends, family, and other caregivers. However, the intent is also to preserve the privacy of the patient. Sharing patient records with these parties is allowed in the following circumstances:
Beyond providing treatment and sharing information with friends and family, the release of patient records or other healthcare data more widely is permitted in certain circumstances, such as:
HIPAA applies to healthcare providers and business associates and other organizations are not required to follow these rules but may, optionally, do so.
During the COVID-19 outbreak, the requirements of the HIPAA Privacy Rule are still in place. However, the U.S. Department of Health and Human Services (HHS) acknowledges the importance of information sharing during a pandemic and has included explicit exceptions in the regulation.
Healthcare providers and business associates should do their utmost to protect patient data during this crisis, and, even when authorized, should share the minimum possible amount of data required for a purpose (with the exception of treatment). For specifics on what constitutes the minimum possible amount of information in a given situation, the Department of Health and Human Services points those covered by HIPAA to the CDC.
Understanding HIPAA compliance during the Covid-19 outbreak can be difficult. We can help. Our team of HIPAA compliance experts stands ready to answer your questions.
For COVID-19 related security and compliance updates as well as general security updates, subscribe to this blog.
With Avertium, you get more rigor, more relevance, and more responsiveness. Don’t just comply, download our guide to HIPAA compliance today. Show no weakness.