In an emergency situation such as a hurricane, a healthcare system may forget to prioritize HIPAA Privacy Rule compliance. In some cases, HHS may decide to issue a HIPAA requirement waiver in an emergency scenario, such as when Hurricane Florence caused massive flooding in the Carolinas. During that storm, healthcare organizations and hospitals were given a HIPAA waiver valid up to 72 hours after the organization implemented its disaster protocol.
However, HIPAA waivers are not always guaranteed. In situations where these waivers are not granted, organizations that are not aware of patient privacy obligations may run into trouble due to non-compliance, including possible penalties. Hence, healthcare organizations should devise a balance between revealing patient information as necessary to respond to an emergency and ensuring patient privacy protection.
Regardless of the waiver, the HIPAA Privacy Rule has existing provisions intended to assist healthcare organizations with the proper steps or protocol that should be taken in an emergency. The provisions include the conditions in which patient information can be disclosed without having a waiver. These conditions include but are not limited to disclosures to prevent an imminent threat to the public at large or an individual.
To read more about the conditions, please visit https://healthitsecurity.com/features/complying-with-the-hipaa-privacy-rule-during-emergency-situations.
This update is by Medical Accounts Systems, a full-service healthcare revenue cycle management company providing a number of services including insurance follow up and managed care disputes, physician reimbursement, extended business office services, and more. For additional information on our services or for any questions you may have on topics such as medical payment systems, please call 877-759-6315.