hurricane florence Blue

HIPAA During Hurricane Florence

HIPAA is NOT Suspended During Emergencies

Hospitals and Public Health agencies roll into action during disasters. Working with FEMA, other public agencies and the private sector, all collaborate to protect the health and safety of individuals who face risks and injury. Time is short and personnel may be overworked. And while HIPAA remains in place the Department of Health and Human Services (HHS) recognizes that certain provisions should be waived to help hospitals care for patients and connect patients with their families.

Although HIPAA is not suspended when a public health emergency is declared, several provisions of the Privacy Rule are waived or suspended for a limited time, for hospitals. Otherwise HIPAA remains in effect, and once the time period has ended, the suspended provisions are back in effect. The suspension rules are simple.

Disaster Bulletin from HHS

Quoting from this week’s disaster bulletin from the HHS:

The Secretary of HHS has declared a public health emergency in North Carolina, South Carolina, and Virginia following the President’s declaration that a disaster exists in the area as a result of Hurricane Florence. Under these circumstances, the Secretary has exercised the authority to waive sanctions and penalties against a covered hospital that does not comply with the following provisions of the HIPAA Privacy Rule:

• the requirements to obtain a patient’s agreement to speak with family members or friends involved in the patient’s care. See 45 CFR 164.510(b).

• the requirement to honor a request to opt out of the facility directory. See 45 CFR 164.510(a).

• the requirement to distribute a notice of privacy practices. See 45 CFR 164.520.

• the patient’s right to request privacy restrictions. See 45 CFR 164.522(a).

• the patient’s right to request confidential communications. See 45 CFR 164.522(b).

When the Secretary issues such a waiver, it only applies:

(1) in the emergency area and for the emergency period identified in the public health emergency declaration;

(2) to hospitals that have instituted a disaster protocol; and

(3) for up to 72 hours from the time the hospital implements its disaster protocol.

 When the Presidential or Secretarial declaration terminates, a hospital must then comply with all the requirements of the Privacy Rule for any patient still under its care, even if 72 hours has not elapsed since implementation of its disaster protocol.

 The entire Bulletin is here.

The HIPAA E-Tool® Guidance

The Risk Analysis – Risk Management module of The HIPAA E-Tool® provides everything needed to document a Risk Management Plan with step by step guidance on how to get it done. A disaster protocol is one element of such a Plan, and the first requirement for hospitals to take advantage of the Privacy Rule waivers during a disaster. A HIPAA Compliance program is not complete without policies for all of the HIPAA Rules, workforce training, and an annual Risk Analysis – all at your fingertips in The HIPAA E-Tool®.

The HIPAA E-Tool® makes compliance fast and easy. Get your free HIPAA Quick Start Kit, complete with a webcam privacy guard, HIPAA Hot Zone labels and a HIPAA checklist delivered directly to your office.

Share This Post

Share on facebook
Share on twitter
Share on linkedin

Maggie Hales

Maggie Hales is a lawyer specializing in health information privacy and security. As CEO of ET&C Group LLC she advises health care providers and business associates in 36 states, Canada, Egypt, India and the EU, using The HIPAA E-Tool® to deliver up to date policies, forms and training on everything related to HIPAA compliance.

Copyright © 2020 ET&C Group LLC.

The HIPAA E-Tool® and Protecting Patient Privacy is Our Job®
are registered trademarks of ET&C Group LLC

3534 Washington Avenue, Saint Louis, MO 63103
Terms of Service | Privacy Policy

Powered by JEMSU

You may have questions about COVID-19 and HIPAA. We have answers. 

We are open and answering questions about all the new modifications and waivers, coming from HHS, OCR, CMS, and the new CARES act.

If you need help with HIPAA during the COVID-19 pandemic, fill in the form, and we’ll get back to you.

Free hipaa kit!

hipaa compliance Quick start kit
Delivered free