How the Pandemic is Taking HIPAA to Task

Needless to say, there is a lot that has changed since the outbreak of COVID - 19. There are plenty of changes that are being implemented in every organisation and that does take a toll on multiple functions including the legal framework. Now, as the effect of the virus is setting in, we see many active cases around the world cropping up. It is extremely important that HIPAA covered entities and their business partners are aware of their security as well as privacy responsibilities and adherence. A gap in such measures can bring about significant downfalls during a public health emergency like this one. We need to understand the steps that have to be taken and the guidance that is required. There is a need to understand how we have to effectively respond to the public health crisis while also keeping a robust solution to patient privacy issues.

In fact, not too long ago, the US department of health and human services had sent out a circular to support departments in understanding the different ways the information that is recorded of our patients can be shared while being in compliance with HIPAA in the event of such a public health emergency. The bulletin goes on to suggest the different methods that have to adapt to so that the data we have is protected in every possible manner. The regulators agree 100% with the dissemination of protected health information so as to protect public health. The office of Civil rights too have written down several ways in which the HIPAA privacy rule allows several entities to disclose PHI without even the authorization of the patient. But what are these several methods?

1. The covered entities can disclose PHI about the patient if it is necessary to treat the patient or treat a different patient. This means that they do have the right to disclose the information about a patient as long as it is to protect the patient or to protect someone else. It is by far one of the most important steps that have to be taken in such a scenario. Not only will this go a long way in protecting the spread of the disease but also save the lives of those infected. That’s a big step towards dealing with such a pandemic.  

2. All the entities that are mentioned may disclose patient health information to a public health authority or a foreign government agency that is working with or assisting a public health authority. This would be to reduce the risk of people contracting the virus or spreading the virus. This would be applicable if it is directed by law of course. Needless to say, necessary documentation would have to be done before declaring any of this information. 

3. Any of the entities have the right to share the patient health information to a patient’s family, friends, relatives or any other person that is identified or involved in the patient’s care. So, when the patient is undergoing treatment for the virus, it is allowed to share information about the patient’s condition to his caretakers. This is only fair considering the fact that the patient’s loved ones’ need to know about his condition and further steps to be taken. 

4. Rightly so, health care providers are allowed to share the patient health information to anyone to reduce or prevent threat to the public health. For example, if the patient has been confirmed to have contracted the virus and there is a check on the prior places the patient had visited or traveled - it is only right that the health care provider discloses this information in the interest of public health and safety.

Quite obviously, health care providers have the basic requirement and duty to comply with the minimum standard when it comes to revealing patient health information with effect of the corona virus. So, if you have an HIPAA certification, you have to take the reasonable efforts to disclose patient health information only if it is deemed necessary to achieve the purpose of the disclosure. If that is not the case, it is strictly prohibited. Apart from this, it is also extremely important that information is shared only for the betterment of public health and security. Also, during emergencies, all the entities must implement reasonable procedures to safeguard and protect the information of their patients against any intentional or unintentional uses or disclosures that maybe a violation of HIPAA. It is their duty to protect the information that is provided to them or that is received by them. 

It is also of utmost importance to know that all the health agencies and the supporting entities are working together to control and maintain the spread of the virus and improve the condition of the infected individuals across the country. Even while this is the case, it is important that you look at the HIPAA guidance to effectively share the information of your patients while you are still protecting privacy. The response that we put together in such a crisis is one of the most important steps towards a safer situation right now. We have to come together at such a time and understand the roles and responsibilities we have towards a safer planet. Unless we take a stand right to protect each other, it is a definite risk on the long run. Protecting the general public with the release of critical information under the right circumstances goes a long way in ensuring a better tomorrow.