Related Items

• Marketplace

• Find Policies/Regulation products & services on
  HDM Marketplace

• Articles from this Site

  Senators Seek Study on Best Practices

  HHS Details Regulatory Plans

  Rule Implements Patient Safety Act

  Hospital Boosts Privacy Efforts

  Feds Change Medical Leave Data Rules

• White Papers

  Double Take® In The HIPAA-Regulated Healthcare Industry

  America's Hidden Health Care Crisis

  Ensuring Compliance for Healthcare Organizations

  Real Stories of Real Results from Real Physicians

  RAC Survival - A Spread Sheet Nightmare

• Web Seminars

  Case Study: How to reduce the burden of HIPAA compliance

FREE Health Data Management Site Registration

Sign up today and access the leading source of Health Care I.T. information on the Web. Your FREE site registration entitles you to: Free Health Data Management e-newsletter   Search more than 12,000 articles   Access Web Seminars on a host of I.T. topics   White Papers and Industry Research that provide valuable insights on a variety of technologies and implementation issues   Podcasts, updates on industry events, and much more!

HHS Clarifies HIPAA Emergency Rules

The Office for Civil Rights in the U.S. Department of Health and Human Services has issued a clarification of when certain provisions of the HIPAA Privacy Rule can be suspended during a national or public health emergency. Following is the full text of that report:

Is the HIPAA Privacy Rule suspended during a national or public health emergency? No; however, the Secretary of HHS may waive certain provisions of the Rule under the Project Bioshield Act of 2004 (PL 108-276) and section 1135(b)(7) of the Social Security Act.

If the President declares an emergency or disaster and the Secretary declares a public health emergency, the Secretary may waive sanctions and penalties against a covered hospital that does not comply with certain provisions of the HIPAA Privacy Rule:

* The requirements to obtain a patient’s agreement to speak with family members or friends involved in the patient’s care (45 CFR 164.510(b))
* The requirement to honor a request to opt out of the facility directory (45 CFR 164.510(a))
* The requirement to distribute a notice of privacy practices (45 CFR 164.520)
* The patient’s right to request privacy restrictions (45 CFR 164.522(a))
* The patient’s right to request confidential communications (45 CFR 164.522(b))

If the Secretary issues such a waiver, it only applies:

* In the emergency area and for the emergency period identified in the public health emergency declaration.
* To hospitals that have instituted a disaster protocol. The waiver would apply to all patients at such hospitals.
* For up to 72 hours from the time the hospital implements its disaster protocol.

When the Presidential or Secretarial declaration terminates, a hospital must then comply with all the requirements of the Privacy Rule for any patient still under its care, even if 72 hours has not elapsed since implementation of its disaster protocol.

Regardless of activation of an emergency waiver, the HIPAA Privacy Rule permits disclosures for treatment purposes and certain disclosures to disaster relief organizations. For instance, the Privacy Rule allows covered entities to share patient information with the American Red Cross so it can notify family members of the patient’s location. See 45 CFR 165.510(b)(4).

For more information on sharing information in emergency situations, visit hhs.gov.

Consumer Health Archive
Health Information Exchange Archive
Policies/Regulation Archive
Hospitals Archive
Group Practices Archive
Payers Archive

I.T. Spotlights

• About Us
• Advertising/Media Kit
• Reprints
• Editorial Calendar
• Contact Us
• Customer Service
• Privacy Statement

©2008 HealthDataManagement and SourceMedia, Inc. All rights reserved.
SourceMedia is an Investcorp company.
Use, duplication, or sale of this service, or data contained herein, is strictly prohibited.