HHS: No Exceptions to HIPAA Obligations for Coronavirus Info

February 14, 2020 | Eric D. Fader | COVID-19 | Electronic Health Records | HIPAA | Hospitals | Legislation and Public Policy

The U.S. Department of Health and Human Services (HHS) recently issued a Bulletin confirming that healthcare entities’ HIPAA obligations continue to apply even in public health emergencies. The February 2020 “HIPAA Privacy and Novel Coronavirus” Bulletin reminds HIPAA covered entities and their business associates that HIPAA Privacy Rule and Security Rule requirements remain in place and apply to sharing of protected health information (PHI) during the current coronavirus outbreak.

The HIPAA Privacy Rule permits covered entities to share PHI with other healthcare providers for treatment and care coordination, among other purposes. Public health emergencies may also require that information be shared with public health authorities, such as the U.S. Centers for Disease Control and Prevention (CDC) and state health departments, and the Privacy Rule already contemplates and authorizes this type of communication.

The Bulletin discusses a number of Privacy Rule provisions and may be a useful refresher even for providers that are not dealing with coronavirus-related PHI disclosure issues.

Share this article:
show more

Get legal updates and news delivered to your inbox