The HIPAA Guide - Celebrating Over 15 Years Online

COVID-19 and HIPAA Guidance on Disclosures of PHI to First Responders

March 27, 2020HIPAA Regulatory Updates0

Who Does HIPAA Apply To

The HHS’ Office for Civil Rights has issued guidance on COVID-19 and HIPAA about the permitted disclosures of PHI to first responders, law enforcement, and public health authorities that do not require a HIPAA authorization. The guidance clears up confusion about disclosures of PHI to entities that may not be covered by HIPAA, such as law enforcement officers.

In public health emergencies such as the 2019 Novel Coronavirus pandemic, the HIPAA Privacy Rules permits covered entities and business associates of covered entities to disclose PHI for treatment, payment, and healthcare operations, as is the case at any time.

OCR has confirmed that PHI may be disclosed for treatment purposes to emergency medical transport personnel who will provide treatment to individuals while transporting patients to the emergency department.

Disclosures are permitted when required by law, such as advising public health officials about an individual who has been diagnosed with COVID-19. Disclosures can also be made to public health authorities that are tracking the disease, such as the Centers for Disease Control and Prevention (CDC) and for public health investigations and public health interventions.

Disclosures of PHI are also permitted to prevent or lessen a serious and imminent threat. For example, a HIPAA covered entity would be permitted to make a good faith disclosure of PHI to fire department personnel or mental health crisis workers about a person who had tested positive for COVID-19 in order to reduce the threat to those individuals while conducting their work duties.

There will be cases when requests for PHI are received from law enforcement officials or staff in a correctional facility that have lawful custody of an inmate or other individual. A disclosure of PHI is permitted if the PHI is needed to provide healthcare to an individual, to ensure the health and safety of other inmates or employees in the facility, or to staff transporting a prisoner to allow them to take extra precautions. PHI may be disclosed to law enforcement on the premises, or for the administration and maintenance of the safety, security, and good order of the correctional institution.

HIPAA
Compliance
Checklist

Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

Hospitals may disclose a list of patient names and addresses of all individuals who have tested positive for COVID-19 to an EMS dispatch to allow the EMS dispatch to advise first responders about confirmed COVID-19 cases at locations they are sent to. It is also permitted for a 911 call center to disclose information gathered from COVID-19 screening questions to individuals responding to an incident to allow the responders to take appropriate precautions.

In all cases, the minimum necessary standard applies. Any PHI disclosed should be limited to the minimum amount necessary to achieve the purpose for which the information is being disclosed.

A PDF version of the guidance document can be downloaded from the HHS website on this link.

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/

Copyright © 2007-2024 The HIPAA Guide       Site Map      Privacy Policy       About The HIPAA Guide       Terms and Conditions       Accessibility Statement