In the aftermath of the California wildfires, the Department of Health and Human Services (HHS) has waived sanctions and penalties against covered entities that fail to comply with provisions of the HIPAA Privacy Rule.
The waiver is similar to HHS’ response to Hurricanes Harvey and Irma, which we discussed in a previous blog post. This waiver only applies (1) in the emergency area and for the emergency period identified in the public health emergency declaration, (2) to hospitals that have instituted a disaster protocol, and (3) for up to 72 hours from the time the hospital implements its disaster protocol.
HHS has waived sanctions and penalties for the following provisions of the HIPAA Privacy Rule:
- Requirements to obtain a patient’s consent to speak with family, friends or any other individual identified by the patient and involved in the patient’s care. 45 C.F.R. §164.510(b).
- Requirement to honor a request to opt out of the facility directory. 45 C.F.R. §164.510(a)(2).
- Requirement to distribute a notice of privacy practices. 45 C.F.R. §164.520(a)(1).
- Patient’s right to request privacy restrictions. 45 C.F.R. §164.522(a)(1).
- Patient’s right to request confidential communications. 45 C.F.R. §164.522(b).
When either HHS’s or President Trump’s declaration terminates, a hospital must resume compliance with the requirements of the Privacy Rule for any patient still under its care, even if 72 hours have not elapsed since the implementation of its disaster protocol.
Even without a waiver, the HIPAA Privacy Rule allows patient information to be shared for various reasons, including those outlined in our recent blog post regarding disclosures to family, friends, and others involved in a patient’s care and for notification purposes.
If you have any questions about these uses and disclosures or HIPAA compliance more generally, please feel free to contact any member of Drinker Biddle’s Health Care Team or Information, Privacy, Security and Governance Team.
The material contained in this communication is informational, general in nature and does not constitute legal advice. The material contained in this communication should not be relied upon or used without consulting a lawyer to consider your specific circumstances. This communication was published on the date specified and may not include any changes in the topics, laws, rules or regulations covered. Receipt of this communication does not establish an attorney-client relationship. In some jurisdictions, this communication may be considered attorney advertising.