Once again we are in the midst of hurricane season. I thought this would be a good time to review a few points about HIPAA and natural disasters – always helpful reminders, since “the big one” could be here soon (earthquake, tornado or hurricane…you just never know).
When hurricane Katrina struck the US, time was of the essence in providing care to those injured. The Department of Health and Human Services issued a bulletin titled Hurricane Katrina Bulletin: HIPAA Privacy and Disclosures in Emergency Situations to succinctly address the issue of patient information while responding to an emergency. It covers treatment, notification, imminent danger and facility directories.
In short, “the HIPAA Privacy Rule allows patient information to be shared to assist in disaster relief efforts, and to assist patients in receiving the care they need.” The Red Cross is also mentioned specifically: “Of course, the HIPAA Privacy Rule does not apply to disclosures if they are not made by entities covered by the Privacy Rule. Thus, for instance, the HIPAA Privacy Rule does not restrict the American Red Cross from sharing patient information.”
For a more in-depth analysis of hurricane Katrina and HIPAA Privacy, you can access the CRS Report for Congress on Hurricane Katrina: HIPAA Privacy and Electronic Health Records of Evacuees.
For hurricane updates from the National Weather Service, click here.