Privacy Rules Eased for Hospitals During Coronavirus Emergency

Hospitals have some leeway to disclose patient information under the federal health privacy rules now that coronavirus is a national emergency.

The Department of Health and Human Services issued a bundle of waivers following President Donald Trump’s emergency declaration March 13 allowing entities covered by the Health Insurance Portability and Accountability Act privacy rule to bypass provisions they typically must abide by.

Trump Tuesday also said Medicare programs will expand the use of remote consultations through telehealth, and the government won’t enforce HIPAA privacy policies to speed up appointments.

The HHs waivers are aimed at easing the sharing of patient information so health care can be more readily provided during the spread of Covid-19, as the disease caused by the latest coronavirus. The waivers took effect Sunday.

The waivers only allow certain privacy provisions to be lifted for 72 hours from the time a HIPAA-covered entity institutes a disaster protocol.

Under the waivers, hospitals, for instance, are exempt from releasing their privacy practices or acknowledging patients’ rights to request confidential communications or privacy restrictions. Hospitals already can share patient information with family and friends involved with the patient’s care without patient permission.

Once the emergency declaration ends, HIPAA-covered entities will have to once again comply with all applicable privacy rules, even if it hasn’t been 72 hours since the disaster protocol was implemented, according to the announcement.

HHS issued a bulletin in February highlighting the patient information that hospitals and providers can share in an outbreak of infectious disease, such as coronavirus, or other emergency situation.

— With assistance from Vivek Shankar of Bloomberg News