The HIPAA privacy rule is meant to protect patient medical records, but what happens when those protections conflict with emergency medical care during a natural disaster such as a hurricane? The HIPAA privacy rule allows the following disclosures during emergenicies:
- Healthcare providers may share information in order provide Treatment to patients. This includes: information sharing with hospitals, clinics, and other providers; patient referrals; coordination with emergency relief workers; record sharing for the purposes of seeking payment.
- Providers may also share information in order to Notify family or legal guardians of patients of the patient’s whereabouts and condition. This includes sharing information to identify and locate family or guardians. Although getting the patient’s verbal permission is best, HIPAA allows this type of information sharing without permission if the patient unconscious or otherwise incapacitated.
- Providers may share a patient’s medical information with anyone if, by doing so, the patient or general public will be protected from Imminent Danger.
- · Providers may also give information from their Directory of Patients to callers making inquiries about specific patients. This includes letting callers know if the patient is at the facility, where they are in the facility, and the condition of the patient.
HIPAA is meant to protect an individual’s privacy, but not at the expense of the individual’s or the public’s safety. That is why the privacy rule becomes somewhat elastic during times of natural disaster. As a health provider, it may be difficult to know where the line is. Following the simple guidelines above will help you stay on the right side of it as you do your best to care for patients during times of stress.