In response to the COVID-19 pandemic, the US Department of Health and Human Services (HHS) has issued special guidance regarding sharing information about patients, including people infected with the SARS-CoV-2 virus.
HIPAA is widely known for its Privacy Rule, which safeguards protected health information (PHI) of individuals from disclosure by healthcare providers, healthcare networks, insurance companies, and other covered entities. In response to the COVID-19 pandemic the Department of Health and Human Services (HHS) has issued special guidance with respect to the sharing of information about patients, including people infected with COVID-19.
For most covered entities, the exceptions granted by HHS fall under two distinct categories. First, HHS guidance allows for sharing information about COVID-infected patients with law enforcement, paramedics, and other first responders; as well as with public health authorities at the national, state, and local levels. Second, HHS has provided guidance that allows covered entities to share PHI with Health Information Exchanges (HIEs) under certain circumstances.
Let’s look at each of these categories in turn.
Within limited parameters, HHS guidance permits the disclosure of information about infected patients to law enforcement, paramedics, and other first responders, as well as to public health authorities (PHAs). Specifically:
Although HHS guidance allows for the sharing of PHI under the circumstances mentioned above, covered entities are still responsible for making reasonable efforts to limit the amount of information they disclose, and the parties to whom they disclose it. HHS requires that the “minimum necessary” disclosures be made in order to accomplish the intended purpose.
The second important category of the guidance relates to Health Information Exchanges (HIEs), which are organizations that enable the sharing of electronic protected health information (ePHI) among more than two unaffiliated entities. Generally, these exchanges exist for the purpose of facilitating treatment, payment, or health care operations, but they may also report information to public health authorities (PHAs) and perform statistical analysis of the data they collect.
Covered entities may share information with HIEs under the following circumstances:
If your organization is a covered entity under HIPAA, it’s important to be aware of these guidelines pertaining to COVID-19. At WestFax, we’ve been working with HIPAA-covered entities for years, providing secure, cloud-based Healthcare Fax services that help our clients stay on the right side of HIPAA privacy rules. If you’d like to sign up for one of our plans, visit our Healthcare Fax page to learn more.
Need more information? Contact us at 800-473-6208 and we can help you better understand which plan will work best for you.
Digitization of work and increasing automation show what the current pace of technological growth means for the future of work. Let’s look at how extracting data from documents is key for many workflows.
Although it’s possible to take steps that make e-mail more secure, there are always some risks involved. Even encrypted e-mails might not always pass muster. If your organization plans to use e-mail to send protected health information (PHI), it’s important to consider the risks very carefully.