HIPAA Guidelines and COVID-19


HIPAA Guidelines and COVID-19 | WestFax

HIPAA is widely known for its Privacy Rule, which safeguards protected health information (PHI) of individuals from disclosure by healthcare providers, healthcare networks, insurance companies, and other covered entities. In response to the COVID-19 pandemic the department of Health and Human Services (HHS) has issued special guidance with respect to the sharing of information about patients, including people infected with COVID-19.

For most covered entities, the exceptions granted by HHS fall under two distinct categories. First, HHS guidance allows for the sharing of information about COVID-infected patients with law enforcement, paramedics, and other first responders; as well as with public health authorities at the national, state, and local levels. Second, HHS has provided guidance that allows covered entities to share PHI with Health Information Exchanges (HIEs) under certain circumstances.

Let’s look at each of these categories in turn.

Disclosure to First Responders & Public Health Authorities

Within limited parameters, HHS guidance permits the disclosure of information about infected patients to law enforcement, paramedics, and other first responders, as well as with public health authorities (PHAs). Specifically:

Although HHS guidance allows for the sharing of PHI under the circumstances mentioned above, covered entities are still responsible for making reasonable efforts to limit the amount of information they disclose, and the parties to whom they disclose it. HHS requires that the “minimum necessary” disclosures be made in order to accomplish the intended purpose.

Sharing PHI with Health Information Exchanges

The second important category of guidance relates to Health Information Exchanges (HIEs), which are organizations that enable the sharing of electronic protected health information (ePHI) among more than two unaffiliated entities. Generally, these exchanges exist for the purpose of facilitating treatment, payment, or health care operations, but they may also report information to public health authorities (PHAs) and perform statistical analysis of the data they collect.

Covered entities may share information with HIEs under the following circumstances:

If your organization is a covered entity under HIPAA, it’s important to be aware of these guidelines pertaining to COVID-19. At WestFax, we’ve been working with HIPAA covered entities for years, providing secure, cloud-based Healthcare Fax servicesthat help our clients stay on the right side of HIPAA privacy rules. If you’d like to sign up for one of our plans, visit our Healthcare Fax page to learn more.

Need more information? Contact us at 800-473-6208 and we can help you better understand which plan will work best for you.