According to the Department of Health and Human Services (HHS), a public health emergency (PHE) is an infectious disease, disorder, natural disaster, or another widespread occurrence that causes significant public harm. Federal, state, and local governments can work together with the Center for Disease Control to help citizens as best as possible during an emergency. The Secretary of HHS can call a PHE order that lasts for 90 days and can be extended as long as needed, along with giving a pass to specific pieces of legislation that may impede the government’s ability to help people.
How HIPAA plays a role
Despite the uncertainty that often comes with a PHE, some laws cannot be touched. HIPAA, the law that establishes privacy and sharing guidelines for protected health information (PHI) , doesn’t divert from its purpose when a PHE is declared. Once this happens, the only things that can change about how a patient’s protected health information is shared are the following requirements:
- Getting a patient’s consent to speak with family or friends involved in their care
- Honor a request to opt-out of a facility directory
- Distribute a required privacy notice
- Patient’s right to privacy restrictions
- Patient’s right to request confidential communications
Data breaches and COVID-19
COVID-19 is the most recent PHE the world has experienced. The pandemic has caused healthcare systems in the U.S. (and around the globe) to reexamine many of their policies and procedures regarding their patient data. Hospitals are overwhelmed because of the influx of COVID patients they have to treat, and cybercriminals take advantage of it. Field hospitals and other transient or temporary facilities have been victims of data breaches and cyberattacks since the pandemic. In the latter half of the year, as many healthcare workers were in full swing of working remotely , the attacks started becoming even worse. The Wall Street Journal reports that over one million people per month were victims of data breaches at healthcare organizations. Therefore, the clear need for better data security cannot be understated.
How hospitals can stay safe during a public health emergency
A plan is essential because hospitals and healthcare organizations must retain their safety and privacy precautions to ensure that patients are protected. HIPAA compliant email is one way to prevent PHI from getting into the wrong hands. An effective cybersecurity system can significantly reduce the risk of an attack on patient data.
Be prepared for next time
It’s clear that as the world slowly recovers from the COVID-19 pandemic, healthcare facilities have to implement better cybersecurity. Paubox Email Suite Plus offers Zero Trust Email which requires a strict identity verification process before any email is delivered to the inbox, and ExecProtect provides patented protection against display name spoofing . If you want tighter security, Paubox Email Suite Premium also comes with data loss prevention (DLP) which prevents unauthorized employees from emailing PHI or other sensitive information by mistake.