HIPAA Privacy Rule revised under Hurricane Harvey

Featured image

Share this article

HIPAA Privacy Rule revised under Hurricane Harvey

In response to Hurricane Harvey, the secretary of the U.S. Department of Health and Human Services (HHS), Tom Price, M.D., declared a public health emergency in Texas and Louisiana.

Along with the declaration, he exercised his authority to waive sanctions and penalties against a Texas or Louisiana covered hospital that does not comply with certain provisions of the HIPAA Privacy Rule.

Changes to HIPAA’s Privacy Rule under extreme circumstances

The following provisions of HIPAA’s Privacy Rule has been waived for Texas or Louisiana covered hospitals:

  • The requirements to obtain a patient’s agreement to speak with family members or friends involved in the patient’s care
  • The requirement to honor a request to opt out of the facility directory
  • The requirement to distribute a notice of privacy practices
  • The patient’s right to request privacy restrictions
  • The patient’s right to request confidential communications

Other provisions of the Privacy Rule continue to apply, even during the waiver period.

When the Secretary issues such a waiver, it only applies:

  1. In the emergency area and for the emergency period identified in the public health emergency declaration
  2. To hospitals that have instituted a disaster protocol
  3. With respect to the provisions identified above
  4. For up to 72 hours from the time the hospital implements its disaster protocol

What happens when the waiver declaration ends?

When the President’s or Secretary’s declaration terminates, a hospital must then comply with all the requirements of the Privacy Rule for any patient still under its care, even if 72 hours have not elapsed since implementation of its disaster protocol.

All other provisions of the HIPAA regulations, including the Security Rule and the Breach Notification Rule, remain in effect.

As emergency personnel and medical facilities undertake immediate action to ensure the safety of those affected, the OCR continues to highlight how the HIPAA Privacy Rule allows patient information to be shared to assist in disaster relief efforts and to assist patients in receiving the care they need, regardless of whether a waiver is granted.

For more detailed information regarding HIPAA privacy and disclosures in emergency situations, click here.

For more detailed information regarding emergency situation preparedness, planning, and response, click here.

To utilize the Disclosures for Emergency Preparedness Decision Tool, click here.

Please view the Civil Rights Emergency Preparedness page to learn how nondiscrimination laws apply during an emergency.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Phuong Tran

Phuong Tran is a Carnegie Mellon University-Heinz College graduate with a degree in healthcare policy and management. In his spare time he enjoys discovering new restaurants and playing basketball.

Read more by Phuong Tran

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022