Skip to content Skip to navigation

After Ebola, OCR Issues HIPAA Guidance for Emergency Situations

November 11, 2014
by Gabriel Perna
| Reprints

In light of the Ebola situation, the Department of Health and Human Services' (HHS) Office of Civil Rights (OCR) has issued a bulletin to healthcare providers and other HIPAA-covered entities and their business associates on sharing patient information during an emergency situation.

The bulletin is a reminder to those entities that protections derived from the privacy rule are not to be set aside during an emergency. However, OCR notes there are situations in this case that the disclosure of information may be made without the patient's permission.

These exceptions to the rule during an emergency involve providers sharing information on a patient for the coordination and management of care;  sharing information with a public health authority such as the Centers for Disease Control and Prevention (CDC); sharing information with the patient's family and others involved with their care; and if the patient is within imminent danger.

There is also disclosure on sharing with the media. OCR states that minimal information on the patient can be shared with the media if the patient has given their approval or if the patient is incapacitated, then if that information is in the public interest. In all, OCR notes the covered entity must disclose information, which is the "minimum necessary."

Like other widely-covered media events in healthcare, the Ebola crisis has become a potential trap for HIPAA violations. In Nebraska, two workers at a hospital were fired for accessing a patient's record illegally because that patient had Ebola.

Read the source article at



CMS Hospital Compare Website Updated with VA Data

The Centers for Medicare & Medicaid Services (CMS) has announced the inclusion of Veterans Administration (VA) hospital performance data as part of the federal agency’s Hospital Compare website.

CMS Awards Funding to Special Innovation Projects

The Centers for Medicare & Medicaid Services (CMS) has awarded 20, two-year Special Innovation Projects (SIPs) aimed at local efforts to deliver better care at lower cost.

Center of Excellence in Genomic Science to be Established in Chicago

The National Human Genome Research Institute has awarded $10.6 million over five years for the establishment of a new research center in Chicago to advance genomic science.

EHNAC and HITRUST Combine HIPAA Security Criteria, CSF Framework

The Electronic Healthcare Network Accreditation Commission (EHNAC) and the Health Information Trust Alliance (HITRUST) announced plans to streamline their accreditation and certification programs.

Halamka on MACRA Final Rule: “CMS is Listening and I Thank Them”

Health IT notable expert John Halamka, M.D., CIO of Beth Israel Deaconess Medical Center in Boston, recently weighed in on the Medicare Access and CHIP Reauthorization Act (MACRA) final rule.

Texas Patient Care Clinic Hit with Ransomware Attack

Grand Prairie, Texas-based Rainbow Children's Clinic was the victim of a ransomware attack on its IT systems in August, affecting more than 33,000 patients, according to multiple news media reports this week.