HIPAA Blog

[ Friday, October 17, 2014 ]

Ebola, Public Health, Emergency, and Related Disclosure Questions: Some of the AHLA ListServs are buzzing today with questions about how and why Texas Health Presbyterian Hospital (which is just over a mile from my house) has disclosed the names of the two nurses who have caught Ebola. Normally, a hospital can't disclose the names of patients, except for treatment, payment, healthcare operations, with patient consent, or as required by law or otherwise allowed by HIPAA. HIPAA allows covered entities to disclose PHI in emergency situations, and generally health care providers are required to disclose infectious disease information to state and federal epidemiology agencies. Some have also speculated that Presby might have patient consent to make the disclosures, in which case they clearly would be allowed.

HHS has helpfully provided an FAQ relating to disclosures in the case of a bioterrorism threat of public health emergency, and has also provided a decision tool for healthcare providers faced with determining whether there is a public health emergency or emergency preparedness reason for a disclosure.

Hat tip: Alan Goldberg.

Jeff [3:26 PM]

Comments: Post a Comment

http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template