Law360 is providing free access to its coronavirus coverage to make sure all members of the legal community have accurate information in this time of uncertainty and change. Use the form below to sign up for any of our weekly newsletters. Signing up for any of our section newsletters will opt you in to the weekly Coronavirus briefing.
Sign up for our Cybersecurity & Privacy newsletter
You must correct or enter the following before you can sign up:
Thank You!
Law360 (March 24, 2020, 9:26 PM EDT) -- Law enforcement, paramedics and other first responders may access protected health information about an individual who has been infected by or exposed to the coronavirus if the information is needed to provide treatment, the U.S. Department of Health and Human Services said Tuesday.
According to guidance from the department's Office for Civil Rights, health care providers can also share coronavirus patient information when first responders may be at risk of infection or when the information is necessary to "prevent or lessen a serious and imminent threat." They can also share the information to notify a public health authority to control or stop the spread of disease, the department said.
HHS shared the guidelines, which clarify when and how the protected information can be shared without an individual's authorization under the Health Insurance Portability and Accountability Act, to protect first responders in the midst of the COVID-19 pandemic, the department said in a statement Tuesday. Protected information can include a patient's name and other identifying information, per the guidance.
Roger Severino, director of the Office for Civil Rights, said in a statement that first responders are needed right now "like never before."
"[W]e must do all we can to assure their safety while they assure the safety of others," he said. "This guidance helps ensure first responders will have greater access to real-time infection information to help keep them and the public safe."
In the guidance, HHS added that in general, entities covered by HIPAA must make "reasonable efforts" to limit the information used or disclosed. Whatever is shared should be the "minimum necessary" to accomplish what needs to be accomplished, HHS said.
And health care providers should consult other applicable laws before disclosing the information, HHS said, noting that those laws may place further restrictions on disclosures.
The guidance further clarifies a bulletin issued last month in which HHS reminded HIPAA-covered entities that the protections of the law's privacy rule "are not set aside during an emergency." Still, there are ways patient information may be shared in an outbreak or infectious disease situation, the department said at the time.
"The HIPAA Privacy Rule protects the privacy of patients' health information (protected health information) but is balanced to ensure that appropriate uses and disclosures of the information still may be made when necessary to treat a patient, to protect the nation's public health and for other critical purposes," HHS said last month.
--Editing by Peter Rozovsky.
For a reprint of this article, please contact reprints@law360.com.
