The big question we have is with HIPAA Rights. The hospitals are concerned that they would be violating patient rights by releasing information. There have been some concessions made during Katrina for instance, but we have not found anything permanent as far as disasters and notifying families. Is there legislation to cover this?
In its simplest and purest interpretation, HIPAA (the Health Information Portability and Accountability Act) prohibits the willful or negligent release of patient information to unauthorized parties. While much debate, controversy and regulation swirl around what constitutes “willful,” “ negligent,” “release” and “patient information” there is little debate or even disagreement on what constitutes “unauthorized parties” and conversely “authorized parties.”
HIPAA allows for the sharing of patient identifiers to public health and public safety officials for the purpose of meeting public reporting requirements. A prime example is the release of patient information in cases of reportable sexually transmitted disease. In this example, the patient’s contact information, demographics and diagnosis are shared with the local public health unit. This is the so called “public interest / public health reporting” exception to HIPAA. Mass casualty and disaster survivor and decedent reporting is also a recognized public health function under the National Response Plan and the National Incident Management System. FEMA and other federal / state disaster response agencies rely on this information to adapt response plans and efforts.
The release of patient name, condition and location to the empowered local emergency management agency (or their designee) is thus covered under the “public interest / public health reporting” exception. Similarly, reporting injury types and totals without patient names is permissible. The reporting of patient diagnosis linked to name and other demographics falls into the prohibited or potentially prohibited area.
This question submitted via www.Disaster-Blog.com