CDC

OCR Publishes Bulletin Regarding Privacy in Light of Ebola Outbreak

Posted by J. Nicole Martin on November 18, 2014
CDC, HHS, OCR / No Comments

In response to the recent Ebola outbreak in West Africa and in light of patients being treated in several hospitals in the U.S., the HHS, OCR (OCR) recently issued a HIPAA Bulletin to remind us that HIPAA covered entities and business associates must maintain the privacy of protected health information (PHI) even in emergency situations (“Guidance”). According to the OCR, the Guidance serves as a reminder “that the protections of the [HIPAA] Privacy Rule are not set aside during an emergency.”

The OCR explains that the HIPAA Privacy Rule requires a balance between the protection of the privacy of PHI against the necessary uses and disclosures of such information “to treat a patient, to protect the nation’s public health, and for other critical purposes” during emergency situations.  Although the OCR introduces no new requirements under the HIPAA Privacy Rule, the Guidance lays out the circumstances under which patient information may be shared in emergencies, such as for/due to:

  •  Disclosures to Family, Friends, and Others Involved in an Individual’s Care and for Notification
  • Disclosures to the Media or Others Not Involved in the Care of the Patient/Notification
  • Imminent Danger
  • Public Health Activities (i.e., to a public health authority; at the direction of a public health authority, to a foreign government agency; and to persons at risk)
  • Treatment

The OCR reminds us that most disclosures require covered entities to make “reasonable efforts to limit the information disclosed to that which is the ‘minimum necessary.’” Further, covered entities are also required to: (i) implement “reasonable” safeguards necessary to protect PHI from intentional/unintentional uses and disclosures that are impermissible under HIPAA; and (ii) continue to apply administrative, physical and technical safeguards to protect e-PHI under the HIPAA Security Rule.

Further, according to the OCR, under the Project Bioshield Act of 2004 and Section 1135(b)(7) of the Social Security Act, the Secretary of HHS may waive certain HIPAA Privacy Rule provisions during public health or other emergencies. Such limited waivers require both the President to declare an emergency or disaster and the Secretary of HHS to declare a public health emergency. Additional information regarding the limited waivers appears in the Guidance.

As Ebola remains an emergency of both national and international concern, it not surprising that federal agencies continue to publish updated Ebola guidance. This Guidance reminds all of us, especially covered entities and business associates, that even in emergency situations, patient privacy must be protected, unless the limited waiver is invoked, and if not, covered entities and business associates will face consequences for violating the HIPAA Privacy Rule. For additional information regarding the HIPAA Privacy Rule in the context of emergency situations, see the HHS website.  Also see similar guidance (Bulletin and Bulletin  published by HHS in 2005 in response to Hurricane Katrina.

 

J. Nicole Martin

J. Nicole Martin

J. Nicole Martin is an associate and practices in the Health Care Practice Group. Nicole assists accountable care organizations, health care systems, long term care providers, behavioral and mental health providers, medical device manufacturers, physician practices and pharmacies with their compliance, regulatory and transactional needs. Nicole’s practice includes providing clients with counsel regarding HIPAA/HITECH and state privacy and security laws, data breaches, business associate and covered entity obligations, licensure laws, Medicare, Medicaid and third-party payer matters, medical staff issues, and fraud and abuse laws. Nicole also represents clients undergoing changes of ownership and changes of control, and assists them with the transactional, regulatory and compliance requirements necessary to finalize the transactions.

More Posts - Website

Tags: , , , , , , , , , , , ,

CDC Publishes Updated Interim Guidance Regarding Potential Ebola Exposure

Posted by J. Nicole Martin on October 28, 2014
CDC, WHO / No Comments

According to the World Health Organization, the Ebola outbreak is “the biggest and most complex . . . in history,” and in August, the World Health Organization declared the Ebola outbreak in West Africa to be a “Public Health Emergency of International Concern.” Following news last week that New Jersey and New York each announced Ebola exposure and quarantine measures, on Monday, the CDC published updated interim guidance for the monitoring and movement of persons with potential exposure to the Ebola virus (“Guidance”). According to the CDC, the Guidance is updated to include the addition of the following:

  •  A “low (but not zero) risk” category;
  •  A “no identifiable risk” category;
  •  Modifications to the recommended public health actions in each of the high risk, some risk and low (but not zero) risk categories; and
  • Recommendations for specific groups and settings (i.e., healthcare workers providing care to Ebola patients in U.S. facilities and healthcare workers providing care to Ebola patients in countries with widespread transmission).

The CDC further explained that the Guidance provides a “framework for determining appropriate public health actions based on risk factors and clinical presentation.” The Guidance also includes a reference chart outlining recommended public health actions based on exposure category. The CDC correctly noted that primary jurisdiction to address this matter remains with state and local authorities. Under the Tenth Amendment to the U.S. Constitution, states have police power to protect the health (i.e., public health/infectious disease control, including quarantine) of its population.

As Ebola remains a “Public Health Emergency of International Concern,” it is likely that additional and/or updated Ebola guidance will be published by the CDC, as well as orders issued by other states and local authorities.

J. Nicole Martin

J. Nicole Martin

J. Nicole Martin is an associate and practices in the Health Care Practice Group. Nicole assists accountable care organizations, health care systems, long term care providers, behavioral and mental health providers, medical device manufacturers, physician practices and pharmacies with their compliance, regulatory and transactional needs. Nicole’s practice includes providing clients with counsel regarding HIPAA/HITECH and state privacy and security laws, data breaches, business associate and covered entity obligations, licensure laws, Medicare, Medicaid and third-party payer matters, medical staff issues, and fraud and abuse laws. Nicole also represents clients undergoing changes of ownership and changes of control, and assists them with the transactional, regulatory and compliance requirements necessary to finalize the transactions.

More Posts - Website

Tags: , , , ,

CDC Publishes Revised Ebola Guidelines and Announces New Monitoring Program

Posted by J. Nicole Martin on October 23, 2014
CDC / No Comments

The CDC recently announced stricter guidelines on the use of personal protective equipment for United States healthcare workers providing healthcare services to patients with Ebola (“Guidelines”). According to the CDC, the Guidelines have three core principles:

  • All healthcare workers undergo rigorous training and are practiced and competent with personal protective equipment, including putting it on and taking it off in a systemic manner
  • No skin exposure when personal protective equipment is worn
  • All workers are supervised by a trained monitor who watches each worker putting personal protective equipment on and taking it off.

Continue reading…

J. Nicole Martin

J. Nicole Martin

J. Nicole Martin is an associate and practices in the Health Care Practice Group. Nicole assists accountable care organizations, health care systems, long term care providers, behavioral and mental health providers, medical device manufacturers, physician practices and pharmacies with their compliance, regulatory and transactional needs. Nicole’s practice includes providing clients with counsel regarding HIPAA/HITECH and state privacy and security laws, data breaches, business associate and covered entity obligations, licensure laws, Medicare, Medicaid and third-party payer matters, medical staff issues, and fraud and abuse laws. Nicole also represents clients undergoing changes of ownership and changes of control, and assists them with the transactional, regulatory and compliance requirements necessary to finalize the transactions.

More Posts - Website

Tags: , , , ,