February 6, 2020 Wondering how your practice needs to handle HIPAA privacy when it comes to public health emergencies, like the recent Novel Coronavirus outbreak? Read the OCR’s tips below! As the Novel Coronavirus (2019-nCoV) outbreak continued to make news, the Office for Civil Rights (OCR) sent a recent bulletin out including additional information for how to handle PHI and how the HIPAA Privacy Rule should be applied with regard to public health emergencies such as this one. Even in public health emergencies, covered entities (as well as business associates) are still expected to adhere to HIPAA regulations and safeguard the security and privacy of their PHI consistent with HIPAA law. Here’s a few key takeaways from the OCR bulletin that your organization should remember: As a reminder, all PHI disclosures even in these circumstances should be limited to the minimum information necessary, including continuing to adhere to role-based access for internal employees. If a public health agency such as the CDC requests information, all requested information should be treated as the minimum necessary for the public health purpose.
