In healthcare, every day brings about new emergencies, and compliance profession- als are often tasked with assisting their
organizations to navigate through them. To
patients and their families, every emergency
is significant and requires discretion and pri-vacy of patient health information. A visit to
a hospital often evokes fear and anxiety, not
only for the patient, but also for their families
and loved ones. Each type of emergency may
require a different level of use and/or disclosure of protected health information (PHI)
under the Health Insurance Portability and
Accountability Act of 1996 (HIPAA), with the
potential of requiring disclosure to government, public health, relief, or other entities.
Some events may even bring about immense,
and sometimes challenging interest from
To prepare and respond efficiently to these
situations, compliance professionals should:
· understand the governing
rules and regulations associated with using and disclosing
· evaluate the need to create
policies, procedures, and trainings that outline how to handle
patient information; and
· plan and develop different scenarios with colleagues.
Recent events have also
brought about clarification and
reinforcement from Health and
Human Services (HHS) to commonly accepted practices for
disclosing patient information
during emergency situations.
Many emergencies are different
in one element of the incident or
another, and how one may respond
can depend on various facts and
circumstances. Establishing a
management response plan with
defined roles and a designated
team may facilitate a faster and
more coordinated proactive
by Terrie B. Estes, MHSA, MS, CHC, CHPC; Peter A. Khoury, MHA, MJ, CHC, CHPC; and Kaitlin McCarthy, CHC
Maintaining patient privacy
during an emergency
» Emergency events can create risks to patient privacy.
» Various federal and state regulations outline privacy groundwork.
» Recent events have brought about important HIPAA clarification.
» Penalties continue to increase; assess preparedness now.
» Prepare and respond to emergencies by deploying a response plan.
Terrie B. Estes ( terrie.estes@YNHH.ORG) is Vice President, Corporate
Compliance & Chief Compliance Officer, Yale New Haven Health, in New
Haven, CT. Peter A. Khoury ( firstname.lastname@example.org) is a Deloitte Risk and
Financial Advisory Senior Consultant in Deloitte & Touche LLP’s Philadelphia
office. Kaitlin McCarthy ( email@example.com) is a Deloitte Risk and
Financial Advisory Senior Manager in Deloitte & Touche LLP’s Boston office.