The Privacy Rule protects individually identifiable health information from unauthorized or impermissible uses and disclosures. The Rule is carefully designed to protect the privacy of health information, while allowing important health care communications to occur. These pages address the release of protected health information for planning or response activities in emergency situations. In addition, please view the Civil Rights Emergency Preparedness page to learn how nondiscrimination laws apply during an emergency.
COVID-19 and HIPAA
During the COVID-19 national emergency, which also constitutes a nationwide public health emergency, the HHS Office for Civil Rights (OCR) has provided guidance that helps explain how the HIPAA Privacy Rule allows patient information to be shared in the outbreak of infectious disease and to assist patients in receiving the care they need.
Click to access guidance on HIPAA flexibility during the COVID-19 emergency
Planning
Access an interactive decision tool designed to assist emergency preparedness and recovery planners in determining how to gain access to and use health information about persons with disabilities or others consistent with the Privacy Rule.
The tool guides the user through a series of questions to find out how the Privacy Rule would apply in specific situations. By helping users focus on key Privacy Rule issues, the tool helps users appropriately obtain health information for their public safety activities.
The tool is designed for covered entities as well as emergency preparedness and recovery planners at the local, state and federal levels.
- Emergency Preparedness Planning and the Privacy Rule:
- Press Release: HHS Announces New HIPAA Privacy Decision Tool for Emergency Preparedness Planning, links to an external website, opens in a new tab
- HIPAA Privacy Rule: Disclosures for Emergency Preparedness - A Decision Tool
- Norma de Privacidad de la ley HIPAA: Divulgación de Información para Fines de Preparación en Casos de Emergencia – Una Herramienta Para la Toma de Decisiones, opens in a new tab
Response
In this section, access guidance about sharing patient information under the Privacy Rule in emergency situations, such as to assist patients in receiving the care they need, as well as to assist in disaster relief, public health, and law enforcement efforts.
- 2025 Public Health Emergency for CA in Response to Wildfires and Straight-Line Winds
- 2024 Public Health Emergency for FL in Response to Hurricane Milton
- 2024 Public Health Emergency for SC and TN in Response to Hurricane Helene
- 2024 Public Health Emergency for NC in Response to Hurricane Helene
- 2024 Public Health Emergency for GA in Response to Hurricane Helene, opens in a new tab
- 2024 Public Health Emergency for FL in Response to Hurricane Helene, opens in a new tab
- 2024 Public Health Emergency for LA in Response to Hurricane Francine, opens in a new tab
- 2024 Public Health Emergency for FL, GA and SC in Response to Hurricane Debby, opens in a new tab
- 2024 Public Health Emergency for Texas in Response to Hurricane Beryl, opens in a new tab*
- 2023 Public Health Emergency for Georgia in Response to Hurricane Idalia, opens in a new tab*
- 2023 Public Health Emergency for Florida in Response to Hurricane Idalia, opens in a new tab*
- 2023 Hawaii Wildfires Bulletin*, opens in a new tab
- 2023 Typhoon Mawar – Guam, opens in a new tab*
- 2023 Mississippi Severe Storms, Straight-Line Winds, and Tornadoes Bulletin, opens in a new tab*
- 2022 Hurricane Ian - South Carolina, opens in a new tab
- 2022 Hurricane Ian - Florida, opens in a new tab
- 2022 Hurricane Fiona, opens in a new tab
- 2022 Kentucky Flooding Bulletin, opens in a new tab
- 2022 New Mexico Wildfires and Straight-Line Winds Bulletin, opens in a new tab
- 2021 Hurricane Ida Bulletin, opens in a new tab
- 2021 Texas Winter Storm Bulletin, opens in a new tab
- 2020 Oregon Wildfires Bulletin, opens in a new tab
- August 2020 Hurricane Laura Bulletin, opens in a new tab
- 2020 California Wildfires Bulletin, opens in a new tab
- March 2020 HIPAA and COVID-19 Bulletin, opens in a new tab
- Marzo de 2020 Boletín informativo sobre el COVID-19 y la Ley HIPAA, opens in a new tab
- February 2020 HIPAA and Novel Coronavirus, opens in a new tab
- Febrero de 2020: la Norma de Privacidad de la ley HIPAA y el nuevo coronavirus, opens in a new tab
- January 2020 Puerto Rico Earthquakes Bulletin, opens in a new tab
- Terremotos en Puerto Rico de enero de 2020, opens in a new tab
- September 2019 Hurricane Dorian Bulletin, opens in a new tab
- July 2019 Tropical Storm Barry Bulletin, opens in a new tab
- October 2018 Super Typhoon Yutu Bulletin, opens in a new tab
- October 2018 Hurricane Michael Bulletin, opens in a new tab
- September 2018 Hurricane Florence Bulletin, opens in a new tab
- October 2017 California Wildfires Bulletin, opens in a new tab
- Los Huracanes y la Ley HIPAA [September 2017], opens in a new tab
- September 2017 Hurrican Maria Bulletin, opens in a new tab
- September 2017 Hurricane Irma Bulletin, opens in a new tab
- August 2017 Hurricane Harvey Bulletin, opens in a new tab
- November 2014 Bulletin: HIPAA Privacy in Emergency Situations , opens in a new tab
- September 2013 HIPAA Guide for Law Enforcement , opens in a new tab
- Norma de Privacidad de la Ley de Responsabilidad y Movilidad del Seguro de Salud: Guía para órganos del orden público, opens in a new tab
- September 2005 Hurricane Katrina Bulletins
- Disclosing PHI in Emergency Situations , opens in a new tab
- Compliance Guidance and Enforcement Statement , opens in a new tab
- Disclosures to Public Health Authorities, opens in a new tab
- Cuándo las entidades cubiertas por la Ley HIPAA pueden entregar información de salud protegida a las autoridades de salud pública, opens in a new tab
- Public Health Authority Disclosure Request Checklist, opens in a new tab
- Ley HIPAA: Lista de verificación para solicitud de divulgación de información por parte de una autoridad de salud pública, opens in a new tab
Waivers
If the President declares an emergency or disaster and the Secretary of HHS declares a public health emergency, the Secretary may waive sanctions and penalties against a covered hospital that does not comply with certain provisions of the Privacy Rule. The Privacy Rule remains in effect. The waivers are limited and apply only for limited periods of time.
- Frequently Asked Question: HIPAA waiver during a national or public health emergency
- ¿La Norma de Privacidad de la Ley HIPAA se suspende durante una emergencia de salud pública o nacional?, opens in a new tab
* People using assistive technology may not be able to fully access information in this file. For assistance, contact the HHS Office for Civil Rights at (800) 368-1019, TDD toll-free: (800) 537-7697, or by emailing OCRMail@hhs.gov, opens in a new window.