Emergency Situations: Preparedness, Planning, and Response
The Privacy Rule protects individually identifiable health information from uses and disclosures that unnecessarily compromise the privacy of an individual. The Rule is carefully designed to protect the privacy of health information, while allowing important health care communications to occur.
These pages address the release of protected health information for planning or response activities in emergency situations. In addition, please view the Civil Rights Emergency Preparedness page to learn how nondiscrimination laws apply during an emergency.
Back to Top
Access an interactive decision tool designed to assist emergency preparedness and recovery planners in determining how to gain access to and use health information about persons with disabilities or others consistent with the Privacy Rule.
The tool guides the user through a series of questions to find out how the Privacy Rule would apply in specific situations. By helping users focus on key Privacy Rule issues, the tool helps users appropriately obtain health information for their public safety activities.
The tool is designed for covered entities as well as emergency preparedness and recovery planners at the local, state and federal levels.
- Emergency Preparedness Planning and the Privacy Rule:
In this section, access guidance about sharing patient information under the Privacy Rule in emergency situations, such as to assist patients in receiving the care they need, as well as to assist in disaster relief, public health, and law enforcement efforts.
- November 2014 Bulletin: HIPAA Privacy in Emergency Situations [PDF – 30KB]
- September 2013 HIPAA Guide for Law Enforcement [PDF – 177KB]
- September 2005 Hurricane Katrina Bulletins
- Disclosing PHI in Emergency Situations [PDF - 30KB]
- Compliance Guidance and Enforcement Statement [PDF - 148KB]
If the President declares an emergency or disaster and the Secretary of HHS declares a public health emergency, the Secretary may waive sanctions and penalties against a covered hospital that does not comply with certain provisions of the Privacy Rule. The Privacy Rule remains in effect. The waivers are limited and apply only for limited periods of time.