Emergency Preparedness Planning and Response
The Privacy Rule protects individually identifiable health information from uses and disclosures that unnecessarily compromise the privacy of an individual. The Rule is carefully designed to protect the privacy of health information, while allowing important health care communications to occur.
These pages address common emergency preparedness issues related to the release of protected health information for planning or response activities. In addition, please view the Civil Rights Emergency Preparedness page to learn how nondiscrimination laws apply during an emergency.
Back to Top
Access an interactive decision tool designed to assist emergency preparedness and recovery planners in determining how to gain access to and use health information about persons with disabilities or others consistent with the Privacy Rule.
The tool guides the user through a series of questions to find out how the Privacy Rule would apply in specific situations. By helping users focus on key Privacy Rule issues, the tool helps users appropriately obtain health information for their public safety activities.
The tool is designed for covered entities as well as emergency preparedness and recovery planners at the local, state and federal levels.
- Emergency Preparedness Planning and the Privacy Rule:
HIPAA Privacy Rule Blue Card for Law Enforcement:
The below guide developed in cooperation with the HHS Office of the Assistant Secretary for Preparedness and Response and the Federal Bureau of Investigation is intended to assist law enforcement when trying to obtain health information that is protected by the HIPAA Privacy Rule. The guide provides a basic description of the HIPAA Privacy Rule and identifies entities that are and are not required to comply. The guide also outlines several disclosure permissions that allow the disclosure of health information to law enforcement in common law enforcement situations, such as during an emergency response.
- HIPAA Guide for Law Enforcement [PDF - 177KB]
In all circumstances, the Privacy Rule allows for information to be disclosed for treatment, payment and health care operations without an authorization from the individual. In this section, access guidance about sharing information in emergency situations to assist in disaster relief efforts and to assist patients in receiving the care they need.
- Emergency Response and the Privacy Rule:
- Bulletin: Disclosing PHI in Emergency Situations [PDF - 30KB]
- Hurricane Katrina Bulletin 2: Compliance Guidance and Enforcement Statement [PDF - 148KB]
If the President declares an emergency or disaster and the Secretary of HHS declares a public health emergency, the Secretary may waive sanctions and penalties against a covered hospital that does not comply with certain provisions of the Privacy Rule. The Privacy Rule remains in effect. The waivers are limited and apply only for limited periods of time.