Emergency Situations: Preparedness, Planning, and Response

The Privacy Rule protects individually identifiable health information from unauthorized or impermissible uses and disclosures. The Rule is carefully designed to protect the privacy of health information, while allowing important health care communications to occur. These pages address the release of protected health information for planning or response activities in emergency situations. In addition, please view the Civil Rights Emergency Preparedness page to learn how nondiscrimination laws apply during an emergency.

COVID-19 and HIPAA

During the COVID-19 national emergency, which also constitutes a nationwide public health emergency, the HHS Office for Civil Rights (OCR) has provided guidance that helps explain how the HIPAA Privacy Rule allows patient information to be shared in the outbreak of infectious disease and to assist patients in receiving the care they need.

Click to access guidance on HIPAA flexibility during the COVID-19 emergency

Planning

Access an interactive decision tool designed to assist emergency preparedness and recovery planners in determining how to gain access to and use health information about persons with disabilities or others consistent with the Privacy Rule.

The tool guides the user through a series of questions to find out how the Privacy Rule would apply in specific situations. By helping users focus on key Privacy Rule issues, the tool helps users appropriately obtain health information for their public safety activities.

The tool is designed for covered entities as well as emergency preparedness and recovery planners at the local, state and federal levels.

• Emergency Preparedness Planning and the Privacy Rule:
  • Press Release: HHS Announces New HIPAA Privacy Decision Tool for Emergency Preparedness Planning
  • HIPAA Privacy Rule: Disclosures for Emergency Preparedness - A Decision Tool
  • Norma de Privacidad de la ley HIPAA: Divulgación de Información para Fines de Preparación en Casos de Emergencia – Una Herramienta Para la Toma de Decisiones

Response

In this section, access guidance about sharing patient information under the Privacy Rule in emergency situations, such as to assist patients in receiving the care they need, as well as to assist in disaster relief, public health, and law enforcement efforts.

• 2025 Public Health Emergency for CA in Response to Wildfires and Straight-Line Winds
• 2024 Public Health Emergency for FL in Response to Hurricane Milton
• 2024 Public Health Emergency for SC and TN in Response to Hurricane Helene
• 2024 Public Health Emergency for NC in Response to Hurricane Helene
• 2024 Public Health Emergency for GA in Response to Hurricane Helene
• 2024 Public Health Emergency for FL in Response to Hurricane Helene
• 2024 Public Health Emergency for LA in Response to Hurricane Francine
• 2024 Public Health Emergency for FL, GA and SC in Response to Hurricane Debby
• 2024 Public Health Emergency for Texas in Response to Hurricane Beryl*
• 2023 Public Health Emergency for Georgia in Response to Hurricane Idalia*
• 2023 Public Health Emergency for Florida in Response to Hurricane Idalia*
• 2023 Hawaii Wildfires Bulletin*
• 2023 Typhoon Mawar – Guam*
• 2023 Mississippi Severe Storms, Straight-Line Winds, and Tornadoes Bulletin*
• 2022 Hurricane Ian - South Carolina
• 2022 Hurricane Ian - Florida
• 2022 Hurricane Fiona
• 2022 Kentucky Flooding Bulletin
• 2022 New Mexico Wildfires and Straight-Line Winds Bulletin
• 2021 Hurricane Ida Bulletin
• 2021 Texas Winter Storm Bulletin
• 2020 Oregon Wildfires Bulletin
• August 2020 Hurricane Laura Bulletin
• 2020 California Wildfires Bulletin
• March 2020 HIPAA and COVID-19 Bulletin
• Marzo de 2020 Boletín informativo sobre el COVID-19 y la Ley HIPAA
• February 2020 HIPAA and Novel Coronavirus
• Febrero de 2020: la Norma de Privacidad de la ley HIPAA y el nuevo coronavirus
• January 2020 Puerto Rico Earthquakes Bulletin
• Terremotos en Puerto Rico de enero de 2020
• September 2019 Hurricane Dorian Bulletin
• July 2019 Tropical Storm Barry Bulletin
• October 2018 Super Typhoon Yutu Bulletin
• October 2018 Hurricane Michael Bulletin
• September 2018 Hurricane Florence Bulletin
• October 2017 California Wildfires Bulletin
• Los Huracanes y la Ley HIPAA [September 2017]
• September 2017 Hurrican Maria Bulletin
• September 2017 Hurricane Irma Bulletin
• August 2017 Hurricane Harvey Bulletin
• November 2014 Bulletin: HIPAA Privacy in Emergency Situations
• September 2013 HIPAA Guide for Law Enforcement
• Norma de Privacidad de la Ley de Responsabilidad y Movilidad del Seguro de Salud: Guía para órganos del orden público
• September 2005 Hurricane Katrina Bulletins
  • Disclosing PHI in Emergency Situations
  • Compliance Guidance and Enforcement Statement
• Disclosures to Public Health Authorities
• Cuándo las entidades cubiertas por la Ley HIPAA pueden entregar información de salud protegida a las autoridades de salud pública
• Public Health Authority Disclosure Request Checklist
• Ley HIPAA: Lista de verificación para solicitud de divulgación de información por parte de una autoridad de salud pública

Waivers

If the President declares an emergency or disaster and the Secretary of HHS declares a public health emergency, the Secretary may waive sanctions and penalties against a covered hospital that does not comply with certain provisions of the Privacy Rule.  The Privacy Rule remains in effect.  The waivers are limited and apply only for limited periods of time.

• Frequently Asked Question: HIPAA waiver during a national or public health emergency
• ¿La Norma de Privacidad de la Ley HIPAA se suspende durante una emergencia de salud pública o nacional?

* People using assistive technology may not be able to fully access information in this file. For assistance, contact the HHS Office for Civil Rights at (800) 368-1019, TDD toll-free: (800) 537-7697, or by emailing OCRMail@hhs.gov.

Back to Top