Disclosures Involving the Coronavirus Pandemic


While healthcare facilities are preparing for the coronavirus pandemic, hospitals are facing increased workloads. Healthcare providers are required to report cases of COVID-19 to public health agencies as a part of the response effort.  It is still important to remember that Minimum Necessary policies and other privacy and security requirements must remain in place.

During an infectious disease outbreak protection under the Privacy Rule is not waived. Providers are permitted, and required, to disclose patient information for public health activities. The COVID-19 pandemic falls into this category. Public health agencies include the CDC and state or local public health departments that are authorized by law to receive patient information. Public health agency disclosures may include:

  • referrals for testing of suspected cases of COVID-19;
  • confirmed cases of COVID-19;
  • deaths due to COVID-19 infections.

Healthcare providers and public health agencies also have a responsibility to protect the public against COVID-19. Protection will include informing persons that have had contact with a COVID-19 infected patient. These communications should include instructions to adhere to recommendations of healthcare providers and/or government agencies to avoid a serious or imminent threat to public health.

Additionally, these disclosures are more sensitive and require authorization, in some instances. Steps must be taken to not disclose information that could identify the patient. When unsure if the disclosure requires an authorization, healthcare providers should either contact a healthcare attorney or use caution and obtain patient consent. CMS released a bulletin to help healthcare providers navigate the COVID-19 pandemic and HIPAA.

The coronavirus is not a case of public health versus patient privacy. As public health agencies and healthcare providers must work together to identify, treat, contain and prevent the further spread of COVID-19, they must also remember to work together to protect patient privacy.

Need More Guidance? Grab Our PHI Decision Tree!

This simple cheat sheet makes it easy to recognize every time you’re interacting with protected health information.

Decision Tree Preview

HIPAAtrek offers a suite of software solutions to help healthcare providers and public health agencies manage the increased compliance workloads. Our platforms provide compliance transparency and automation for compliance and clinical teams.

Contact us for more information about how to stay HIPAA compliant during this global pandemic.

Request A HIPAAtrek Demo

HIPAAtrek User
Compliance is complicated. Your compliance software doesn’t have to be. Schedule your demo today!

You Might Also Like

Is the Telehealth you’ve adopted secure?

Many patients and providers who would not have normally considered telehealth as a regular way to access healthcare are now utilizing the services. Many patients are afraid to go the hospital or doctor office in fear of exposing themselves and loved ones to Covid-19. Luckily, doctors can still reach their patients and provide medical care online. After this pandemic is over, many suspect that telehealth will still be sticking around. Now may be a good time to consider how to make your telehealth services more secure.

Read More »