HIPAA and Emergencies - When the Rules are Changed to Meet Healthcare Needs

Date: Thursday June 25, 2020

10:00 AM PDT | 01:00 PM EDT

Duration: 90 Minutes
Instructor: Jim Sheldon Dean
Webinar Id: 802016
25 Days Left To Register


One Attendee
Unlimited Attendees


One Attendee
Unlimited Attendees ?


Live + Recorded
$269 $318  
One Attendee
Live + Recorded
$599 $678  
Unlimited Attendees ?

This Webinar will help healthcare professionals understand how to best provide services during the emergency and meet HIPAA requirements at the same time. 


The COVID-19 pandemic has created new demands for communications of various kinds, with patients and among caregivers and authorities, and has made clear the need to provide services remotely to the extent possible.

Providers need to communicate more, between themselves and with their patients, and the time to implementation of new services to meet these needs is almost zero, leaving no room for the usual processes of approval and adoption that health care is used to.

In order to facilitate the delivery of services and necessary communications during the emergency, the US Department of Health and Human Services has issued guidance relaxing some HIPAA requirements pertaining to teleconferencing tools and reiterating HIPAA allowances for communication with family and friends of patients, in order to protect first responders, and with disaster relief agencies.

Social distancing to help prevent the spread of the novel coronavirus is effective, but patient care has typically required a face-to-face encounter, which can cause the spread of the virus as infected individuals travel to and from appointments. It is essential to be able to provide telemedicine services in order to reach the most individuals without risking more harm.

HIPAA regulations put controls on the appropriate technologies to use for communications, and can require that a Business Associate relationship be established when using any services that involve any persistence of custody of Protected Health Information. Violations of HIPAA rules can lead to penalties in the millions of dollars.

HHS has announced the relaxation of enforcement pertaining to the use of teleconferencing technologies to provide remote medical services, allowing the use of such services to expand quickly, but limits on "public-facing" conferencing technologies remain. Providers need to adopt the necessary technologies without fear of HIPAA violation enforcement actions during the COVID-19 Emergency and must understand the limits of what is permitted in order to best serve patients and their families.

HHS has also issued guidance to remind healthcare providers of the allowances for communications with family and friends, with disaster relief organizations, and to prevent a serious and imminent threat to the health or safety of individuals or the public.

In addition to the need for remote communications, first responders may need to take steps to protect themselves and the public from infected patients, that could indicate the condition of the patient to others, in violation of privacy regulations.

HHS has issued guidance that permits the necessary communications take place in the interest of public safety, and otherwise allows communications necessary when needed to provide treatment, when required by law, when first responders may be at risk for an infection, and when disclosure is necessary to prevent or lessen a serious and imminent threat, to protect the health and safety of first responders and the public.

HHS Guidance also reminds us of reasonable allowances for communicating with the family and friends of a patient when it is in the patient's best interest to do so.

It is not always possible to obtain formal permission to contact family and friends of a patient and the rules do permit appropriate communication, relating to any issues at hand, when professional judgement dictates. In addition, sharing information with disaster relief organizations, such as the Red Cross, is permitted as necessary to provide care and respond to the emergency.

This Webinar will help healthcare professionals understand how to best provide services during the emergency and meet HIPAA requirements at the same time. Under the emergency declaration, HHS makes it clear that the care of the patient comes first, and privacy must be maintained as reasonably possible, but recognizes the unique challenges of dealing with the emergency, and the need to ensure that the communication necessary to protect individuals and the public takes place appropriately.

Why should you Attend: In emergency circumstances of various kinds, it is permissible to use and disclose an individual's Protected Health Information (PHI) to provide services to the individual, communicate with family and friends of a patient, share information necessary to protect first responders, and share information with disaster relief agencies.

But such sharing must be done within the guidance provided by the US Department of Health and Human Services Office for Civil Rights (HHS OCR).

It is important to ensure the safety of individuals and various caregivers while considering compliance as reasonably possible, and, at the same time, not go beyond the bounds established in guidance.

Areas Covered in the Session:

  • Emergency needs in communications during the Emergency
  • Types of Telemedicine and Teleconferencing technology, and HIPAA requirements
  • Explaining the Relaxation of Enforcement of some HIPAA rules to facilitate communication
  • What are permitted communications with Family and Friends of patients
  • Communications that are necessary in First Response circumstances
  • Disclosures to Disaster Recovery agencies
  • Disclosures to Prevent a Serious and Imminent Threat

Who Will Benefit:
  • Compliance Director
  • CEO
  • CFO
  • Privacy Officer
  • Security Officer
  • Information Systems Manager
  • HIPAA Officer
  • Chief Information Officer
  • Health Information Manager
  • Healthcare Counsel/lawyer
  • Office Manager

Speaker Profile
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities.

Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference in Washington, D.C.

Sheldon-Dean has more than 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master's degree from the Massachusetts Institute of Technology.

You Recently Viewed