In preparation of Hurricane Florence making landfall, the Department of Health and Human Service (HHS) Office for Civil Rights (OCR) has issued guidance:
- To help ensure appropriate sharing of medical information during Hurricane Florence; and
- To help ensure individuals with disabilities, limited English language proficiency (LEP) and other special needs are properly addressed.
Sharing of Medical Information During Hurricane Florence
In anticipation of Hurricane Florence making landfall, HHS Secretary Alex Azar on September 12, 2018 issued a declaration of a Public Health Emergency (PHE) that temporarily waives sanctions and penalties under the following requirements of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule that otherwise would prohibit covered hospitals in North Carolina, South Carolina, and Virginia from sharing protected medical information without a HIPAA-complaint authorization from the individual who is the subject of the information:
- Requirements to obtain a patient’s agreement to speak with family members or friends involved in the patient’s care. See 45 CFR 164.510(b);
- Requirement to honor a request to opt out of the facility directory. See 45 CFR 164.510(a)
- Requirement to distribute a notice of privacy practices. See 45 CFR 164.520;
- Patient’s right to request privacy restrictions. See 45 CFR 164.522(a); and
- Patient’s right to request confidential communications. See 45 CFR 164.522(b).
This waiver applies only to hospitals in North Carolina, South Carolina and Virginia that have instituted a disaster protocol and only up to 72 hours from the time the hospital implements its disaster protocol or, if earlier, when the PHE declaration terminates. When the Presidential or Secretarial declaration terminates, a hospital must then comply with all the requirements of the Privacy Rule for any patient still under its care, even if 72 hours has not elapsed since implementation of its disaster protocol.
As explained in OCR’s Bulletin on Hurricane Florence, even without an emergency waiver, the Privacy Rule has several provisions that allow patient information to be shared to assist patients in receiving the care they need including during disasters. For example, the Privacy Rule permits covered entities to share information with loved ones for treatment purposes, for public health activities, and to prevent or lessen a serious and imminent threat to health or safety. The Privacy Rule also allows the sharing of information with individuals’ family, friends, and others involved in their care in emergency situations to ensure proper care and treatment.
In addition, when a health care provider is sharing information with disaster relief organizations that are authorized by law or by their charters to assist in disaster relief efforts, such as government relief agencies or entities like the American Red Cross, it is unnecessary to obtain a patient’s permission to share health information if doing so would interfere with the organization’s ability to respond to the emergency.
For information about how the HIPAA Privacy Rule applies in an emergency, visit OCR’S HIPAA Emergency Preparedness, Planning, and Response page or you may use the HIPAA Disclosures for Emergency Preparedness Decision Tool.
Proper Accommodation Of Needs Of At-Risk Populations
and other federal agencies are reminding emergency responders and other officials to be mindful of and take reasonable steps to ensure that all segments of the community including people with special needs and others at risk in an emergency receive an equal opportunity to benefit from emergency response efforts in all areas affected by Hurricane Florence in compliance with Federal civil rights laws and that the disaster management in the areas affected by Hurricane Florence is successful.
People with special needs and other at risk persons that may require special efforts may include:
- Elderly persons
- Persons from diverse cultural origins
- Persons including persons with cognitive, vision, hearing, speech, physical mobility or other physical or mental impairments that substantially limit one or more major life activities (“individuals with disabilities”)
- A person who does not speak English as their primary language and who has a limited ability to read, write, speak, or understand English well (“Individuals with limited English proficiency” or “LEP”).
- Persons who live in institutionalized settings
- Persons who do not have access to transportation
To help meet the needs of these at-risk populations, OCR urges emergency responders and officials consider adopting, as circumstances and resources allow, the following practices to help make sure all segments of the community are served:
- Employing qualified interpreter services to assist individuals with limited English proficiency and individuals who are deaf or hard of hearing during evacuation, response and recovery activities
- Making emergency messaging available in languages prevalent in the area and in multiple formats, such as audio, large print, and captioning and ensuring that websites providing disaster-related information are accessible
- Making use of multiple outlets and resources for messaging to reach individuals with disabilities, individuals with limited English proficiency, and members of diverse faith communities
- Considering the needs of individuals with mobility impairments and individuals with assistive devices or durable medical equipment in providing transportation for evacuation
- Identifying and publicizing accessible sheltering facilities that include accessible features, such as bathing, toileting, and eating facilities and bedding
- Avoiding separating people from their sources of support, such as service animals, durable medical equipment, caregivers, medication and supplies
- Stocking shelters with items that will help people to maintain independence, such as hearing aid batteries, canes, and walkers.
Guidance previously issued in response to Hurricane Harvey or other disasters also highlights the need for sensitivity to the rights of individuals with a disability to be accompanied by their service animals by the American Red Cross and other state, local, and nongovernmental organizations that operate shelters serving disaster survivors. Under civil rights law, these shelter providers generally are required to allow an individual with a disability to be accompanied by their service animal within the shelter. A service animal is not a pet and is therefore not subject to restrictions applied to pets or other animals (Rumor: Pets in Hotels (Transitional Sheltering Assistance)). The Department of Homeland Security (DHS) Office for Civil Rights and Civil Liberties (CRCL) provides assistance to Individuals with disabilities with service animal turned away from a disaster shelter. For more information about service animals under the Americans with Disabilities Act, see Frequently Asked Questions about Service Animals and the ADA and ADA Requirements: Service Animals.
OCR and FEMA also recognize the potential that concerned about potential immigration law enforcement may deter undocumented aliens impacted by the Hurricane from accepting or applying for disaster relief or assistance. OCR’s disaster emergency page states that FEMA will not proactively provide information gathered through these applications with ICE or CBP for immigration enforcement purposes; however, if a significant law enforcement interest exists (e.g. a national security case) for an individual whose information is contained therein, FEMA may share information with our law enforcement partners, within the Department of Homeland Security (DHS) per their request, in accordance with the intra-agency need to know exception to the general disclosure prohibition of the Privacy Act of 1974.
Other Resources and Tools
Emergency responders, health care providers and others responding to the needs of individuals impacted by Hurricane Florence also should review the other information and resources on recognizing and responding to the needs of Individuals with Disabilities, LEP individuals, and other at-risk individuals available on the HHS Emergency Management Page.
About the Author
Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.
Ms. Stamer’s legal, management, governmental affairs work and speaking and publications have focused on helping health industry, health benefit and other organizations and their management use the law, performance and risk management tools and process to manage people, performance, quality, compliance, operations and risk.
Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer’s clients include public and private, domestic and international hospitals, health care systems, clinics, skilled nursing, long term care, rehabilitation and other health care providers and facilities; medical staff, accreditation, peer review and quality committees and organizations; billing, utilization management, management services organizations, group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; consultants; investors; technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, insurers, self-insured health plans and other payers; and other health industry clients as well as a diverse array of other business and government entities. Ms. Stamer’s health industry clients include public health organizations; public and private hospitals, healthcare systems, clinics and other health care facilities; physicians, physician practices, medical staff, and other provider organizations; skilled nursing, long term care, assisted living, home health, ambulatory surgery, dialysis, telemedicine, DME, Pharma, clinics, and other health care providers; billing, management and other administrative services organizations; insured, self-insured, association and other health plans; PPOs, HMOs and other managed care organizations, insurance, claims administration, utilization management, and other health care payers; public and private peer review, quality assurance, accreditation and licensing; technology and other outsourcing; healthcare clearinghouse and other data; research; public and private social and community organizations; real estate, technology, clinical pathways, and other developers; investors, banks and financial institutions; audit, accounting, law firm; consulting; document management and recordkeeping, business associates, vendors, and service providers and other professional and other health industry organizations; academic medicine; trade associations; legislative and other law making bodies and others.
Ms. Stamer supports these organizations and their leaders on both a real-time, “on demand” basis as well as outsourced operations or special counsel on an interim, special project, or ongoing basis with operational compliance and risk management; strategic planning; product and services development and innovation; workforce and operations management: crisis preparedness and response; public and regulatory affairs and host of other concerns.
As part of this work, Ms. Stamer continuously advises clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, privacy and data security, and other risk management and operational matters. She helps clients to establish and administer compliance and risk management policies; comply with requirements, investigate and respond to Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; JCHO and other accreditation and quality organizations; private litigation and other federal and state health care industry investigation, enforcement including insurance or other liability management and allocation; process and product development, contracting, deployment and defense; evaluation, commenting or seeking modification of regulatory guidance, and other regulatory and public policy advocacy; training and discipline; enforcement, and a host of other related concerns for public and private health care providers, health insurers, health plans, technology and other vendors, employers, and others.and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She also helps health industry, health plans and insurers, health IT, life sciences and other health industry clients manage regulatory, contractual and other legal and operational compliance; vendors and suppliers; Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA and other private payer and other terms of participation, medical billing, reimbursement, claims administration and coordination, and other provider-payer relations, contracting, compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; meaningful use, EMR, HIPAA and other technology, data security and breach and other health IT and data; STARK, antikickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care; internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; 1557 and other Civil Rights; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns.
Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also has extensive health care reimbursement and insurance experience advising and defending health care providers, payers, and others about Medicare, Medicaid, Medicare and Medicaid Advantage, Tri-Care, self-insured group, association, individual and group and other health benefit programs and coverages including but not limited to advising public and private payers about coverage and program design and documentation, advising and defending providers, payers and systems and billing services entities about systems and process design, audits, and other processes; provider credentialing, and contracting; providers and payer billing, reimbursement, claims audits, denials and appeals, coverage coordination, reporting, direct contracting, False Claims Act, Medicare & Medicaid, ERISA, state Prompt Pay, out-of-network and other nonpar insured, and other health care claims, prepayment, post-payment and other coverage, claims denials, appeals, billing and fraud investigations and actions and other reimbursement and payment related investigation, enforcement, litigation and actions.
Heavily involved in health care and health information technology, data and related process and systems development, policy and operations innovation and a Scribe for ABA JCEB annual agency meeting with OCR for many years who has authored numerous highly-regarded works and training programs on HIPAA and other data security, privacy and use, Ms. Stamer also is widely recognized for her extensive work and leadership on leading edge health care and benefit policy and operational issues including meaningful use and EMR, billing and reimbursement, quality measurement and reimbursement, HIPAA, FACTA, PCI, trade secret, physician and other medical confidentiality and privacy, federal and state data security and data breach and other information privacy and data security rules and many other concerns. Her work includes both regulatory and public policy advocacy and thought leadership, as well as advising and representing a broad range of health industry and other clients about policy design, drafting, administration, business associate and other contracting, risk assessments, audits and other risk prevention and mitigation, investigation, reporting, mitigation and resolution of known or suspected violations or other incidents and responding to and defending investigations or other actions by plaintiffs, DOJ, OCR, FTC, state attorneys’ general and other federal or state agencies, other business partners, patients and others.
As part of this work, Ms. Stamer has worked extensively with health care providers, health plans, health care clearinghouses, their business associates, employers and other plan sponsors, banks and other financial institutions, and others on risk management and compliance with HIPAA, FACTA, trade secret and other information privacy and data security rules, including the establishment, documentation, implementation, audit and enforcement of policies, procedures, systems and safeguards, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and and enforcement, and a host of other related concerns. Her clients include public and private health care providers, health insurers, health plans, technology and other vendors, and others. In addition to representing and advising these organizations, she also has conducted training on Privacy & The Pandemic for the Association of State & Territorial Health Plans, as well as HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for Los Angeles County Health Department, MGMA, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.
A former lead consultant to the Government of Bolivia on its Pension Privatization Project with extensive domestic and international public policy concerns in pensions, healthcare, workforce, immigration, tax, education and other areas, Ms. Stamer also continuously works with a diverse array of clients to monitor, shape and respond to federal and state legislative, regulatory, enforcement and other public policy and regulatory affairs concerns.
Author of leading works on a multitude of these and other concerns, the American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting, former Vice President of the North Texas Health Care Compliance Professionals Association, past Chair of the ABA Health Law Section Managed Care & Insurance Section, past ABA JCEB Council Representative and CLE and Marketing Committee Chair, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, and Board Certified by the Texas Board of Legal Specialization in Labor and Employment Law, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other related concerns by her service in the leadership of the Solutions Law Press, Inc. Coalition for Responsible Health Policy, its PROJECT COPE: Coalition on Patient Empowerment, and a broad range of other professional and civic organizations including North Texas Healthcare Compliance Association, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children (now Warren Center For Children); current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, past Representative and chair of various committees of ABA Joint Committee on Employee Benefits; a ABA Health Law Coordinating Council representative, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.
About Solutions Law Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here.
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.
NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advise or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.
Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.
©2018 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved