Anesthesia Coding Alert

Compliance:

How Flexible Is HIPAA When Disaster Strikes? Quiz Yourself

Published on Mon Nov 14, 2022

Remember the answers to these nine questions to protect your practice and patients.

Following HIPAA rules isn’t always possible during a natural disaster, and that’s why authorities allow for some relaxation of the rules during an emergency. But that doesn’t mean you and your team can ignore the requirements completely.

Now is a good time to make sure you’re up to speed on what changes and where you can find the details when you need them. The Department of Health and Human Services (HHS) has declared several hurricane-related public health emergencies (PHEs), which offer regulatory relief for providers — including specific HIPAA-related flexibilities.

At press time, HHS Secretary Xavier Becerra had already declared three separate PHEs for hurricanes that hit the U.S. recently. First, on Sept. 20, he declared a Hurricane Fiona PHE for Puerto Rico backdated to Sept. 17. Next, on Sept. 26, Becerra declared Hurricane Ian a PHE for Florida dated back to Sept. 23 and followed that up with another declaration for South Carolina on Sept. 30, backdated to Sept. 25. See the PHE declarations at https://aspr.hhs.gov/legal/PHE/Pages/default.aspx.

Reminder: The HHS Secretary may waive some sanctions and penalties for covered entities (CEs) and business associates (BAs) under a PHE determination, but healthcare providers and their partners are still tasked with safeguarding patients’ protected health information (PHI).

Test your knowledge on these nine questions to see if you know the HIPAA essentials.

1. Which group can CEs share PHI with, in reference to public health activities during a PHE?

A. Public health authorities

B. Foreign governments at the direction of a public health authority or working in tandem with the authority

C. People at risk of contracting or spreading disease

D. All of the above

2. Which of the following is an example of a public health authority that a CE can share patients’ PHI with during a PHE — without prior authorization?

A. The Centers for Disease Control and Prevention (CDC)

B. A healthcare lawyer

C. A neighbor

D. All of the above

3. True or false: No matter the type of disaster or PHE, a CE is never relieved of distributing a notice of privacy practices.

A. True

B. False

4. What is the Code of Federal Regulation associated with the distribution of notices of privacy practices?

A. 45 CFR 164.520

B. 45 CFR 164.522(a)

C. 45 CFR 164.510(b)

D. 45 CFR §§ 164.502(a)(1)(ii)

5. What should a CE use before determining that it’s acceptable to share patients’ PHI with friends or family?

A. Another doctor’s opinion

B. ICD-10-CM codes

C. Professional judgment

D. Enforcement agencies

6. What does this define under the HIPAA Privacy Rule: “The provision, coordination, or management of health care and related services among health care providers or by a health care provider with a third party, consultation between health care providers regarding a patient, or the referral of a patient from one health care provider to another”?

A. Payment

B. Treatment

C. Designated record set

D. Coding

7. True or false: A CE must continue to make every effort to safeguard PHI during a PHE, disclosing only the minimum information necessary to care and treat patients.

A. True

B. False