Suspend the HIPAA law for this shooting

The waiver of HIPAA during a disaster or public emergency is not new and there have already been exceptions written into it for law enforcement without a waiver. This waiver is or should be part of every hospital's disaster preparedness plan when outside help might be needed.

It does not mean a full disclosure of everything to anybody. It has limitations as to what is given to who. Besides identifying the patients, it can also help determine who is victim and who is foe or whatever criminal investigation is happening. It releases information only to the necessary agencies or persons to speed up care and the investigating. It does not release everything or anything to all. You will notice the information about the deceased and the living is still slowly becoming known and only with limited info. Unfortunately, major situations like this also will bring out the looky-looks and anyone with a cellphone who wants to get the scoop first to post on Facebook.

Certain sensitive private information can still be controlled and it is possible not all names will be released publicly at the request of the families or the patients. There are also other regulations to protect the victims of criminal acts which might be in effect.

Emergency Response | HHS.gov

For whatever you think of HIPAA, I prefer my personal data, SS#, health history and whatever other information not be readily available in this electronic age. The confusion comes from poor training on what HIPAA actually is and when it comes down to the nitty gritty, it is largely commonsense and careful screening of who you give out, either by computer or mouth, info to shouldn't be a major issue.

The waiver of HIPAA during a disaster or public emergency is not new and there have already been exceptions written into it for law enforcement without a waiver. This waiver is or should be part of every hospital's disaster preparedness plan when outside help might be needed.

It does not mean a full disclosure of everything to anybody. It has limitations as to what is given to who. Besides identifying the patients, it can also help determine who is victim and who is foe or whatever criminal investigation is happening. It releases information only to the necessary agencies or persons to speed up care and the investigating. It does not release everything or anything to all. You will notice the information about the deceased and the living is still slowly becoming known and only with limited info. Unfortunately, major situations like this also will bring out the looky-looks and anyone with a cellphone who wants to get the scoop first to post on Facebook.

Certain sensitive private information can still be controlled and it is possible not all names will be released publicly at the request of the families or the patients. There are also other regulations to protect the victims of criminal acts which might be in effect.

Emergency Response | HHS.gov

If the President declares an emergency or disaster and the Secretary of HHS declares a public health emergency, the Secretary may waive sanctions and penalties against a covered hospital that does not comply with certain provisions of the Privacy Rule. The Privacy Rule remains in effect. The waivers are limited and apply only for limited periods of time.

For whatever you think of HIPAA, I prefer my personal data, SS#, health history and whatever other information not be readily available in this electronic age. The confusion comes from poor training on what HIPAA actually is and when it comes down to the nitty gritty, it is largely commonsense and careful screening of who you give out, either by computer or mouth, info to shouldn't be a major issue.

OP, HIPAA is mere political correctness because of AIDS? Seriously?

A bit of a tangent here, but trying to invalidate something by calling it "politically correct" is nothing more than a cover for being as mean, demeaning or, in this case, destructive as you want. It's used to absolve you from actually making a solid argument. It spares you the effort of finding a way of saying it that isn't offensive, disrespectful or nasty. Whenever I hear the phrase, or someone boasting about being "politically incorrect", I get ready to hear some truly hateful stuff.

I have no idea whether the passage of HIPAA was motivated by the profound harm that can done by disclosure of HIV status, so you may be right about that. But, even if it was, dismissing that concern as "politically correct" tells me way more about you than I really want to know.

In the interest of un-derailing this thread, I was a nurse well before the passage of HIPAA. I worked for a while in the eighties at the student health services at a major university. We had students from the work study program working in our medical records dep't. These were the days of paper records and it was widely known that students would browse through charts looking for entertaining bits of gossip fodder.

As it happens, sexually harassing lesbians and beating up gay men were pretty much varsity sports at this school. You can see why I would be a bit testy over that "politically correct" remark.

The larger point is that, in addition to identity theft which is destructive enough, severe or fatal harm may be done by inappropriate disclosure of health information. HIPAA is intended to prevent that harm and I cheered when it passed. We were all way too careless until HIPAA forced us to take confidentiality seriously.

Welcome to the electronic age!

What about regulations that protect your financial information everyday? Are you aware of those? Do you think about it when you use the ATM or swipe your debit/credit card?

FDIC: Your Rights to Financial Privacy

The federal Gramm-Leach-Bliley Act of 1999?

We are no longer dealing with paper bank books which you keep under your mattress for security nor are we dealing with paper records your doctor locks in a file cabinet and only makes Xerox copies of for your insurance company or fills in the blanks by pen. Your information is out there and everywhere. Without some boundaries and required encryption, anyone could access it easily. With privacy mandates in place we make it a little more difficult.

We have dealt with patient privacy for decades but it was usually at the state and hospital policy level. Usually just a "ssshhh! was enough back in the stone age (aka pen and paper) but that was abused and computers made it easy for data to be shared and broadcast. HIV and celebrity status just made us realize how our info can be used for someone else's ill intent or gain. This doesn't just mean tabloids but also insurance companies and data miners who use our information for their own agendas. Ever think about all those loyalty cards at the supermarket? What about the spending info your credit card shares when it entices you to signup for one of those "special" cards where you assume the fine print is the same? There are reasons we hand out and explain HIPAA or privacy to our patients. If you don't take the time to know what you are signing, let the buyer beware. It is unfortunate that some will still attempt to prey on patients when they are most vulnerable but it happens and we must have safeguards which includes those at the bedside.

Heinz is partially correct. The HHS information is not, however, the governing law. The rules trigger a waiver whenever a hospital implements its disaster protocol. The CEO in this case used this tragedy to disparage government protection of personal privacy while unnecessarily delaying lawful disclosue to traumatized families. If his attorneys advised him to do so he may wish to rethink his choice in counsel. If he read the relevant parts of the Code of Federal Regulations and did his own interpretation he may want to think of asking his college for a refund as it failed him miserably in teaching literacy.

Neither the White House or HHS waived any part of HIPAA in Orlando since there was no reason to, it's not particularly clear at this point why the mayor of Orlando claimed a waiver was needed or that one was granted.

According to Dyer, the mayor of Orlando, a hospital CEO complained to him that they couldn't tell people who were calling the hospital inquiring about their family members that they were there in the hospital or their general condition, even though HIPAA clearly allows for this information to be given, no waiver required. Dyer then for some reason lied to reporters that he had requested and been granted a waiver, which never happened.

Most of the original press coverage of the "waiver" has been corrected today:

Update, June 13, 2016: On Sunday, Buddy Dyer, the mayor of Orlando, stated on CNNthat he had asked for the White House to waive certain HIPAA regulations in order to encourage faster sharing of information with victims' family members and indicated that the White House had complied. In fact, the White House did not waive any portion of HIPAA regulations on Sunday. The Department of Health and Human Services stated Monday that the necessary information sharing was already allowed under the HIPAA law as it is written, as the law states that medical professionals are allowed to share information without consent in an emergency circumstance as long as they exercise professional judgment."

Obama's choice to waive HIPAA in Orlando would likely have helped families and loved ones during the crisis.

Coverage of the bad coverage by a source reasonably familiar with HIPAA:

Confusion over whether Orlando providers needed HIPAA waiver - Modern Healthcare Modern Healthcare business news, research, data and events