Hurricane Katrina: HIPAA Privacy and Electronic Health Records of Evacuees [January 17, 2006] [open pdf - 66KB]
"On September 4th, 2005 Health and Human Services (HHS) Secretary Leavitt declared a federal public health emergency for Louisiana, Alabama, Mississippi, Florida and Texas, and waived certain requirements under Medicare, Medicaid, the State Children's Health Insurance Program, and the Health Insurance Portability and Accountability Act (HIPAA) to allow health care providers in affected areas to care for patients without violating certain provisions of those laws. The Secretary waived sanctions and penalties arising from noncompliance with certain provisions of the HIPAA privacy regulations. On September 9, HHS issued Hurricane Katrina Bulletin #2--HIPAA Privacy Rule Compliance Guidance and Enforcement Statement for Activities in Response to Hurricane Katrina. The September 9 bulletin builds on a September 2 guidance in which the department emphasized how the HIPAA privacy rule allows patient information to be shared to assist in disaster relief efforts, and to assist patients in receiving care. Shortly after Hurricane Katrina, the federal government began a pilot test of KatrinaHealth.org, an Electronic Health Record (EHR) online system, sharing prescription drug information for hurricane evacuees with health care professionals. This report discusses, in response to Hurricane Katrina, HHS' waiver of certain provisions of the HIPAA Privacy Rule, and the compliance and enforcement guidance with respect to the Privacy Rule issued by HHS. It also provides a brief overview of KatrinaHealth.org. This report will be updated."
CRS Report for Congress, RS22310