Senior Communications Manager
Kirk Nahra Discusses HIPAA Applicability During Mass-Casualty Events
Kirk J. Nahra, chair of Wiley Rein’s Privacy Practice and co-chair of the Health Care Practice, was quoted in a Hospital Access Management article about the extent to which emergency room registrars can disclose patient information during mass-casualty events.
In the aftermath of the Orlando nightclub shooting, “hospitals seemed to think they couldn’t tell anyone anything” under the Health Insurance Portability and Accountability Act’s (HIPAA) privacy rules,” Mr. Nahra said. “That is clearly not true.”
He explained that if hospitals told people, “Under law, we are not permitted to give out any information,” that would be false. It would be more accurate for hospitals to say, “We are not going to give out any information,” he said.
According to the article, in the confusion of a disaster, ER registrars typically refuse to give any information—even to patients’ family members—because they don’t know what they are permitted to say. “In contexts like this, sometimes it’s easier to just say ‘no,’” Mr. Nahra said. “Saying nothing can’t violate the privacy rule.”
However, the U.S. Department of Health and Human Services (HHS) wouldn’t have penalized hospital staff in Orlando “for trying to be helpful in this situation.” he stressed. “HHS—and this isn’t true of all regulatory agencies—tries really hard to tell when you are trying to do the right thing when you made a mistake. And they are very good at that.”
Mr. Nahra explained that problems can arise if the same mistake occurs repeatedly and no training was given to staff. However, he added that HHS is sensitive to the likely reaction of other hospitals if one is penalized for giving out information during a disaster. “If there is a penalty issue because one hospital answered some questions, I guarantee you nobody will ever answer those questions again.”