Original article here from NCMIC

While social media is blowing up with so called “facts” about the Coronavirus, something that every clinician needs to remember is that following HIPAA  guidelines is paramount.

As an example, when an Ohio case was announced yesterday, I received a call from a friend telling me that the man testing positive lives about three miles from a family member.  Unless that individual or his family member shared that information, this type of information should not be out in “air waves”. Let’s be clear, the 18 Protected Health Information (PHI) identifiers include:

•             Names

•             Dates, except year

•             Telephone numbers

•             Geographic data

•             FAX numbers

•             Social Security numbers

•             Email addresses

•             Medical record numbers

•             Account numbers

•             Health plan beneficiary numbers

•             Certificate/license numbers

•             Vehicle identifiers and serial numbers including license plates

•             Web URLs

•             Device identifiers and serial numbers

•             Internet protocol addresses

•             Full face photos and comparable images

•             Biometric identifiers (i.e. retinal scan, fingerprints)

•             Any unique identifying number or code

HIPAA has a special guidance section for what information and to whom that information can be released during an emergency situation. You can review these guidelines at: https://www.hhs.gov/hipaa/for-professionals/special-topics/emergency-preparedness/decision-tool-overview/index.html

Office of Civil Rights

Always remember the Office of Civil Rights (OCR) is very clear in their message:  there needs to be a balance between protecting the privacy of patient PHI (protected health information) and the appropriate use and disclosure of information to protect the public.