In the wake of the recent Ebola cases, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has issued a new bulletin reminding HIPAA-covered entities and their business associates that the requirements of the HIPAA Privacy Rule still apply when sharing protected health information (PHI), even in emergency situations. Towards that end, OCR’s bulletin provides guidance on how covered entities can share, use, and disclose critical information under certain situations during a disaster. Hospitals and other covered entities subject to the HIPAA Privacy Rule should consider the bulletin and OCR’s additional guidance on HIPAA in emergency situations as part of any Ebola or disaster preparedness plan. Click here to continue reading.