As COVID-19 sweeps the country, hospital CIOs are juggling the information that is necessary to share with public health officials and other employees throughout their organizations.
The Trump administration has asked hospitals to report COVID-19 testing data daily to HHS. Hospitals must provide data on bed capacity and supply information. With HIPAA penalties relaxed, hospitals should still remove personal identification information from this data.
Hospitals are also asked to report in-house lab testing through an HHS spreadsheet.
When an employee tests positive for COVID-19, hospitals should limit the amount of information disclosed, with only the "minimum necessary" information being shared publicly. Hospitals should not identify by name the employee who has tested positive.
Hospitals are also more actively working with law enforcement, paramedics and other first responders during the pandemic. HHS' Office for Civil Rights has released guidelines to allow hospitals to share identifying information about COVID-19 patients with public health authorities and other public offices without the patient's HIPAA authorization.
While hospitals have the ability to more freely share information, the OCR emphasizes that hospitals should make efforts to limit the amount of protected health information shared with first responders.
When it comes to communicating with one another about patient information and communication with patients, the ORC is allowing hospitals to use nonpublic-facing remote communication services, including Apple FaceTime, Facebook Messenger video chat, Google Hangouts video, Zoom and Skype.