Natural disasters impact tens of millions of people every year. In the United States alone, natural disasters including floods, earthquakes, droughts, and various types of storms took 355 human lives and caused over $80 billion in damages in 2018. When disasters strike, the ability for health and human services providers to provide care are often negatively impacted at the same time that the needs for their services are increasing. The classic example of this dilemma is with hospitals. If they are not properly equipped to withstand a natural disaster in such a way that they are still functional then the casualties of the disaster will have severely reduced access to care at the time of their greatest need. However, disruptions caused by disasters are not limited to healthcare. Resources ranging from homeless shelters to food banks to employment centers may also be damaged in a way that prevents them from being functional during the disaster and, potentially, for a long time after.
Because the potential impact of natural disasters is so severe, it is extremely important for communities and health and social service providers to have disaster recovery plans in place before faced with such challenges. When creating these plans, one of the most important topics to consider is how to handle communication.
Emergency Communication Plans
Effective communication is at the heart of any successful disaster recovery plan and yet many disasters negatively impact the communication capabilities of a community. This impact may be because of damage from the disaster itself or it could be a byproduct of the number of people trying to simultaneously use the communication system to access emergency services or check on the status of loved ones. Having a backup plan to maintain emergency communications during a disaster allows community leaders and other service providers to communicate and collaborate to best serve the needs of their neighbors.
HIPAA Compliance and Emergency Procedures
Another significant challenge to address during a disaster scenario is how healthcare providers handle patient records. This particular struggle is twofold. First, providers must ensure that records themselves are not compromised. This problem has largely been eliminated by the transition from paper records to electronic records which are stored in data centers away from hospitals and clinics. However, it is still important to confirm that the data centers are adequately protected and that the communication backups are in place to ensure access during an emergency. Second, providers must have a way to effectively communicate patient needs in the event of emergency transfers or evacuations while still taking into account the ongoing need to protect patient privacy.
The Health Insurance Portability and Accountability Act (HIPAA) is actually built to include provisions for how to handle personal health information (PHI) during an emergency. For example, under emergency conditions healthcare providers can disclose PHI without patient consent if it is necessary for providing treatment and care for the patient. PHI can also be provided to public health organizations, such as the Centers for Disease Control and Prevention (CDC), if it is deemed necessary to help prevent or contain a public health emergency. There are also other circumstances were unauthorized disclosure of PHI is allowable in an emergency, but they all follow the restrictions of “minimum necessary.” This means that only the minimum necessary PHI can be released and only to the minimum number of necessary parties required to meet the emergency needs.
In addition to standard HIPAA emergency regulations, the Department of Health and Human Services can issue a waiver suspending certain sanctions and penalties under HIPAA for a finite amount of time during a disaster. HHS Secretary Alex Azar made the determination to grant this waiver in 2018 for Hurricane Florence and did so again for Hurricane Dorian just recently.
These waivers only apply to hospitals within the designated emergency area and only if they have implemented disaster protocols. The HIPAA Privacy Rule provisions covered by this waiver include:
- Requirements to obtain a patient’s agreement to speak with family members or friends involved in the patient’s care
- Requirement to honor a request to opt out of the facility directory
- Requirement to distribute a notice of privacy practices
- Patient’s right to request privacy restrictions
- Patient’s right to request confidential communications
These waivers can only be in place for up to 72 hours and may be ended before that time if the emergency situation has passed.
Long Term Recovery
Though events such as earthquakes, hurricanes, and floods are usually short lived, their impact is felt much longer. Immediately after the event has passed a community must be prepared to complete a number of time sensitive tasks such as restoring public utilities, distributing various types of emergency aid, locating temporary housing for individuals whose homes have been impacted, and even retrieving and identifying human remains. After all of the immediate needs are met, a plan must be implemented to repair infrastructure and rebuild homes. In addition to physical repairs, disaster situations create additional physical and mental health needs that must be addressed as well. And like any other scenario negatively impacting lives, it is important that all strategies and care plans take into account the complete needs of an individual and not just address individual symptoms.
The needs of a community during a disaster and while in recovery are many and complex, which is why they are best addressed through careful planning and effective collaboration between government agencies and health and human services providers. They are also most effectively handled when disaster recovery plans are in place long before an emergency strikes.