Court Rules McHenry County Health Department Must Disclose COVID-19 Patients’ Names to 911 Dispatchers
The McHenry County Health Department in Illinois has been refusing to provide the names of COVID-19 patients to 911 dispatchers to protect the privacy of patients, as is the case with patients that have contracted other infectious diseases such as HIV and hepatitis.
The Health Insurance Portability and Accountability Act’s (HIPAA) Privacy Rule permits disclosures of PHI to law enforcement officers, paramedics, and 911 dispatchers under certain circumstances, which was clarified by the HHS’ Office for Civil Rights in a March 24, 2020 guidance document, COVID-19 and HIPAA: Disclosures to law enforcement, paramedics, other first responders and public health authorities.
In the document, OCR explained that “HIPAA permits a covered county health department, in accordance with a state law, to disclose PHI to a police officer or other person who may come into contact with a person who tested positive for COVID-19, for purposes of preventing or controlling the spread of COVID-19. 45 CFR 164.512(b)(1)(iv).” OCR also explained that “disclosing PHI such as patient names to first responders is necessary to prevent or lessen a serious and imminent threat to the health and safety of a person or the public.”
While the disclosures are permissible, the County Health department said on Friday it will not disclose that information as it violates the privacy of patients and creates a false sense of security for first responders, who must assume that every home they visit could house a person who has contracted COVID-19 and could transmit the coronavirus. The Country Health Department recommended first responders should take the same precautions with all interactions with the community.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
“In MCDH’s professional public health opinion, given what we know about how this disease spreads, the general lack of testing, epidemiological data and the stay-at-home order, providing the personal names of cases exceeds the minimum information needed to protect law enforcement,” explained MCDH.
Several law enforcement agencies in McHenry County took legal action to force the County Health Department to disclose the information to better protect first responders. Two lawsuits were filed, one on behalf of four police departments in the County and the other by the County Sheriff’s office. The police department lawsuit requested information be released to the the McHenry County Emergency Telephone System Board. That would ensure that any officers responding to incidents would be made aware if they need to take extra precautions. The County Sheriff argued in its lawsuit that it was not possible for officers to take the same precautions with every interaction with a member of the public as there was not enough personal protective equipment available.
On Friday evening, a temporary court order was issued requiring MCDH to disclose the information. In the ruling, it was explained that “The availability of the names at issue best enables police officers to do their job and protect the community to the fullest extent of their ability.”
As a result of the court order, MCDH will start providing the names of patients, on request, but only to dispatchers on a call-by-call basis. MCDH has requested the “tightest control” of any information that is disclosed, to protect the privacy of its patients.
