• Call Us: +1 833 990 1500 (Toll Free) (Mon - Fri, 7am - 3pm EST)
  • Email Us: info@medical-webinars.com

HIPAA Privacy and Disclosures in Emergency Situations – What Are the Emergencies and How Do They Apply to the Duty to Warn?

02/16/2026
Live Webinar
28 day
12 hr
34 min
34 sec
“HIPAA Privacy and Disclosures in Emergency Situations – What Are the Emergencies and How Do They Apply to the Duty to Warn?”

The HIPAA Privacy Rule establishes national standards to protect individuals’ protected health information (PHI) while permitting certain disclosures when necessary for treatment, safety, or emergency response. But what is an emergency situation?

In typical clinical settings, covered entities (such as health care providers and health plans) must safeguard PHI and generally cannot disclose it without patient authorization. However, HIPAA explicitly allows exceptions in emergency situations, recognizing that protecting life and safety can require sharing information that would otherwise be confidential.

In addition, state laws on duty to warn can apply.

A prominent type of emergency disclosures under HIPAA involves serious and imminent threats to health or safety. If a provider reasonably believes that a patient presents such a threat, whether to themselves or others, the Privacy Rule permits disclosure of PHI to individuals or organizations reasonably able to prevent or lessen the threat. This may include family members, law enforcement, potential victims, or others who can intervene. Importantly, the provider’s belief must be made in good faith and consistent with professional judgment, state law, and ethical standards.

The above is a part of a larger legal concept often referred to as the Duty to Warn. Originating in mental health law, a duty to warn arises when a clinician becomes aware of a credible threat by a patient to harm another person. HIPAA supports disclosures that facilitate warnings or takes protective action so long as they aim to prevent or lessen a serious and imminent threat. Under HIPAA, disclosures can extend beyond law enforcement to include family members or others who may help reduce the risk or are at risk themselves.

Another scenario involves situations where a patient’s behavior signals danger to themselves — such as discontinuing psychotherapy without contact and posing risk of self-harm. HIPAA allows clinicians to use their professional judgment to decide whether contacting a family member is appropriate, especially if such contact could prevent harm. A clinician may consider a patient’s desire not to divulge such information; however, a clinician may ignore prior discussions on the topic if they believe it is in the best interest of the patient, according to their professional judgement.

HIPAA’s emergency disclosure provisions also address community-wide crises, such as natural disasters or mass casualty events. In such severe disasters, covered entities may share information as necessary to coordinate treatment, notify family members of a patient’s location and condition, and support emergency response. These allowances help ensure continuity of care and public safety during extraordinary conditions.

In sum, HIPAA balances individual privacy with the need to protect health and safety, allowing PHI disclosures in clearly defined emergency situations. Understanding these exceptions — especially duty to warn obligations under state law such as for mental health professionals — is essential for compliant, ethical practice.

Webinar Objective

Know your patient’s privacy rights under HIPAA and when you can breach that confidentiality in an emergency situation and what you can and need to do in an emergency.

Areas Covered in the Session

  • Definitions and scope of HIPAA privacy protections
  • Emergency disclosures under HIPAA (serious and imminent threats)
  • Good faith belief standard for emergency disclosure
  • Duty to Warn and how HIPAA supports necessary disclosures
  • Permissible recipients of emergency disclosures (family, law enforcement, others)
  • Use of professional judgment in deciding to disclose
  • Emergency situations in disasters (location, condition, coordinating care)
  • Public health emergency waivers and limits

Who will Benefit?

Healthcare practitioners who may work in emergency environments or who may have patients who find themselves in emergency situations

Why should you Attend?

Find out how HIPAA rules and exceptions emerge when situations turn into emergencies and how the duty to warn applies when such exemption is invoked

Date: 02/16/2026

Time: 12:00 pm - 1:00 pm (EST)

Reg. deadline: 02/15/2026

Venue: Live Webinar

Enrollment option

Speaker

Mark R. Brengelman
Mark holds Bachelor’s and Master’s degrees in Philosophy from Emory University and a Juris Doctorate from the University of Kentucky. Retiring as an Assistant Attorney General, he now represents: health care professionals; two government health care licensure boards; a government ethics commission, and; parents and kids in confidential child abuse and neglect cases, termination of…
Show More

Related Events

The Future of Telehealth
Compliance Webinars
Live Webinar

The Future of Telehealth

Telehealth completely changed in 2020 when the Public Health Emergency was put into effect. Now in 2025, many of those temporary changes are expiring and the telehealth business has exploded. These methods of communication between provider and patient are loved by many, and the convenience of telehealth in healthcare has become a common occurrence. This webinar will be reviewing the current parts of telehealth that are being considered permanent in the 2026 Physicians Fee Schedule Final Rule and the new evaluation and management services that are new codes for CPT in 2025 related to telehealth. We will find out what the do’s and don’ts of telehealth that are here to stay, as well as implementing these new codes and regulations into your practice. These new rules and codes are important to any one currently offering telehealth as well all who are considering it to add it to their practice in order to be compliant and maximize reimbursement for the services performed. Areas Covered in this Webinar The CMS Telehealth List and how to use it Medicare’s rules G codes for Medicare telehealth CPT addition of 17 codes to the E/M section for Telehealth Education for office staff Implementation on your software programs Who Will Benefit Physicians Advanced Nurses Physicians Assistant Billers Coders Compliance Managers Administrators Case Managers Claims Processors

01/20/2026
Enroll/Buy Now
HIPAA Breach Risk Assessment for Ransomware Attacks
Compliance Webinars
Live Webinar

HIPAA Breach Risk Assessment for Ransomware Attacks

HIPAA Breach Risk Assessments determine whether a Ransomware attack constitutes a HIPAA Breach that triggers Breach Notification Rule reports and notifications. A Ransomware attack is automatically presumed to be a HIPAA Breach unless you do a HIPAA Breach Risk Assessment that demonstrates the attack resulted in only a low probability of compromise to the affected protected health information (PHI). This webinar explains how to do a Ransomware HIPAA Breach Risk Assessment. The Problem Solved by this Webinar The HHS Office for Civil Rights (OCR) declared that a breach of unsecured PHI is presumed to have occurred when electronic protected health information (ePHI) is encrypted as the result of a ransomware attack on a HIPAA-regulated entity (health care provider, health plan, health care clearinghouse, or business associate). The entity must then comply with the applicable breach notification provisions, including notifying affected individuals without unreasonable delay, the Secretary of HHS, and the media (for breaches affecting over 500 individuals), in accordance with HIPAA breach notification requirements. However, it is not a breach if the ransomware-victimized entity can demonstrate that there is a low probability that the encrypted ePHI has been compromised. This webinar explains how to do that. Areas Covered in the Webinar A Breach Risk Assessment can determine whether a ransomware attack is a breach of unsecured ePHI, triggering embarrassing reports and notifications. Factors that can be applied in performing a Breach Risk Assessment. OCR’s guidance about specific factors that can demonstrate a low probability of compromise to ePHI encrypted by a ransomware attack. How to perform a Breach Risk Assessment step-by-step. How to document a Breach Risk Assessment and why you must document it. What to do if you cannot demonstrate a low probability of compromise to ePHI. Why You Should Attend This Webinar Attend this webinar to learn how to perform a Breach Risk Assessment with a special emphasis on ransomware attacks. Ransomware attacks may have only a low probability of compromising ePHI. A Breach Risk Assessment can determine whether a ransomware attack resulted only in a low probability of compromise to ePHI and provide Covered Entities and Business Associates with Documentation to overcome the presumption that the ransomware attack was a Breach.. Who Will Benefit Health Care Covered Entities HIPAA Compliance Officials – Privacy and Security Officers Chief Compliance Officer Practice Managers Health Information Technology Supervisors Risk Managers Group Health Plan Administrators Third Party Group Health Plan Administrators Covered Entity Senior Management and Owners Health Care Providers practicing as individuals or in small groups Attorneys for Covered Entities – In-house and Outside Counsel Business Associates HIPAA Compliance Officials – Privacy and Security Officers Chief Compliance Officer Business Associate Senior Management and Owners Risk Managers Attorneys for Business Associates – In-house and Outside Counsel

01/21/2026
Enroll/Buy Now
HIPAA in 2026: What Changed, What’s Coming, and What It Means for Your Organization
Compliance Webinars
Live Webinar

HIPAA in 2026: What Changed, What’s Coming, and What It Means for Your Organization

Over the last few years, the U.S. Department of Health and Human Services, Office for Civil Rights has made modifications to patient privacy requirements. The agency is on track for enhancing care coordination, empowering patients, and reducing administrative burden. In addition, on the Security Rule side, the agency released a proposed rule to overhaul significant requirements and make cybersecurity safeguards a priority. Knowing what an organization must do to meet these new regulatory requirements can be challenging. The webinar will address what has already changed in privacy, cover proposed Privacy Rule modifications, and cover the Security Rule overhaul proposals. Timeline and compliance implications will be covered. After completing this webinar, a Covered Entity or Business Associate will have a clear understanding of what has changed and what will change. Objectives Who Must Comply with HIPAA Requirements? What are the HIPAA Security and Privacy Rules? What Has Already Changed in Privacy? What are the Proposed Privacy Rule Modifications? What are the proposed Security Rule modifications? What is the Timeline & Compliance Implications? What recommendations should be followed now? Q&A Webinar Highlights Learn from an expert on the implementation of the HIPAA rules Understand what the HIPAA management process currently requires Learn how to implement these changes for your organization Who Should Attend Compliance Officer HIPAA Privacy Officer HIPAA Security Officer Medical/Dental Office Managers Practice Managers Information Systems Manager Chief Information Officer General Counsel/lawyer Practice Management Consultants Any Business Associates that access protected health information

01/26/2026
Enroll/Buy Now
Pros & Cons of Outsourcing Revenue Cycle Functions: What You Need to Consider
Compliance Webinars
Live Webinar

Pros & Cons of Outsourcing Revenue Cycle Functions: What You Need to Consider

Many providers have considered outsourcing functions in the revenue cycle. Like all businesses, some third-party companies do excellent work for providers, but there may be others that look for ways to take advantage of their provider. Outsourcing has its own pros & cons that must be carefully considered. We will review major common areas that providers must weigh strategically before making a decision whether to outsource and selecting the best partner for your needs. It is vital providers know exactly who is handling their claims and what they are doing with their information. Definitions of third-party vendors Legal responsibilities of the provider Common industry trends Important questions to ask vendors & contractors Who Will Benefit Physicians Practice managers Medical assistants Nurses Compliance staff Billers Coders Revenue Cycle Risk Management Mid level providers  

01/26/2026
Enroll/Buy Now

© 2026 Medical Webinar. All rights reserved