The recent Orlando nightclub mass shooting is raising questions about whether hospitals should be granted waivers from federal privacy laws and provisions when they admit large numbers of patients who are unable to consent to sharing their identity or medical information with those who contact the hospital to look for them.

According to several news outlets, President Barack Obama and the U.S. Department of Health and Human Services invoked Section 1135 of the Social Security Act, granting Orlando-area hospitals a waiver of Health Insurance Portability and Accountability Act (HIPAA) privacy requirements after the shooting in which 49 people were killed and dozens injured.

Section 1135 authorizes the administration to temporarily release hospitals from liability for revealing patient identities and personal health information during emergency situations.

"The waiver removes the specter of liability from the hospitals and allows them to freely communicate information to family members, loved ones, and personal representatives," says Edward McAndrew, a data security and privacy partner at Ballard Spahr. "While the waiver may not be legally necessary, it does eliminate ambiguity and the potential for liability on the behalf of hospitals."

"Because mass shooting and domestic terrorist incidents are becoming more commonplace, there are real questions about whether there should be legislative or regulatory amendments that permit faster, more streamlined waivers of these types of privacy requirements," McAndrew says.