Emergency alert systems typically demand push notification because of the infrequency of such events and the urgency of notifying parties about them. However, push notification systems like email have many limitations, such as susceptibility to SPAM and security vulnerabilities. We explore the idea of basing health alerts on RSS feeds, which are a polling-based notification system. Since emergency alerts may be restricted to parties like doctors or health administrators and may be drawn from diverse administrative domains, RSS for health alerts requires a mechanism for expressing and enforcing inter-domain access policies for feeds. In particular, we explore using Shibboleth, a federated identity system developed for use in universities, and an attribute-based policy language, to provide secure RSS for emergency alerts. We validate the approach by showing how it can be used to deliver CDC PHIN health alerts. Our experimental validation shows that, based on our design, existing server technologies can obtain acceptable throughput even with fairly complex and diverse access policies.