Call: (407) 331-6620 or (850) 439-1001 Toll-free: (888) 331-6620
By Michael L. Smith, J.D., R.R.T.
(February 4, 2013) – The rash of mass shootings over the last few months prompted the Department of Health and Human Services Office of Civil Rights (OCR) to send a message to all healthcare providers. In that message, the OCR Director reminded all healthcare providers that the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule does not prohibit healthcare providers from disclosing information about a patient when the patient poses a serious danger to himself or other people.
All healthcare providers know that the HIPAA regulations protect the privacy of health information. Healthcare providers also know they can use and disclose that health information for the purposes of treatment, payment and operations (TPO). However, not all healthcare providers know the circumstances when they may and should share information about their patients, without the patient’s consent, in order to prevent or lessen the risk of harm.
The HIPAA regulations allow a healthcare provider to disclose information about a patient without authorization from the patient and without providing the patient an opportunity to agree or object to the disclosure when the disclosure is made to prevent or lessen the risk of harm. The healthcare provider making the disclosure must have a good faith belief that the disclosure is necessary to prevent or lessen a serious or imminent threat to the health or safety of a person or the public. The disclosure must be made to a person that is reasonably able to prevent or lessen the threat.
The HIPAA regulations also allow a healthcare provider to disclose information about their patient without authorization from the patient and without providing the patient an opportunity to agree or object to the disclosure when the information is necessary for law enforcement officials to identify and apprehend an individual. The disclosure must be based upon a statement by the patient admitting participation in a violent crime that the healthcare provider reasonably believed caused serious harm, or where it appears the individual has escaped from lawful custody or a correctional institution.
For each type of disclosure, the healthcare provider must have a good faith belief that the disclosure is necessary to prevent or lessen a serious threat. A healthcare provider is presumed to be acting in good faith when that healthcare provider has actual knowledge of the facts, or the healthcare provider is relying upon credible information provided by a person that is knowledgeable about the facts.
In most cases the disclosure will be to law enforcement. The disclosure may also be made to the intended victim of the threat depending on the information known to the healthcare provider.
The healthcare provider cannot disclose all the protected health information of the individual that poses a threat. The information disclosed under these provisions must be limited to the information necessary for law enforcement officials to identify or apprehend an individual. Basically, the information that may be disclosed is limited to the individual’s name, date and place of birth, social security number, blood type, injuries, treatment dates and a description of any distinguishing physical characteristics.
A healthcare provider may not disclose confidential information under this HIPAA regulation if the healthcare provider learned the information in the course of treatment to affect the propensity to commit the criminal conduct that is the basis for the disclosure, or if the information is learned through a request by the individual to initiate treatment to affect the propensity to commit the criminal conduct. Unfortunately, it may be difficult to determine when a patient crosses the line between seeking treatment to affect a propensity to commit a criminal act and becoming a serious and imminent threat to the health or safety of a person or the public. Fortunately, the majority of healthcare providers and facilities faced with these situations have policies and procedures on when, how and most importantly by whom these unauthorized disclosures are made. Healthcare providers should notify the appropriate individuals in their institutions when they have knowledge that one of their patients poses a serious or imminent threat to the health and safety of a person or the public.
All heathcare providers should remember, the HIPAA regulations do not prohibit healthcare providers from sharing confidential information with appropriate authorities when the disclosure is necessary to prevent or lessen the risk of harm to individuals or the general public. A healthcare provider may disclose information without the patient’s consent if the disclosure is necessary to prevent or lessen a serious or imminent threat to the health or safety of a person or the public.
Michael L. Smith, JD, RRT is board certified in health law by The Florida Bar and practices at The Health Law Firm in Altamonte Springs, Fla. This article is for general information only and is not a substitute for formal legal advice.
This article was originally published in Advance for Respiratory Care and Sleep Medicine.
Main Office • 1101 Douglas Avenue, Suite 1000, Altamonte Springs, FL 32714 Telephone: (407) 331-6620
By Appointment • 37 N. Orange Avenue, Suite 500, Orlando, FL 32801 Telephone: (888) 331-6620
By Appointment • 201 E. Government Street, Pensacola, FL 32502 Telephone: (850) 439-1001 • Telefax: (407) 331-3030
By Appointment: 201 St. Charles Avenue, Suite 2500, New Orleans, LA 70170
Medicare/Medicaid Audits, Health Care Law, Contracts, Hospital Privileges Hearings, Investigation Defense, DEA Defense, Board of Medicine Defense, Healthcare Fraud Defense, Medical Staff Fair Hearings, Administrative Hearings, PRN, IPN Defense, Professional Licensing Defense, Medicare/Medicaid Fraud Defense, Nursing Law, Hospital Peer Review, Hospital Law, Board of Dentistry Defense, Board of Nursing Complaint Defense, Board of Pharmacy, Medicaid Fraud Control Unit (MFCU) Defense, Search Warrant and Subpoena Defense, NBME Representation, USMLE Irregular Behavior Defense, ABIM Representation, Resident Physician Defense, VA & Military Physician Defense, Department of Health Investigation Defense, and more…
By making this website information available for those who access it does not constitute doing business in or having a presence in any state or jurisdiction, nor does it constitute an advertisement sent to or a solicitation made in any state or jurisdiction. This firm is located in and maintains a presence in only those states where the firm maintains an actual physical office. Its attorneys are only admitted to practice in those states specifically listed on their resumes.
Available in the following states: Alabama, Alaska, Arizona, Arkansas, Connecticut, Delaware, Florida, Georgia, Hawaii, Idaho, Illinois, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maine, Maryland, Massachusetts, Michigan, Minnesota, Mississippi, Missouri, Montana, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, New York, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina, South Dakota, Tennessee, Texas, Utah, Vermont, Washington, West Virginia, Wisconsin, and Wyoming
Disclaimer | Terms of Representation
“The Health Law Firm” is a registered fictitious business name of and a registered service mark of The Health Law Firm, P.A., a Florida professional service corporation, since 1999. Copyright © 2024 The Health Law Firm. All rights reserved.