New HIPAA Guidance on Reporting PHI to Law Enforcement
Concurrent with the September 23 compliance date for tougher HIPAA privacy and security rules, the HHS Office for Civil Rights has issued guidance to covered entities on the circumstances in which they may disclose protected health information to law enforcement agencies.
Concurrent with the September 23 compliance date for tougher HIPAA privacy and security rules, the HHS Office for Civil Rights has issued guidance to covered entities on the circumstances in which they may disclose protected health information to law enforcement agencies.
A covered entity may disclose PHI with the signed HIPAA authorization of an individual, but there are multiple circumstances in which they can disclose to law enforcement without an individual’s consent. According to the guidance, these circumstances include:
* To report PHI to a law enforcement official reasonably able to prevent or lessen a serious and imminent threat to the health or safety of an individual or the public.
* To report PHI that the covered entity in good faith believes to be evidence of a crime that occurred on the premises of the covered entity.
* To alert law enforcement to the death of the individual when there is a suspicion that the death resulted from criminal conduct.
* When responding to an off-site medical emergency, as necessary to alert law enforcement to criminal activity.
* To report PHI to law enforcement when required by law to do so, such as reporting gunshot or stab wounds.
* To comply with a court order or court-ordered warrant, a subpoena or summons issued by a judicial officer, or an administrative request from a law enforcement official. The administrative request must include a written statement that the information requested is relevant and material, specific and limited in scope, and de-identified information cannot be used.
* To respond to a request for PHI for purposes of identifying and locating a suspect, fugitive, material witness or missing person, but the information must be limited to basic demographic and health information about the person.
* To respond to a request for PHI about an adult victim of a crime when the victim agrees or in limited circumstances if the individual is unable to agree. Child abuse or neglect may be reported without a parent’s agreement to any law enforcement official authorized by law to receive such reports.
A covered entity may disclose PHI with the signed HIPAA authorization of an individual, but there are multiple circumstances in which they can disclose to law enforcement without an individual’s consent. According to the guidance, these circumstances include:
* To report PHI to a law enforcement official reasonably able to prevent or lessen a serious and imminent threat to the health or safety of an individual or the public.
* To report PHI that the covered entity in good faith believes to be evidence of a crime that occurred on the premises of the covered entity.
* To alert law enforcement to the death of the individual when there is a suspicion that the death resulted from criminal conduct.
* When responding to an off-site medical emergency, as necessary to alert law enforcement to criminal activity.
* To report PHI to law enforcement when required by law to do so, such as reporting gunshot or stab wounds.
* To comply with a court order or court-ordered warrant, a subpoena or summons issued by a judicial officer, or an administrative request from a law enforcement official. The administrative request must include a written statement that the information requested is relevant and material, specific and limited in scope, and de-identified information cannot be used.
* To respond to a request for PHI for purposes of identifying and locating a suspect, fugitive, material witness or missing person, but the information must be limited to basic demographic and health information about the person.
* To respond to a request for PHI about an adult victim of a crime when the victim agrees or in limited circumstances if the individual is unable to agree. Child abuse or neglect may be reported without a parent’s agreement to any law enforcement official authorized by law to receive such reports.
More for you
Loading data for hdm_tax_topic #reducing-cost...