PrintMr. A. is a hospital (nursing home or home care) patient. When Mr. A’s son asks you about test results, your initial response may be, “I can’t tell you that because of HIPAA.” Is this the right answer?
The Health Information Privacy and Accountability Act (HIPAA) is a federal law intended to protect private medical information from unauthorized users, such as employers and marketers. It also requires health care providers to keep this information in a safe and secure place.
Many aspects of the law are complex, and it was introduced with training that emphasized penalties for failing to comply. But one thing is very clear. Unless the patient objects, the law does not prevent health care providers from sharing a patients private medical information with family, relatives, friends or others the patient may identify as long as they are involved with his or her health care or responsible for health care bills.
In fact, good clinical practice requires sharing information with all the people involved in the patient’s care. Without a clear understanding of the patient’s condition, prognosis, and treatment plan, family caregivers cannot maintain a high quality of care at home or the next care setting. The law does not interfere with appropriate treatment and planning. It also does not define who counts as “family,” so that partners and friends may be as involved in a patient’s care as any spouse or kin.
HIPAA does not require a written release for you to share information with family caregivers. However, your institution may have gone beyond HIPAA’s requirements and established such a policy. If so, you should speak with your privacy officer about the ways in which this policy limits communication and good patient care.
The Health and Human Services’ Office of Civil Rights gives special guidance on mental health and HIPAA (http://bit.ly/mhguidance). It reaffirms the patient’s control of personal health information but recognizes circumstances in which sharing the information may be permissible without the patient’s consent “if the provider has a good faith belief that the patient poses a threat to the health or safety of the patient or others, and the family member is reasonably able to prevent or lessen that threat.” The guidance also states that even if the patient doesn’t consent, “HIPAA in no way prevents health care providers from listening to family members or other caregivers who may have concerns about the health and well-being of the patients, so the health care provider can factor that information into the patient’s care.”
If a problem arises, you should speak with your facility’s privacy officer.
For more information about HIPAA:
tin1. DHHS Office for Civil Rights: www.hhs.gov/ocr/hipaa
tin1. Health Privacy Project: www.healthprivacy.org
© 2014 United Hospital Fund