Guidelinesfor. Releasing Patient Information to Law Enforcement



Similar documents
ATTACHMENT A TO FORMAL ATTORNEY GENERAL OPINION HIPAA PRIVACY MATRIX DISCLOSURES TO LAW ENFORCEMENT

Category: Patient Information Number: Use and Disclosure of Protected Health Information

Applicability: UW Medicine. Policy Title: Use & Disclosure of Protected Health Information Permitted for Law Enforcement Purposes.

EXECUTIVE SUMMARY. Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule: A Guide for Law Enforcement

Health Insurance Portability and Accountability Policy 1.8.4

ITASCA COUNTY HIPAA COMPLIANCE

Corrections, Law Enforcement & the Courts Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Privacy Notice Document (HIPAA)

Central Maine Healthcare

How To Protect Mental Health Information In Upb

Permitted Use and Disclosure of PHI without an Authorization

HIPAA NOTICE TO PATIENTS

DISCLOSURES OF PHI & FLORIDA STATE LAW

PRIVACY POLICY (IN ACCORDANCE WITH HIPAA)

HIPAA, Licensed Health Care Providers and The Ohio State Dental Board (Board)

HIPAA Privacy Notice

PRIVACY NOTICE. In certain situations, we may also disclose patient information to another provider or health plan for their health care operations.

HIPAA PRIVACY NOTICE PLEASE REVIEW IT CAREFULLY

Hospital and Law Enforcement Guide to Disclosure of Protected Health Information

VALPARAISO UNIVERSITY NOTICE OF PRIVACY PRACTICES. Health, Dental and Vision Benefits Health Care Reimbursement Account

HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA

NOTICE OF PRIVACY PRACTICES Allergy Treatment Center of New Jersey, P.C. Effective Date: April 14, 2003

Privacy Notice. The Plan s duties with respect to health information about you

Accredited Home Health Care of America - Notice of Privacy Practices

HIPAA Notice of Privacy Practices Effective Date: 09/23/13

NOTICE OF PRIVACY PRACTICES

UNIVERSITY OF OKLAHOMA. HIPAA Privacy Policies

The Health and Benefit Trust Fund of the International Union of Operating Engineers Local Union No A-94B, AFL-CIO. Notice of Privacy Practices

Outline to HIPAA presentation

Nelson County. EMS Revenue Recovery Program. & Billing Policy for Ambulance Transport Services

Eye Clinic of Bellevue, LTD. P.S. Privacy Policy EYE CLINIC OF BELLEVUE LTD PS NOTICE OF INFORMATION PRACTICES

Connecticut Carpenters Health Fund Privacy Notice

Wyoming School Boards Association Insurance Trust ( The Plan ) HEALTH CARE PLAN PRIVACY NOTICE

HIPAA NOTICE OF PRIVACY PRACTICES FOR PROTECTED HEALTH INFORMATION

Notice of Privacy Practices. Introduction

HIPAA Notice of Privacy Practices

Information with a person who is involved in your medical care or payment for your care, such as your family or a

Notice of Privacy Practices

Client Required Signature Document

NOTICE OF TIDEWELL HOSPICE PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES

HIPAA Privacy Training Handbook/ Quick Reference

American Guild of Musical Artists ( AGMA ) Health Fund Privacy Notice. Plan A and Plan B

MCDONOUGH CENTER FOR FAMILY DENTISTRY, LLC

Notice of Privacy Practices

KAPLAN HIGHER EDUCATION LLC NOTICE OF PRIVACY PRACTICES

ADDRESSES SYSTEM LOCATION

HIPAA PRIVACY POLICIES AND PROCEDURES

Notice of Patients Rights and Privacy Protections under Federal Privacy Laws (HIPAA)

ADVANCED UROLOGIC ASSOCIATES, INC NOTICE OF PRIVACY PRACTICES EFFECTIVE SEPTEMBER 23, 2013

Dr. Adam Apfelblat 5140 Highland Road Waterford Phone: (248) Fax: (248)

NOTICE OF PRIVACY PRACTICES

Reproductive Medicine Associates of New Jersey, LLC

HIPAA Notice of Patient Privacy Practices

HIPAA Privacy. and Medical Record. Policies and Procedures

NOTICE OF PRIVACY PRACTICES

HIPAA POLICY USING, DISCLOSING, AND REQUESTING THE MINIMUM NECESSARY AMOUNT OF PROTECTED HEALTH INFORMATION

NOTICE OF PRIVACY PRACTICES

As Required by the Privacy Regulations Created as a Result of the Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Notice of Privacy Practices

Notice of Privacy Practices

NOTICE OF PRIVACY PRACTICES FOR ORTHOPAEDIC SURGERY & REHAB. ASSOCIATES, P.C.

HIPAA HITECH PA Physician Practices

HIPAA Omnibus Notice of Privacy Practices Effective Date: March 03, 2012 Revised on: July 1, 2015

Effective Date of This Notice: September 1, 2013

Patterson Dental Supply, Inc. Sample HIPAA Notice of Privacy Practices for its Dental Practice Customers. Last Updated April 1, 2010

CARING HOSPICE SERVICES NOTICE OF PRIVACY PRACTICES

Indiana Healthcare Physician Services Privacy Standards Notice of Health Information Practices

9129 Monroe Rd. Suite 100, Charlotte, NC 28270

Sarasota Personal Medicine 1250 S. Tamiami Trail, Suite 202 Sarasota, FL Phone Fax

Greater Dallas Orthopaedics, PLLC. Notice of Privacy Practices

HIPAA NOTICE OF PRIVACY PRACTICES

SDC-League Health Fund

PRIVACY HIPAA NOTICE OF PRACTICE

Use or Disclosure of PHI

LIFESTREAM BEHAVIORAL CENTER, INC. JOINT NOTICE OF PRIVACY PRACTICES. Effective Date: April 14, 2003

Metropolitan Living, LLC 151 W. Burnsville Parkway, Suite 101 Burnsville, MN Ph: (952) Fax: (651)

Oregon Association of Hospitals and Health Systems

Notice of Privacy Practices

Welcome To Our Physical Therapy Department

REPORTING REQUIREMENTS

Effective Date: March 23, 2016

Northwest Cardiology Associates 400 W. Northwest Hwy Barrington, IL Fax HIPAA Notice of Privacy Practices ( Notice )

FLORIDA MEDICAL CLINIC, P.A. NOTICE OF PRIVACY PRACTICES

650 Clark Way Palo Alto, CA

NOTICE OF HEALTH INFORMATION PRIVACY PRACTICES (HIPAA)

Connecticut Pipe Trades Health Fund Privacy Notice Restatement

Notice of Privacy Practices for Protected Health Information (PHI)

Notice of Privacy Practices. Human Resources Division Employees Benefits Section

NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES UNIVERSITY OF CALIFORNIA DAVIS HEALTH SYSTEM

HIPAA POLICIES & PROCEDURES AND ADMINISTRATIVE FORMS TABLE OF CONTENTS

Guilford Medical Associates, P.A.

University of California Policy

Pulmonary Associates of Richmond, Inc. Notice of Privacy Practices Page 1 of 6

NOTICE OF PRIVACY PRACTICES FOR KU MEDICAL CENTER

155 McDonald Drive SW Shirley E. Charette, MS, PA-C

California s Statewide Health Information Policy Manual (SHIPM)

NOTICE OF THE NATHAN ADELSON HOSPICE PRIVACY PRACTICES

NOTICE OF PRIVACY POLICY. Effective:, 2013

Transcription:

for Releasing Patient Information to Law Enforcement

WHO IS A LAW ENFORCEMENT OFFICIAL? INTRODUCTION Hospitals and health systems are responsible for protecting the privacy and confidentiality of their patients and patient information. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulations established national privacy standards for health care information. HIPAA prohibits the release of information without authorization from the patient except in the specific situations identified in the regulations. This document is based on the HIPAA medical privacy regulations and provides overall guidance for the release of patient information to law enforcement and pursuant to an administrative subpoena. THIS INFORMATION IS PROVIDED ONLY AS A GUIDE- LINE. CONSULT WITH LEGAL COUNSEL BEFORE FINALIZING ANY POLICY ON THE RELEASE OF PATIENT INFORMATION. ALSO, BE AWARE THAT HEALTH CARE FACILITIES MUST COMPLY WITH STATE PRIVACY LAWS AS WELL AS HIPAA. CONTACT YOUR LEGAL COUNSEL OR YOUR STATE HOSPITAL ASSOCIA- TION FOR FURTHER INFORMATION ABOUT THE APPLICATION OF STATE AND FEDERAL MEDICAL PRI- VACY LAWS TO THE RELEASE OF PATIENT INFORMA- TION. WHO IS A LAW ENFORCEMENT OFFICIAL? The HIPAA privacy rule defines a law enforcement official as an officer or employee of any agency or authority of the United States, or a State, territory, political subdivision, or Indian tribe who is empowered to (1) investigate or conduct an official inquiry into a potential violation of law; or (2) prosecute or otherwise conduct a criminal, civil, or administrative proceeding arising from an alleged violation of law. HOW DO I KNOW THAT AN INDIVIDUAL IS A LAW ENFORCEMENT OFFICIAL? Hospitals should have verification procedures that employees follow to determine if an individual is a law enforcement official. For example, hospitals could require that individuals identifying themselves as members of law enforcement must show their badge or other law enforcement identification to security. If the law enforcement officer contacts the hospital Guidelines for Releasing Patient Information to Law Enforcement 1

by phone rather than in person, the hospital may need different procedures to verify that the requestor is an officer (e.g., a call-back process through publicly listed agency phone numbers or fax requests on letterhead). Each hospital should establish its own procedures to verify whether an individual qualifies as a law enforcement official for purposes of these disclosures under the HIPAA privacy rule. WHEN MAY A HOSPITAL DISCLOSE INFORMATION TO A LAW ENFORCEMENT OFFICIAL? WHEN MAY A HOSPITAL DISCLOSE INFORMATION TO A LAW ENFORCEMENT OFFICIAL? The privacy regulation allows covered entities, including hospitals, to disclose protected health information to law enforcement officials only for certain limited purposes without patient authorization. In some cases, the law enforcement official must initiate the request for information and, in other cases, the hospital may report information without a law enforcement request. Below, we outline permissible disclosures to a law enforcement officer (1) when the officer initiates the request and (2) when the hospital initiates the disclosure. Requests by Law Enforcement Officer Court-Ordered Subpoenas, Warrants, or Summonses. A hospital may release patient information in response to a warrant or subpoena issued or ordered by a court or a summons issued by a judicial officer. The hospital may disclose only that information specifically described in the subpoena, warrant, or summons. Hospitals should establish procedures for helping their employees determine whether a document labeled subpoena, warrant or summons has been issued by a court or judicial officer. Grand Jury Subpoenas. A hospital also may disclose patient information in response to a subpoena issued by a grand jury. Only information specifically described in the subpoena may be disclosed. Administrative Requests, Subpoenas, or Summonses. An administrative request, subpoena, or summons is one that is issued by a federal or state agency or law enforcement official, rather than a court of law (for example, a subpoena issued by the attorney general). If a hospital receives an administrative request, subpoena, or summons, a civil or 2 Guidelines for Releasing Patient Information to Law Enforcement

WHEN MAY A HOSPITAL DISCLOSE INFORMATION TO A LAW ENFORCEMENT OFFICIAL? authorized investigative demand, or other similar process authorized by law, patient information may be disclosed only if each of the following requirements in this three-part test are met: Relevance. The information requested must be relevant and material to a legitimate law enforcement inquiry; Specificity. The request must be specific and limited in scope to the extent possible in light of the law enforcement purpose for which the information is requested; Identifiable Information Necessary. De-identified information could not reasonably be used. The privacy rule says that a hospital may rely on statements in the administrative request, subpoena, or summons or other document in deciding that this three-part test is satisfied. However, a hospital is not required to rely on any document, and should not release the information if the hospital believes the three-part test is not met. Each hospital should develop its own procedures for handling these requests and ensuring the three-part test is met. Disclosures for Identification and Location Purposes. In response to a request by a law enforcement official, a hospital may release certain limited information to the official for purposes of identification and location of a suspect, fugitive, material witness, or missing person. A hospital may disclose only the following information: Name and address; Date and place of birth; Social security number; ABO blood type and rh factor; Type of injury; Date and time of treatment; Date and time of death, if applicable; and A description of any distinguishing physical characteristics (e.g., height, weight, gender, race, hair and eye color and presence or absence of facial hair, scars, and tattoos). In responding to a request to help locate or identify a person, Guidelines for Releasing Patient Information to Law Enforcement 3

a hospital may not disclose any information related to the individual s DNA, DNA analysis, dental records, or typing, samples, or analysis of body fluids or tissues. WHEN MAY A HOSPITAL DISCLOSE INFORMATION TO A LAW ENFORCEMENT OFFICIAL? Victims of a Crime. In response to a request by a law enforcement official, a hospital may disclose information to the official about a patient who may have been the victim of a crime, if the patient agrees to the disclosure. Such agreement may be oral, but should be documented. If the patient is incapacitated or some other emergency circumstance prevents the hospital from obtaining the individual s agreement, the hospital may disclose information to the law enforcement official only if all of the following requirements are met: Not to be Used Against Victim. The law enforcement official represents that such information is needed to determine whether a violation of law by a person other than the victim occurred and such information is not intended to be used against the victim; Necessary for Immediate Enforcement Activity. The law enforcement official represents that immediate law enforcement activity depends upon the disclosure of information and such law enforcement activity would be materially and adversely affected by waiting until the individual is able to agree to the release of information; and Best Interests of Individual. The hospital, in its exercise of professional judgment, believes that the release of information to the law enforcement official is in the best interests of the individual. Custodial Situations. A hospital may disclose to a correctional institution or a law enforcement official having lawful custody of an inmate or other individual information about such inmate or individual if the institution or official represents that such information is necessary for any of the following: 4 Guidelines for Releasing Patient Information to Law Enforcement

WHEN MAY A HOSPITAL DISCLOSE INFORMATION TO A LAW ENFORCEMENT OFFICIAL? The provision of health care to such individual; The health and safety of such individual, other inmates, officers, employees or others at the institution or involved in transport of the individual; Law enforcement purposes on the premises of the correctional institution; or The administration and maintenance of the safety, security, and good order of the correctional institution. Hospital Initiated Disclosures Reporting Required by Law. The HIPAA privacy rule permits hospitals to make disclosures of patient information for reporting purposes that are required by law. For example, if state law requires the reporting of certain types of wounds or other physical injuries, a hospital may disclose such information to the extent consistent with those laws. Death Caused by Criminal Conduct. A hospital may alert law enforcement about the death of an individual if the hospital suspects that the death may have been caused by criminal conduct. In this context, the hospital may disclose information about the individual who died. Criminal Conduct on Hospital Premises. If a hospital believes in good faith that criminal conduct occurred on its premises, the hospital may disclose to a law enforcement official information related to such suspected criminal conduct. Criminal Conduct Off-Site. If a hospital is providing emergency health care services at a location other than on the hospital s premises, the hospital may disclose information as necessary to alert a law enforcement official to any or all of the following: The commission and nature of a crime; The location of such crime or of the victim(s) of such crime; Guidelines for Releasing Patient Information to Law Enforcement 5

The identity, description, and location of the perpetrator of such crime. IS A HOSPITAL REQUIRED TO DISCLOSE INFORMATION TO A LAW ENFORCEMENT OFFICIAL? If the hospital believes the crime is the result of abuse, neglect, or domestic violence, it is subject to other disclosure requirements under HIPAA and state laws. To Avert a Serious Threat to Health or Safety. A hospital may disclose patient information to law enforcement authorities if the hospital believes, in good faith, that the disclosure is necessary for identification or apprehension of an individual. The hospital s good faith belief may be based on one of the following: If it appears from all circumstances that the individual escaped from a correctional institution or from lawful custody; or If an individual makes a statement admitting participation in a violent crime that the hospital reasonably believes may have caused serious physical harm to the victim. In this case, the hospital may release only the individual s statement and those items of information that may be disclosed when assisting in the identification and location of a person, as discussed above. A hospital may not disclose patient information to avert a serious threat to health or safety if the information was obtained in the course of treatment to affect the propensity to commit criminal conduct; counseling or therapy; or through the individual s request for such treatment, counseling or therapy. IS A HOSPITAL REQUIRED TO DISCLOSE INFORMATION TO A LAW ENFORCEMENT OFFICIAL? No. Under the HIPAA privacy rule, these are disclosures that a hospital may make to a law enforcement official without obtaining patient authorization. A hospital is not required under HIPAA to make these disclosures. The hospital will need to have procedures for determining whether other laws whether state, local or federal may require disclosure to the law enforcement official under the specific circumstances presented by the request. 6 Guidelines for Releasing Patient Information to Law Enforcement

WHAT IF A LAW ENFORCEMENT OFFICIAL CALLS AND ASKS FOR AN UPDATE ON A PATIENT S CONDITION? DOES A HOSPITAL NEED TO DOCUMENT DISCLOSURES TO LAW ENFORCEMENT? Yes. Disclosures to law enforcement are subject to the accounting of disclosures requirement under the HIPAA privacy rule. Therefore, if a hospital makes a disclosure of patient information to a law enforcement official for one of the purposes set forth above without patient authorization, the hospital should comply with its policies and procedures regarding documenting such disclosures. In addition, because many law enforcement disclosures require that certain conditions must be met prior to disclosure, it is a good idea also to document for each disclosure the information supporting the decision that the necessary requirements were met. WHAT IF A LAW ENFORCEMENT OFFICIAL CALLS AND ASKS FOR AN UPDATE ON A PATIENT S CONDITION? All phone requests for information regarding a patient s condition or location in the hospital are subject to different requirements. Please refer to the Guidelines for Releasing Information on the Condition of Patients for information about such disclosures. Guidelines for Releasing Patient Information to Law Enforcement 7

The American Hospital Association (AHA) is the national organization that represents and serves all types of hospitals, health care networks, and their patients, and communities. Close to 5,000 hospitals, health care systems, networks, other providers of care and 37,000 individual members come together to form the AHA. Through our representation and advocacy activities, AHA ensures that members perspectives and needs are heard and addressed in national health policy development, legislative and regulatory debates, and judicial matters. Our advocacy efforts include the legislative and executive branches and include the legislative and regulatory arenas. Founded in 1898, the AHA provides education for health care leaders and is a source of information on health care issues and trends. The National Association of Police Organizations (NAPO) is a coalition of police unions and associations from across the United States that serves to advance the interests of America s law enforcement through legislative and legal advocacy, political action, and education. Founded in 1978, NAPO now represents more than 2,000 police unions and associations, 236,000 sworn law enforcement officers, 11,000 retired officers and more than 100,000 citizens who share a common dedication to fair and effective crime control and law enforcement. Guidelines for Releasing Patient Information to Law Enforcement

AHA Item# 166854

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information