On January 15, 2013, the Department of Health and Human Services (HHS) issued a letter to healthcare providers reminding them that the Health Insurance Portability and Accountability Act (HIPAA) does not prohibit health care providers from disclosing certain protected health information (PHI) if they believe the patient is a danger to themselves or others.
Although the HIPAA Privacy Rule is designed specifically to protect the privacy of PHI, it authorizes a provider to disclose necessary information (including mental health information) about a patient to law enforcement, family members of the patient, or other persons, if the provider believes the patent presents a serious danger to himself or others.
HHS stated, "Under [HIPAA], a health care provider may disclose patient information, including information from mental health records, if necessary, to law enforcement, family members of the patient, or any other persons who may reasonably be able to prevent or lessen the risk of harm. For example, if a mental health professional has a patient who has made a credible threat to inflict serious and imminent bodily harm on one or more persons, HIPAA permits the mental health professional to alert the police, a parent or other family member, school administrators or campus police, and others who may be able to intervene to avert harm from the threat."
Recognizing that some state law provisions may differ, HHS further stated, "Providers should consult the laws applicable to their profession in the states where they practice, as well as 42 CFR Part 2 under federal law (governing the disclosure of substance abuse treatment records) to understand their duties and authority in situations where they have information indicating a threat to public safety."
If you have any questions about your rights or obligations under state and federal law, please contact Jackson Kelly's Health Law Group.