OCR Clarifies HIPAA Rules on Sharing Patient Information on Opioid Overdoses
The U.S. Department of Health and Human Services’ Office for Civil Rights has cleared confusion about HIPAA Rules on sharing patient information on opioid overdoses. The HIPAA Privacy Rule permits healthcare providers to share limited PHI in certain emergency and dangerous situations. Those situations include natural disasters and during drug overdoses, if sharing information can prevent or lessen a serious and imminent threat to a patient’s health or safety.
Some healthcare providers have misunderstood the HIPAA Privacy Rule provisions, and believe permission to disclose information to the patient’s loved ones or caregivers must be obtained from the patient before any PHI can be disclosed.
In an emergency or crisis situation, such as during a drug overdose, healthcare providers are permitted to share limited PHI with a patient’s loved ones and caregivers without permission first having been obtained from the patient.
During an opioid overdose, healthcare providers can share health information with the patient’s family members, close friends, and caregivers if:
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
- The healthcare provider determines, based on professional judgement, that sharing information about an incapacitated or unconscious patient is in the best interests of the patient, provided the information shared is limited to that directly related to the individual’s involvement in the patient’s care or payment of care. Information on the overdose can be shared, but not unrelated health information unless permission has been obtained.
- Informing the above individuals would help to prevent or lessen a serious threat to the patient’s health and safety – Such as continued opioid abuse on discharge.
In cases when a patient is not unconscious or incapacitated and has decision-making capability, healthcare providers must give the patient the opportunity to object to the disclosure of their overdose to loved ones, close friends, caregivers, or individuals involved in the payment for care. If a patient has decision making capability, or if permission to share the information is denied, healthcare providers cannot share information unless “there is a serious and imminent threat of harm to health.”
There will be situations when a patient is only temporarily incapacitated, and their decision-making capability will be recovered during the course of treatment. In such cases, it is down to the discretion of the healthcare provider whether health information is shared while the patient is incapacitated, the type of information that is shared, and how much. When the patient regains consciousness and decision-making capability, permission must then be obtained before any further disclosures of health information are made.
OCR also points out that it is not only HIPAA Rules that may apply in such situations, explaining “HIPAA does not interfere with state laws or medical ethics rules that are more protective of patient privacy.”
The guidance on HIPAA Rules on sharing patient information on opioid overdoses can be viewed on this link.
