Health Care Providers May Disclose Patient Information to Avert Health or Safety Threats

Health Care Law Update

Date: January 18, 2013


On January 15, 2013, the U.S. Department of Health & Human Services (HHS) issued a letter to health care providers to ensure they are aware of their ability under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule to disclose necessary patient information to law enforcement, a patient's family members or other persons when they believe a patient presents a serious danger to himself/herself or others, consistent with their ethical standards or other legal obligations.

The letter reiterates and confirms the provisions of the Privacy Rule at 45 CFR ? 164.512(j) that permit health care providers to disclose, consistent with applicable law and standards of ethical conduct, protected health information (including information from mental health records) if they in good faith believe the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public, and if the disclosure is made to a person or persons reasonably able to prevent or lessen the threat, including the target of the threat. A provider is presumed to have acted in good faith in this capacity if his or her belief is based on actual knowledge (i.e., the provider's own interaction with the patient) or in reliance on a credible representation by a person with apparent knowledge or authority (i.e., a credible report from a family member of the patient or other person).

As an example, the letter states that if a mental health professional's patient has made a credible threat to inflict serious and imminent bodily harm on one or more persons, HIPAA permits the mental health professional to alert the police, a parent or other family member, school administrators or campus police, or others who may be able to intervene to avert harm from the threat.