Protected Health Information: Who Can You Talk To?
The HIPAA Privacy Rule states that covered entities must take certain steps to keep a person’s health information confidential and secure. Therefore, health care providers and staff frequently question whether they may disclose protected health information (PHI) to family members or other persons involved in the patient’s care. The detailed ins and outs of HIPAA can undeniably be hard to fully comprehend. However, the Privacy Rule allows covered entities to share information with a spouse, family member, friend, legal guardian or other individual relevant to their involvement in the patient’s care under certain circumstances.
Health providers can disclose protected health information in these situations:
- If the patient is present and has the capacity to make healthcare decisions, the provider may discuss health information with the family and others present as long as the patient does not object. For example, a patient does not object to their family member accompanying them into the treatment room while the care team discusses a diagnosis in front of that family member.
- If the patient is NOT present and the family member or other individual would like to speak to the provider in regards to the patient’s care, the patient must authorize the individual by signing the Authorization for 3rd Party Disclosure (Attachment 46). Additionally, you can check the patient’s chart to verify which family members have been authorized.
- If the patient is incapacitated, or in an emergency situation, the provider should use their best medical judgement to determine whether sharing information is in the best interest of the patient and adhere to the Minimum Necessary rule (“need to know” basis). For example, the patient arrives incapacitated and information is necessary to give stabilizing treatment.
Overall, HIPAA aims to balance a person’s right to privacy with the need for health providers to communicate with others, in order to properly care for a patient and act in the best interest of the patient.
For further information on HIPAA regulations and training please contact the Office of Privacy and Data Security at 305-243-5000 or email@example.com.