HIPAA Exceptions to Confidentiality Rules

By George Lawrence J.D.
Generally, HIPAA's confidentiality provisions (the Privacy Rule) prevents disclosure of a persons's health information.

health concept image by drx from Fotolia.com

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was initially enacted to ensure that a person’s health insurance coverage remained protected if that person changed jobs. In 1999, Congress added HIPAA’s Privacy Rule to the legislation to protect a patient’s health information. Generally, a person’s health information is confidential; there are, however, exceptions.

Laws May Authorize Disclosure

If a state or federal law authorizes medical disclosures, then the HIPAA privacy rule does not apply. Common examples of laws are legal process rules such as a subpoena or court-ordered disclosure. For instance, if paternity of a child is contested and a man is refusing to pay child support, a court may order that the man’s medical record containing genetic information be disclosed to determine the paternity of the child.

Disclosure for Public Safety Reasons

In 2009, many people in countries across the world were stricken with the H1N1 virus, a deadly flu virus. Health care professionals in the United States would be authorized to disclose health information of persons infected with H1N1 to public health authorities to control the disease. The HIPAA Privacy Rule, therefore, does not protect a person’s health information when the person has a communicable disease or if the person’s health must be disclosed for public safety reasons.

Other public safety reasons include when a health professional believes that the person whose health information is at issue may harm themselves or may harm someone else. Verified threats to commit suicide or to harm another person give rise to an exception to the HIPAA Privacy Rule. This way, health care professionals can report incidents to the proper authorities and hopefully prevent harm from happening.

Certain "Administrative" Disclosures Allowed

“Administrative” disclosures are disclosures made to various agencies such as collection agencies when medical bills are unpaid or the U.S. Department of Veteran Affairs so that the agency can determine a veteran’s eligibility for benefits. Other agencies, such as health oversight agencies, may have access to health information for audit and investigative reasons. Additionally, funeral directors, coroners, medical examiners and certain researchers who have institutional board review approval can access health records.

About the Author

Based in Traverse City, Mich., George Lawrence has been writing professionally since 2009. His work primarily appears on various websites. An avid outdoorsman, Lawrence holds Bachelor of Arts degrees in both criminal justice and English from Michigan State University, as well as a Juris Doctor from the Thomas M. Cooley Law School, where he graduated with honors.

Cite this Article A tool to create a citation to reference this article Cite this Article