OCR Explains HIPAA Laws on Distributing Patient Data on Opioid Overdoses

The U.S. Division of Health and Human Services’ OCR has removed misunderstanding concerning HIPAA Laws on distributing patient data on opioid overdoses. The HIPAA Secrecy Rule allows healthcare suppliers to share partial PHI in specific dangerous and emergency circumstances. Those circumstances include during drug overdoses and natural disasters, if sharing data can lessen or prevent a grave and impending threat to a patient’s safety or health.

Some healthcare suppliers have misinterpreted the HIPAA Secrecy Law provisions, and think approval to reveal data to the patient’s caregivers or loved ones should be gotten from the patient prior to any PHI can be revealed.

In a crisis or emergency situation, like as during a medicine overdose, healthcare suppliers are allowed to share partial PHI with a patient’s caregivers and loved ones without prior approval from the patient.

Throughout an opioid overdose, healthcare suppliers may share health data with the patient’s caregivers, close friends, and family members, if:

  • The healthcare supplier decides, based on expert decision, that sharing data about an unconscious or incapacitated patient is in the greatest benefits of the patient, if the data shared is restricted to that directly linked to the person’s participation in the patient’s treatment or payment of treatment. Data on the overdose may be communicated, but not separate health data unless authorization has been gotten.
  • Informing the above people would assist to lessen or prevent a grave danger to the patient’s safety and health–like continuous opioid abuse on release.

In situations when a patient isn’t incapacitated or unconscious and has decision-making ability, healthcare suppliers should provide the patient the chance to make an objection to the revelation of their overdose to caregivers, close friends, loved ones, or people concerned in the payment for treatment. In case a patient has got decision-making ability, or if authorization to share the data is refused, healthcare suppliers can’t share data unless “there is an imminent and serious threat of damage to health.”

There will be circumstances when a patient is just briefly disabled, and his decision-making ability will be recuperated during the progress of cure. In such circumstances, it’s down to the decision of the healthcare supplier whether health data is communicated while the patient is disabled, the type of data that are communicated, and how much. Once the patient recovers decision-making capability and consciousness, consent should then be gotten prior to any more revelations of health data are made.

OCR also remarks that it’s not just HIPAA Regulations that might apply in such circumstances, describing “HIPAA doesn’t meddle with medical ethics rules or state laws that are more defensive of patient secrecy.”

The advice on HIPAA Laws on sharing patient data on opioid overdoses can be viewed on this link.