How doctors can respond to the opioid crisis without violating HIPAA

Featured image

Share this article

How doctors can respond to the opioid crisis without violating HIPAA

In HIPAA, healthcare professionals are forbidden to disclose protected health information without a patient’s consent.

But what about in the case of an emergency?

Defining an emergency situation can create obstacles for the loved ones of the emergency patient. Family support is crucial to providing the proper care and treatment of people in an emergency situation, like an opioid overdose.

In emergency situations, healthcare providers can share PHI with a patient’s family members without violating HIPAA regulations – but the amount of information they can share is limited. The HHS clarified what can be shared in a recent publication.

What information can a healthcare provider share without a patient’s permission?

In times of crisis, healthcare providers can share certain PHI to the patient’s family members without violating HIPAA. But the situation must meet both of these provisions:

  • The family or close friend helps take care of the patient
  • Sharing the PHI is in the patient’s best interest
  • The information shared is directly related to the family or close friend’s care of the patient or their payment for the treatment

For example, in the case of an opioid overdose, the healthcare provider can speak to the patient’s parents (after making this decision using professional judgment) and discuss the overdose and information related to the overdose.

However, the healthcare provider cannot share any medical information unrelated to the overdose without permission – even if the person could prevent or reduce the threat to the patient’s health or safety.

But there is one exception.

With this opioid overdose example, a doctor may inform the patient’s family, friends or caregivers about the opioid abuse if the doctor feels that the patient could harm themselves with continued opioid abuse after being discharged from the hospital.

When warning about a serious or imminent threat, the doctor is presumed to be HIPAA compliant.

HIPAA restricts sharing personal health information without a patient’s consent out of respect for the patient

If a patient is capable of making a decision, the healthcare provider must give the patient the opportunity to consent or object to sharing their PHI with the individuals responsible for the patient’s care or payment of care.

If a doctor shares PHI to a patient’s loved ones when the patient forbids it with decision-making capability, they have committed a HIPAA violation. The only exception to this rule is if the patient is in serious or imminent danger to their health.

HIPAA acknowledges a patient’s decision-making ability may change during treatment

In emergency situations, such as an opioid overdose, a patient may regain consciousness to the point of being capable of making decisions.

When this happens, the patient must approve or reject any additional information the doctor shares with loved ones.

Doctors and nurses can share PHI if a patient is severely intoxicated or unconscious and if they feel it is in the patient’s best interests. Both of these conditions must be met before any PHI disclosure relating to the patient’s care or payment for the care.

However, if the patient regains consciousness and forbids any additional information from being shared, the healthcare provider can still share information to prevent or lessen a threat to a patient’s health or safety.

HIPAA recognizes a patient’s personal representative (according to state law)

In the case of a patient’s personal representative, HIPAA grants this individual the right to “request and obtain any information about the patient that the patient could obtain, including a complete medical record.”

A personal representative is a person who has authority in healthcare decisions for the patient under state law. This representative can be determined from a parental relationship between a parent/guardian and a minor, or from a “written directive, health care power of attorney, appointment of a guardian, a determination of incompetency, or other recognition consistent with state laws to act on behalf of the individual in making health care related decisions.”

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Hoala Greevy

Founder of Paubox. Kayak fishing when I can. Native Hawaiian CEO.

Read more by Hoala Greevy

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022