News For Public Officials . . . Get the Newsletter - It's FREE
Newsletter Archives The Campaign Tool Chest
Send this page to a friend Campaigner's Bookstore

Send this page to a friend

Get the newsletter
 
 
Related Articles
 
School Districts and HIPAA - What Are The Compliance Risks?
 
County Posts Private Medical Data Online
 
HIPAA Privacy Regulations Impact Schools & Local Government Entities
 
Ft. Bend County Balks at Release of HIPAA Audit

 
 
 
 
The content of this Alert is for informational purposes and not intended as legal advice.

Mental Health Issues & Privacy - Virginia Tech Analysis

Sept-01-07

 

Since the horrible facts of the Virginia Tech massacre have been revealed, many questions have been asked about what kind of information a school district or university can disclose and whether the type of psychological information involved with the shooter in the VA Tech case can be released under HIPAA.

In sum, the answer is YES, this type of information can be disclosed under the HIPAA Privacy rule.  Section 164.512 (j) (1) of the Privacy rule specifically addresses disclosures to prevent or avert serious threats to public safety.  This section is entitled, "Uses and disclosures to avert a serious threat to health or safety."

Specific disclosures are permitted under this portion of the Privacy rule.  The rule states: "a covered entity," [a school or university], "may, consistent with applicable law and standards of ethical conduct, use or disclose protected health information, if the covered entity, in good faith, believes the use or disclosure:

Is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public; and

Is to a person or persons reasonably able to prevent or lessen the threat, including the target of the threat; or . . ."

Although this section goes on in detail, obviously there is an exception to "avert a serious threat to health and safety," that may assist schools and universities in situations like this in the future. 

In addition, there is a "good faith presumption," in the Privacy rule that specifically addresses this issue.  This good faith presumption section directly relates to section (j) (1) cited directly above.  It is entitled "Presumption of good faith belief;" and states as follows . . . . "a covered entity that uses or discloses protected health information pursuant to paragraph (j)(1) of this section is presumed to have acted in good faith with regard to a belief described in paragraph (j)(1)(i) or (ii) of this section, if the belief is based upon the covered entity's actual knowledge or in reliance on a credible representation by a person with apparent knowledge or authority." 

The purposes of the HIPAA rules are to alter certain business practices to promote efficiency, reduce fraud, and protect health information.  However, they may also educate healthcare staff in organizations subject to HIPAA on "business practice procedures" that, if implemented consistently, may cause educational staff to routinely report individuals that display "odd" or even "frightening behaviors," to prevent like tragedies in the future.

Send this page to a friend

Get the newsletter

Specific Tools for HIPAA Compliance In School Districts  

HIPAA Solutions, LC offers comprehensive and affordable compliance resources through the HIPAA ComplyPAK©, a suite of products and tools that can be implemented by ISD's to manage Privacy and Security elements of HIPAA. . . Learn more