Paubox blog: HIPAA compliant email made easy

Can PHI be shared with clergy?

Written by Kirsten Peremore | November 30, 2023

Healthcare facilities can maintain a directory of patient details such as names, locations, general health conditions, and religious affiliations. This directory information can be disclosed to clergy members, facilitating appropriate spiritual support and care communication.

 

HIPAA Privacy Rule and facility directories

HIPAA Privacy Rule permits healthcare facilities to have a directory of patient information, including names, locations within the facility, general health conditions, and religious affiliation. This directory allows hospitals to disclose patient names to clergy members unless patients have expressly objected. During emergencies, healthcare providers can disclose directory information if it aligns with the patient's prior preferences and is in their best interest. This enables communication between healthcare facilities and clergy while respecting patient privacy.

See also: What PHI is in a facility directory?

 

Considerations for patient information to be shared with clergy

  1. Maintaining a directory: Healthcare facilities can create and maintain a directory that includes specific patient information such as names, locations within the facility, general health conditions, and religious affiliation.
  2. Clergy access: Members of the clergy are allowed access to this directory information, enabling hospitals to disclose patient names to clergy members.
  3. Patient consent: If a healthcare facility intends to include a patient's information (such as name, location, health condition, and religious affiliation) in a directory accessible to clergy and others, the patient should be informed. 
  4. Emergency situations: In emergencies or when a patient cannot provide consent due to their condition, disclosure of directory information to clergy can still occur. This is acceptable if the disclosure aligns with the patient's prior expressed preferences and is determined to be in the patient's best interest by the healthcare provider's professional judgment.

See also: Is sharing PHI on personal devices safe?

 

Limitations to sharing PHI in facility directories

While the HIPAA Privacy Rule allows certain sharing of protected health information (PHI) with clergy members, there are limitations and restrictions to ensure patient privacy and confidentiality:

  1. Sensitive health details: Specific and sensitive health information beyond the patient's general health condition should not be shared. This includes details about diagnoses, treatments, procedures, medications, or any other information that could reveal the patient's medical history.
  2. Non-directory information: Information that is not part of the directory, such as medical records, test results, mental health records, and any other PHI that is not included in the specific directory items (name, location, general health condition, religious affiliation), should not be shared with clergy without patient consent.
  3. Personal identification: Any personal identifiers such as Social Security numbers, addresses, phone numbers, or any other data that could be used to identify an individual should not be shared with clergy.
  4. Sensitive conditions: Information about sensitive conditions like substance abuse treatment, mental health treatment, reproductive health, and communicable diseases should generally not be shared with clergy without explicit patient consent.
  5. Objection by patient: If a patient has explicitly objected to having their information shared with clergy, their objection should be respected, and their information should not be disclosed.

See also: HIPAA Compliant Email: The Definitive Guide