While the HIPAA privacy rule does not directly regulate churches and clergy members, it does apply to them in certain circumstances. The rule allows healthcare providers to disclose limited information to clergy members, provided the patient has not objected and the information falls within the specified directory criteria.
Understanding the HIPAA privacy rule
The HIPAA privacy rule grants patients greater control over how their health information is used and disclosed and provides remedies in case of privacy breaches. It applies to covered entities, including hospitals, doctors, health plans, and any other healthcare providers that conduct electronic transactions.
Read more:
HIPAA and clergy
One area of confusion surrounding the HIPAA privacy rule is how it affects churches and clergy members. While churches are not typically considered covered entities under HIPAA, the rule may apply to them in some instances.
Use and disclosure of protected health information
The privacy rule specifies that covered entities may not use or disclose protected health information (PHI) without the patient's authorization, except in certain circumstances. One such exception, outlined in section 164.510 of the privacy rule, allows healthcare providers to maintain a directory of individuals in their facility and disclose limited information to members of the clergy.
Informed consent and opportunity to object
While healthcare providers can disclose directory information to clergy members, they must inform the patient about the information that may be included in the directory and the individuals to whom it may be disclosed. Patients should also be allowed to restrict or prohibit the use or disclosure of their information for directory purposes.
Implications for clergy and churches
Based on the provisions of the HIPAA privacy rule, it is clear that clergy members can receive limited information about patients from healthcare providers. However, there are still some considerations for clergy and churches to keep in mind.
Definition of minister
The privacy rule does not provide a specific definition of a "minister." While it is commonly understood to include ordained clergy, it may also extend to non-ordained associate pastors, deacons, church board members, and lay workers who provide spiritual support.
Access to emergency rooms
It is important to note that the privacy rule does not grant automatic access to emergency rooms for clergy members. Each hospital may have its own policies regarding access to patients in crisis situations.
Asking patients about chaplain visits
Hospitals may still ask incoming patients if they would like a visit from a chaplain. However, it is necessary to respect the patient's privacy and ensure that any disclosure of PHI to the chaplain is done with the patient's informed consent.
Potential liability
Unauthorized disclosure of PHI by churches can potentially be considered an invasion of privacy. Churches should exercise caution when publishing information about the health conditions of their members or employees, even to seek prayers and support. A case in Ohio, Mitnaul v. Fairmount Presbyterian Church, demonstrated that the inclusion of personal medical information on a church website without explicit consent could be seen as offensive or objectionable.
Similarly, a federal case, Travelers Indemnity Company v. Portal Healthcare Solutions, ruled that posting private medical records online without adequate security gave "unreasonable publicity" to the patients' private lives. This decision suggests that similar disclosures by churches, such as publishing prayer lists with medical details in bulletins or online, could lead to liability. Churches should strive to obtain consent and respect the privacy of their members.
Are hospitals able to inform the clergy about parishioners in the hospital?
According to the HHS, “Yes, the HIPAA Privacy Rule allows this communication to occur, as long as the patient has been informed of this use and disclosure, and does not object. The Privacy Rule provides that a hospital or other covered health care provider may maintain in a directory the following information about that individual: the individual’s name; location in the facility; health condition expressed in general terms; and religious affiliation.”
FAQs
Can PHI be shared with clergy?
Healthcare facilities can maintain a directory of patient details such as names, locations, general health conditions, and religious affiliations. This directory information can be disclosed to clergy members, facilitating appropriate spiritual support and care communication.
Are clergy covered by HIPAA?
No, clergy are not covered entities under HIPAA. The law applies to healthcare providers, health plans, and related entities that handle protected health information (PHI).
When might clergy need to follow HIPAA regulations?
Clergy may need to follow HIPAA guidelines if they work in healthcare settings or encounter PHI while providing spiritual care in hospitals or nursing homes.
How can clergy ensure HIPAA compliance?
Clergy can ensure compliance by attending HIPAA training, limiting access to PHI, securing communications, and collaborating with healthcare providers to protect patient privacy.
See also: HIPAA Compliant Email: The Definitive Guide
Farah Amod
