• E-mail
• Print
• RSS

Clergy rights and HIPAA

HIPAA Weekly Advisor, February 8, 2002

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

Q: Under HIPAA, are the rules for accessing patient information the same for members of clergy?

A: The privacy rule allows covered entities to disclose a patient's name, general condition, location in the facility, and religious affiliation to members of clergy, even if they do not inquire about an individual by name. However, the rule does not require providers to inquire about the religious affiliation of an individual, and patients can choose not to supply that information to the facility.

Use the following ways to protect patient privacy when providing information to clergy:

1. Give patients a chance to opt out.
A facility can give basic directory information to clergy and anyone else who asks about a particular person by name, as long as the patient has not opted-out of being included in the directory. If the patient does not opt out, he or she is implicitly permitting clergy to know about religious affiliation.

Patients can choose to withhold information about their religious affiliation. Those who do so can still have their general information in the patient directory.

2. Include disclosures to clergy in your notice of privacy practices.
Facilities must provide patients with a notice of privacy practices and a consent form prior to treatment. Inform patients that clergy have access to religious affiliation information in the directory in your notice of privacy practices.

3. Use your best judgment.
One of the weaknesses of HIPAA overall is that there is no obligation to validate or authorize the person looking for information. There really isn't a way to be sure that someone who claims to be a member of clergy actually is.

Use caution and don't be afraid to question the credentials of the religious person who is calling, if you feel justified in doing so. In many instances, institutions have a long-standing relationship with members of the local clergy. They will know who is and who isn't an authentic member of the area's clergy.

Use your best judgment and common sense.

4. Consult the patient's authorized representative, if necessary.
Always protect the privacy and best interests of the patient. If the patient can't speak for him or herself, figure out who can speak for the patient. It should be a guardian or representative.

Editor's note: Answered by Thomas E. Jeffry Jr., Esq., a partner at Davis, Wright, Tremaine, LLP, in Los Angeles, and co-chair of the Workgroup for Electronic Data Interchange's privacy policy advisory group, and Michael Blau, Esq., a partner at McDermott Will & Emery, in Boston.

The above information was adapted from an upcoming article in February's Briefings on HIPAA.

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

• E-mail to a Colleague
• Print
• RSS
• Archive