In January, the Office for Civil Rights (OCR) of the Department of Health and Human Services (HHS) published a final rule, which modifies HIPAA privacy rules to allow for easier sharing between certain HIPAA covered entities and the National Instant Criminal Background Check System (NICS). Specifically, the final rule allows certain HIPAA covered entities to share with NICS the identities of individuals prohibited under federal law from legally owning a firearm.
The Gun Control Act of 1968 prohibits categories of individuals from engaging in the shipment, transport, receipt or possession of firearms. The Department of Justice (DOJ) issued regulations applying the prohibition to those that have been involuntarily committed to a mental institution, those found to be incompetent to stand trial or found not guilty by reason of insanity are prohibited from owning a firearm, or otherwise determined by a court, board, commission, or other lawful authority to be a danger to themselves or others or unable to manage their own affairs as a result of marked subnormal intelligence, or mental illness, incompetency, condition, or disease. This prohibition is referred to as the "mental health prohibitor." The January final rule provides that only covered entities which already have lawful authority to render adjudication decisions which subject individuals to the mental health prohibitor may disclose those individuals' identities to the NICS. The final rule does not allow for clinical or medical information to be disclosed; only demographic information about individuals subject to the prohibitor may be disclosed.
In the text and analysis of the Final Rule, the OCR explains the very limited and narrow exception to HIPAA privacy rules as a balance between patient privacy and public safety goals. The Final Rule cited the American Medical Association's (AMA's) support for the Final Rule stating that the AMA "...Code of Ethics supports strong protections for patient privacy and, in most cases, requires physicians to keep patient medical records strictly confidential. If there must be a breach in confidentiality, such as for public health or safety reasons, the disclosures must be as narrow in scope as possible." In addition, OCR cited uniformity as a justification for the Final Rule. OCR explained that some states have not established reporting rules for this type of disclosure to the NICS. Thus, this rule will allow for more uniform reporting standards throughout all fifty states.
Wachler & Associates stays abreast of all HIPAA policies and procedures, as well as new rules regarding HIPAA privacy mandates. Our attorneys counsel HIPAA covered entities and business associates around the country in a variety of HIPAA matters. If you or your healthcare entity have any questions regarding HIPAA Privacy rules, or otherwise need assistance regarding HIPAA compliance, please contact an experienced healthcare attorney at (248) 544-0888 or via email at email@example.com.