U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

Hurdling HIPAA Regulations

NCJ Number
209510
Journal
Law Enforcement Technology Volume: 32 Issue: 3 Dated: March 2005 Pages: 74-80,82,83
Author(s)
Carole Moore
Date Published
March 2005
Length
9 pages
Annotation
This article reviews the history of the Federal Health Insurance Portability and Accountability Act (HIPAA), discusses its implications for law enforcement tasks, and offers recommendations for law enforcement agencies in complying with HIPAA.
Abstract
One of the goals of HIPAA is to ensure the confidentiality of patient's health care information. Under HIPAA, law enforcement agencies are not "covered entities." Covered entities include doctors, insurers, and organizations affected by the regulations, such as clinics and hospitals. For law enforcement agencies, HIPAA provisions come into play when dealing with agencies that do have to comply with them. There will be occasions when investigations will be facilitated by obtaining a person's health information. At other times, a person's health information known to a law enforcement agency may be requested by the press or other interested parties. Currently, there have been no court cases that have helped define how HIPAA provisions will apply under various circumstances. Until then, covered entities are typically being very guarded in releasing medical information, since noncompliance with HIPAA carries thousands of dollars in fines. Protected information, which is information that the covered entity cannot voluntarily provide without the consent of the parties involved, can always be subpoenaed or obtained by warrant or court order. Such documents should be specific about the information needed. Further, departmental attorneys should meet with the legal and staff representatives of the covered entities in the department's jurisdiction for the purpose of developing a written policy document accepted by all the parties. Also, if departments have existing request forms, language should be added that refers to specific HIPAA regulations. Finally, departments should ensure that HIPAA regulations are accessible to officers who are conducting investigations, so they can be consulted when needed.