Hospitals and health systems are responsible for protecting the privacy and confidentiality of their patients and patient information. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulations established national privacy standards for health care information. HIPAA prohibits the release of information without authorization from the patient except in the specific situations identified in the regulations. This document is based on the HIPAA medical privacy regulations and provides overall guidance for the release of patient information to law enforcement and pursuant to an administrative subpoena.
THIS INFORMATION IS PROVIDED ONLY AS A GUIDELINE. CONSULT WITH LEGAL COUNSEL BEFORE FINALIZING ANY POLICY ON THE RELEASE OF PATIENT INFORMATION. ALSO, BE AWARE THAT HEALTH CARE FACILITIES MUST COMPLY WITH STATE PRIVACY LAWS AS WELL AS HIPAA. CONTACT YOUR LEGAL COUNSEL OR YOUR STATE HOSPITAL ASSOCIATION FOR FURTHER INFORMATION ABOUT THE APPLICATION OF STATE AND FEDERAL MEDICAL PRIVACY LAWS TO THE RELEASE OF PATIENT INFORMATION.