Guidelines for Releasing Patient Information to Law Enforcement

Introduction

Hospitals and health systems are responsible for protecting the privacy and confidentiality of their patients and patient information. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulations established national privacy standards for health care information. HIPAA prohibits the release of information without authorization from the patient except in the specific situations identified in the regulations. This document is based on the HIPAA medical privacy regulations and provides overall guidance for the release of patient information to law enforcement and pursuant to an administrative subpoena.

THIS INFORMATION IS PROVIDED ONLY AS A GUIDELINE. CONSULT WITH LEGAL COUNSEL BEFORE FINALIZING ANY POLICY ON THE RELEASE OF PATIENT INFORMATION. ALSO, BE AWARE THAT HEALTH CARE FACILITIES MUST COMPLY WITH STATE PRIVACY LAWS AS WELL AS HIPAA. CONTACT YOUR LEGAL COUNSEL OR YOUR STATE HOSPITAL ASSOCIATION FOR FURTHER INFORMATION ABOUT THE APPLICATION OF STATE AND FEDERAL MEDICAL PRIVACY LAWS TO THE RELEASE OF PATIENT INFORMATION.

Key Resources

Related Resources

Other Resources
Geisinger’s Behavioral Health Care Transformation
Special Bulletin
HHS Finalizes Changes to Information-sharing Requirements for Addiction Treatment
Member
Action Alert
ACT NOW: Congress Considering Billions in Cuts to Hospital Services that Could Harm Patient Care
Member
Special Bulletin
Hospital Associations and Hospitals File Lawsuit Challenging Federal Rule That Ties Providers’ Hands
Member
Frequently Asked Questions (FAQs)
Myth vs. Fact: HHS-OCR Online Tracking Rule
Member
Letter/Comment
AHA Responds to Senate RFI on Health Data Privacy
Public