HIPAA Privacy Rule Update: Extreme Risk Protection Orders

Recently the Department of Health and Human Services (HHS) along with the Office for Civil Rights (OCR) issued an announcement regarding extreme risk protection order (ERPO) laws and the disclosure of protected health information (PHI).  This published model was created as a way to provide each state with a framework to consider as they implement their own ERPO laws.

What’s An ERPO? 

It is a court order that “temporarily prevents a person in crisis, who poses a danger to themselves or others, from accessing firearms”.  This announcement outlined the petitioners that can apply for an ERPO and the supporting documentation that they can provide.  While the legislation can vary from state to state, the individuals can be law enforcement officers, health care providers, and family members.

How Does HIPAA Come into Play?

The Privacy Rule permits a covered entity health care worker to disclose PHI that supports the ERPO application from an individual in certain circumstances.

Those include:

• When the disclosure is required by law and complies with the requirements of the law. This can come in the form of a statute, subpoena, or court order.
• When the disclosure is provided in response to an administrative tribunal, subpoena, discovery request, order of a court, or other lawful processes of a judicial or administrative proceeding. There are applicable conditions in such a situation.  An example of this provided by HHS was if an individual threatened their partner with a firearm and was under the care of mental health professionals.  The ERPO could be filed with supporting records from the provider.

Additional requirements include proof of notifying the individual about the request for their PHI and the subsequent destruction of the PHI at the end of the proceedings.

Sorting It All Out

The disclosure of an individual’s health information in this situation is done as a way to lessen and prevent harm to others.  There are additional state laws that support the protection of privacy, and professional ethical standards that support those laws. If you are unsure about how your state mandates apply in this or any other situation, HIPAA Secure Now can assist you with sorting it out!  We’re here to help you maintain HIPAA compliance, protect your patients, and keep your healthcare business safe in the process!  Contact us today with any questions.