Hipaa Laws: Do They Extend To Military Personnel?

do hipaa laws apply to military

The Health Insurance Portability and Accountability Act (HIPAA) permits the disclosure of protected health information (PHI) of Armed Forces personnel under special circumstances. This is known as the Military Command Exception. Under this exception, covered entities, such as military treatment facilities, may disclose the PHI of service members to military command authorities for authorized activities. These activities include fitness for duty, fitness to perform a particular assignment, or other activities essential for the military mission. While the Military Command Exception allows for the disclosure of PHI, it does not grant Commanders direct access to a service member's electronic medical record unless otherwise authorized by the service member or the HIPAA Privacy Rule.

Characteristics Values
Does HIPAA apply to the military? The Health Insurance Portability and Accountability Act (HIPAA) does apply to the military, but there is a Military Command Exception.
Military Command Exception Covered entities may use and disclose personal health information of Armed Forces personnel if deemed necessary by military command authorities to assure the proper execution of a military mission.
Who can disclose information? Military treatment facilities and other covered entities
Who can information be disclosed to? Military command authorities
What type of information can be disclosed? Personal health information (PHI)
When can information be disclosed? When deemed necessary for authorized activities
Examples of authorized activities Determining fitness for duty, fitness to perform a particular assignment, carrying out any other activity essential for the military mission
Are there any other circumstances where information can be disclosed? Yes, in cases where there is a serious risk of harm to self, others, or the mission.

lawshun

The Military Command Exception

However, it is important to note that this exception does not require covered entities to disclose PHI to commanders; it only permits them to do so if it is deemed necessary by appropriate military command authorities to ensure the proper execution of a military mission. If disclosure is made, only the minimum amount of information necessary should be provided, as per the HIPAA Privacy Rule.

Appropriate military command authorities include commanders who exercise authority over a service member or another person designated by a commander. Authorized activities for which PHI may be disclosed include, but are not limited to, determining a member's fitness for duty, their fitness to perform a particular assignment, or carrying out any other activity essential for the military mission.

lawshun

Authorised activities

The Health Insurance Portability and Accountability Act (HIPAA) permits the use and disclosure of protected health information (PHI) of Armed Forces personnel under special circumstances. Under the Military Command Exception to the HIPAA Privacy Rule, PHI can be used and disclosed by covered entities if deemed necessary by the appropriate military command authorities to ensure the proper execution of a military mission. This exception does not require disclosure but permits it, and only the minimum amount of information necessary should be provided.

  • Determining a service member's fitness for duty or for a particular assignment.
  • Carrying out any other activity deemed essential for the military mission.
  • Inpatient care, where the member is admitted to or discharged from any inpatient mental health or substance misuse treatment facility.
  • Acute medical conditions that interfere with duty, where the member's ability to perform assigned duties is impaired by an acute mental health condition or treatment regimen.
  • Ensuring the proper execution of a military mission, conducting intelligence, and providing protective services.
  • Making medical suitability determinations for employees of the U.S. State Department.
  • Protecting the health and safety of inmates or employees in a correctional institution.

These authorised activities allow for the disclosure of PHI to appropriate military command authorities, such as commanders who exercise authority over a service member or another person designated by a commander. The exception does not permit a commander's direct access to a service member's electronic medical record unless otherwise authorised by the service member or the HIPAA Privacy Rule.

lawshun

Mental health and substance abuse disclosures

The Health Insurance Portability and Accountability Act (HIPAA) permits the disclosure of protected health information (PHI) of Armed Forces personnel under special circumstances. This includes mental health and substance abuse disclosures.

The Department of Defense (DoD) issued Instruction Number DoDI 6490.08 in 2011, which allows DoD healthcare providers to notify an Armed Forces service member's commander when they obtain mental healthcare and/or substance misuse education services if certain conditions are met. These conditions include:

  • Harm to self: There is a serious risk of self-harm by the member.
  • Harm to others: There is a serious risk of harm to others, including any disclosures concerning child abuse or domestic violence.
  • Harm to mission: There is a serious risk to a specific military mission.
  • Special personnel: The member is in the Personnel Reliability Program or has mission responsibilities that are highly sensitive or urgent, and normal notification standards would significantly risk mission accomplishment.
  • Inpatient care: The member is admitted or discharged from any inpatient mental health or substance misuse treatment facility.
  • Acute medical conditions interfering with duty: The member's ability to perform assigned duties is impaired due to an acute mental health condition or an acute medical treatment regimen.
  • Substance misuse treatment program: The member has entered or is being discharged from a formal outpatient or inpatient treatment program for substance misuse.
  • Command-directed mental health evaluation: The mental health services are obtained as a result of a command-directed mental health evaluation, and proper execution of the military mission outweighs the interests served by avoiding notification.

In addition to the above circumstances, the Military Command Exception to the HIPAA Privacy Rule allows covered entities, such as military treatment facilities, to disclose PHI to military command authorities for authorized activities, including:

  • Fitness for duty determinations
  • Fitness to perform a particular assignment
  • Other activities necessary for the military mission

While HIPAA provides some protection for mental health and substance abuse disclosures, it is important to note that state laws may impose additional restrictions or requirements. Some states have specific statutes governing mental health and substance abuse records, which can vary widely in terms of authorizing the disclosure of information without consent for treatment purposes. Therefore, it is crucial to consider both federal and state laws when dealing with mental health and substance abuse disclosures under HIPAA in the military context.

lawshun

Protected health information

The Health Insurance Portability and Accountability Act (HIPAA) establishes a set of national standards for the protection of certain health information. The US Department of Health and Human Services (HHS) issued the Privacy Rule to implement the requirements of HIPAA. The Privacy Rule standards address the use and disclosure of individuals' health information, which is called "protected health information" (PHI).

PHI is individually identifiable health information that is transmitted or maintained by electronic or any other form or medium. This includes information that relates to an individual's past, present, or future physical or mental health or condition, the provision of health care to the individual, or the past, present, or future payment for the provision of health care to the individual. It also includes common identifiers such as name, address, birth date, and Social Security Number.

HIPAA permits the disclosure of PHI of Armed Forces personnel under special circumstances. Under the Military Command Exception to the HIPAA Privacy Rule, covered entities may use and disclose PHI if it is deemed necessary by appropriate military command authorities to ensure the proper execution of a military mission. This exception permits the disclosure of PHI to military command authorities for authorized activities, including fitness for duty determinations, fitness to perform a particular assignment, or other activities necessary for the military mission.

PHI disclosed to military command authorities is no longer subject to HIPAA but remains protected under the Privacy Act of 1974. This means that while the information can be shared, it must be kept private and secure.

The Department of Defense (DoD) supports the provision of mental health care and substance abuse education to Armed Forces personnel while maintaining a balance between patient confidentiality rights and Command notification. Covered entities are generally not permitted to notify a service member's Commander when the member obtains these services unless certain conditions are met, such as displaying a serious risk of harm to self, others, or the mission.

lawshun

Military and veterans activities

Under this exception, covered entities, such as military treatment facilities, may disclose PHI to military command authorities for authorized activities. These activities include determining an individual's fitness for duty, fitness to perform a particular assignment, or any other activity deemed necessary for the successful execution of a military mission. It is important to note that this exception does not grant commanders direct access to a service member's electronic medical record unless explicitly authorized by the service member or the HIPAA Privacy Rule.

In the context of mental health and substance abuse, the Department of Defense (DoD) generally prohibits healthcare providers from notifying a service member's commander when the member seeks these services. However, disclosure to the commander is required when certain conditions are met, such as when there is a serious risk of harm to the member, others, or the mission.

Additionally, HIPAA allows for the disclosure of PHI for individuals who are Armed Forces personnel, foreign military personnel, and veterans. This disclosure is permitted for activities deemed necessary by appropriate military command authorities to ensure the proper execution of the military mission. The Department of Defense and Homeland Security may disclose PHI to the Department of Veterans Affairs (DVA) upon the separation or discharge of a service member to determine their eligibility for benefits.

Frequently asked questions

The Health Insurance Portability and Accountability Act (HIPAA) permits protected health information (PHI) of Armed Forces personnel to be disclosed under special circumstances.

The Military Command Exception to the HIPAA Privacy Rule allows covered entities to use and disclose personal health information of Armed Forces personnel if deemed necessary by appropriate military command authorities to ensure the proper execution of a military mission.

Appropriate military command authorities include commanders who exercise authority over a service member or another person designated by a commander.

PHI may be disclosed for authorized activities such as determining a member's fitness for duty, fitness to perform a particular assignment, or carrying out any other activity essential for the military mission.

Yes, the Department of Defense issued Instruction Number DoDI 6490.08, which outlines conditions under which disclosure is required, such as when there is a serious risk of harm to self, others, or the military mission.

Written by
Reviewed by
Share this post
Print
Did this article help you?

Leave a comment