Time to bust a recent myth that I know could end up getting away from us really fast:
It was announced recently that the Obama administration modified the HIPAA Privacy Rule so that certain mental health professionals and facilities are explicitly permitted to provide information about clients/patients to the National Instant Criminal Background Check System (HHS makes the rules and HHS is under the executive branch, so the POTUS can do that.)
This was meant to facilitate reporting of those folks who are banned from purchasing firearms for mental health-related reasons (click here for further information on that law.)
What’s most interesting to me, however, is that this change was not legally necessary — it was only needed because state agencies and professionals feel tenuous in their understanding of how the Privacy Rule works.
Why The Change? Do I Have To Report My Clients?
Nope. If you did, you would already know about it. My whole reason for writing this post was to nip that rumor in the bud.
According to the text in the Federal Register, the people and groups affected by this rule change were already supposed to be making these reports to the NICS (the background check people.)
The rule change was made primarily so that state and local agencies could clear up misunderstandings around HIPAA. These misunderstandings were preventing many state and local agencies from making their reports because of concern that doing so would violate HIPAA.
In summary: if someone tells you that the Feds changed the law such that you have to tell them when your clients are mentally ill, point them to this article — because they are wrong about that.
The new rule goes into effect Feb 5, so if we see any rumors flying that’s likely to be when they’ll start.
An aside: it is interesting to me that even state agencies were avoiding disclosure of information due to (mistaken) fear of HIPAA. This same misunderstanding of HIPAA has negatively impacted family caregivers, clinicians, and many more recently. Misunderstanding of HIPAA consistently causes harm, and that’s why correcting those misunderstandings is part of Person-Centered Tech’s mission.