Posted on 01/06/2016 10:30:32 AM PST by MarchonDC09122009
HIPAA Privacy Rule Modified for Gun Background Checks
http://www.healthcareinfosecurity.com/hipaa-privacy-rule-modified-for-gun-background-checks-a-8780
HIPAA Privacy Rule Modified for Gun Background Checks But Most Providers Won't Be Affected by the Change Marianne Kolbasuk McGee (HealthInfoSec) ⢠January 5, 2016 Jocelyn Samuels, Director of OCR
A modification to the HIPAA Privacy Rule designed to help identify those who are prohibited, for specific mental health reasons, from having a firearm will have little impact on most healthcare providers because it's so narrow in scope.
See Also: Exploring the Security Requirements for Virtual Machines
The change, which is slated to take effect next month, permits only a small subset of HIPAA covered entities to disclose to the National Instant Criminal Background Check System the identities of individuals who are already prohibited by federal law from having a firearm.
"Specifically, this final rule gives states improved flexibility to ensure accurate but limited information is reported to the NICS," said Jocelyn Samuels, director of the Department of Health and Human Services' Office for Civil Rights in an announcement about the change posted on the HHS website.
NICS is the federal database that stores information about individuals prohibited by law from possessing firearms. Those include felons, those convicted of domestic violence and individuals involuntarily committed to a mental institution or found to be a danger to themselves or others, or unable to manage their affairs due to a mental health condition, according to HHS.
The final rule modification is slated to be printed on Jan. 6 in the Federal Register. The rule change takes effect on Feb. 5. Gun Control Measures
The modification to the HIPAA Privacy Rule comes as President Obama on Jan. 5 announced a series of executive actions in an effort to reduce gun violence. The actions are designed to make more gun sales subject to background checks and beef up enforcement of existing laws.
The FBI is overhauling its background check system to "make it more effective and efficient," the White House noted. Also, the Social Security Administration will begin the rulemaking process to include information in the background check system about beneficiaries who are prohibited from possessing a firearm for mental health reasons.
In explaining why the change to the HIPAA Privacy Rule was needed, the White House says: "Although states generally report criminal history information to NICS, many continue to report little information about individuals who are prohibited by federal law from possessing or receiving a gun for specific mental health reasons. Some state officials raised concerns about whether such reporting would be precluded by the HIPAA Privacy Rule."
Samuels said the rulemaking "makes clear that, under the Privacy Rule, certain covered entities are permitted to disclose limited information to the NICS. The information that can be disclosed is the minimum necessary identifying information about individuals who have been involuntarily committed to a mental institution or otherwise have been determined by a lawful authority to be a danger to themselves or others or to lack the mental capacity to manage their own affairs."
The rule does not allow reporting of diagnostic, clinical, or other mental health treatment information, Samuels stressed.
"The new modification is carefully and narrowly tailored to preserve the patient-provider relationship and ensure that individuals are not discouraged from seeking voluntary treatment," she said. "This rule applies only to a small subset of HIPAA covered entities that either make the mental health determinations that disqualify individuals from having a firearm or are designated by their states to report this information to NICS. The rule does not apply to most treating providers." Limited Impact
Because of its narrow scope, the change to the HIPAA Privacy Rule will have "very limited impact," says privacy attorney Adam Greene of the law firm Davis Wright Tremaine.
"Entities within the criminal justice system report to NICS when someone has been involuntary committed or received a certain adjudication related to mental health," he explains. "Healthcare providers, health plans and healthcare clearinghouses do not have reporting obligations under NICS. Rather, a small number of government covered entities may be part of agencies that make reports under NICS, and there was confusion related to whether HIPAA blocked those agencies from reporting to NICS. This rule clarifies that HIPAA does not interfere with those agencies reporting to NICS."
But one privacy advocate is concerned the modification could have negative consequences. "The effect will be to discourage even more people from seeking mental health treatment," says Deborah Peel, M.D. , a practicing psychoanalyst and founder and chair of the advocacy group Patient Privacy Rights. "The language HHS uses cannot easily be understood by the public - they have no idea who 'HIPAA covered entities' are for example.
"So many people are already wary of seeking treatment if their doctors or health professionals use electronic records, which they know are likely to be breached and will be widely disclosed," Peel says. "This rule will certainly discourage gun owners ... from seeking mental health treatment; all that they will hear is that mental health treatment can [land] them onto a list that goes to the government and might prevent them from buying firearms. The idea that a 'narrow subset' will be affected is simply too complex a message for the public to hear - all they will know is that people seeking mental health treatment will be reported to a federal database and limit their rights." Lengthy Process
The rule change has been in the making for almost two years. On April 23, 2013, the Federal Register published OCR's advance notice of rulemaking, seeking public input on how HIPAA may prevent some states from reporting information to NICS and ways these barriers can be addressed without discouraging mental health patients from seeking treatment (see Amending HIPAA for Background Checks).
Among public comments submitted, some mental health provider organizations urged that the modification of the rule be limited.
"The patient-physician relationship is an integral part of mental illness treatment and should be protected," wrote a representative from the Psychiatric Society of Delaware. "Physicians and other treating providers should not be involved in NICS reporting, and the PSD agrees with narrowly defining the scope of HIPAA-covered entities with permission to report to NICS to only covered entities with lawful authority to make adjudication or commitment decisions that make individuals subject to the federal mental health prohibitor, or that serve as repositories of information for NICS reporting purposes."
Seems to me there are constitutional questions here? But then we will follow Ryan and McConnell and do nothing. In fact , we will fund it!!
All this will do is keep the people who actually need help from seeking it. Your health information isn’t private if anyone in the govt knows.
That'll be the next EO.
The purpose of HIPAA is NOT to protect your medical records. Its to CONTROL your medical records.
Its also to control healthcare providers by using reimbursements (aka money) as a lever.
> Hope no one has any crazy relatives
There are heritable elements to mental illness, so anyone that’s ever had a crazy aunt or uncle then has a condition sufficient to bar them from possessing guns.
All Conservatives will be accused of Psikhushka, The official explanation was that no sane person would be against socialism.
“Come along with us,
let’s lie in wait for innocent blood,
let’s ambush some harmless soul,
Let’s swallow them alive, like the grave,
and whole, like those who go down to the pit,
We will get all sorts of valuable things
and fill our houses with plunder”
-Proverbs 1:11-13 (and possibly the plaque hanging in the lobby of the DNC)
See ya in the asylum. Hope we like the taste of Thorazine.
The one real problem is companies, including hospitals, would not spend the money to protect your data without a law forcing them too.
I work with them every day. Very little money is spent because “its the right thing to do”.
HIPAA does not offer the privacy protection that may think it does.
Your Healthcare data is sold and shared among 8000+ entities.
Data brokers, insurers and providers make $2+ Billion dollars per year trading what they know about you and your loved ones.
Go to thedatamap.org to learn more.
< img src=”http://thedatamap.org/map2013/map2013hipaa.jpg";>
 Flows not covered by HIPAA are in bold.
Of the hundreds of flows of personal health data documented on thedatamap, only half are actually covered by the Health Information Portability and Accountability Act (HIPAA). HIPAA governs the sharing of personal health information in the United States, but only applies to those entities involved in the direct billing of patient care. So, HIPAA covers some of the data flows from physicians and hospitals, but not all. A noteworthy exception is Discharge Data, which is authorized by state laws. Hospitals and physicians send a copy of each visit to the state and the state, in turn, often shares the data in ways less protective than HIPAA warrants.
< img src=”http://thedatamap.org/fig2.jpg";>
Whats more important to you personally and to the country? Winning with a remotely principled conservative or winning with a guy that BBQs the dismsmbered remains of the babies his abortion laws killed?
Because if all you Romney voters would have stopped making excuses and supported/voted for anyone whose name wasn’t Romney, they’d be president today.
< img src=”http://thedatamap.org/map2013/map2013hipaa.jpg">
 Flows not covered by HIPAA are in bold.
Of the hundreds of flows of personal health data documented on thedatamap, only half are actually covered by the Health Information Portability and Accountability Act (HIPAA). HIPAA governs the sharing of personal health information in the United States, but only applies to those entities involved in the direct billing of patient care. So, HIPAA covers some of the data flows from physicians and hospitals, but not all. A noteworthy exception is Discharge Data, which is authorized by state laws. Hospitals and physicians send a copy of each visit to the state and the state, in turn, often shares the data in ways less protective than HIPAA warrants.
< img src=”http://thedatamap.org/fig2.jpg">
... very soon to be expanded to “any patient on Class I through V meds” can’t own a gun...
just wait.
How would that be different from what we’ve got today?
Can someone please explain to me how the president of the United States can shield individual doctors from civil suits arising from unauthorized HIPAA disclosures?
Or is this just make work for lawyers?
He won’t need to.
The VA has already attempted to confiscate some poor vet’s guns because he could no longer balance his checkbook. Their agents were met at the vet’s house by angry citizens and they prudently retreated (”Take his guns? Naw, naw, we don’t have that authority. Have a nice day!”)
Once again, was a principled conservative running?
Obama would never submit to a background check. He can’t even pass E-Verify.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.