Health Insurance Portability & Accountability Act of 1996 (HIPAA) – Effect on Church Prayer Lists
HIPAA was created for four key reasons: (1) To ensure continuity of health care coverage when changing jobs; (2) To combat waste, fraud and abuse in health care and health insurance; (3) To simplify administration of health insurance thereby improving the efficiency and effectiveness of the health care system; and (4) To protect the privacy of health information.
Title II of the HIPAA law includes requirements for ensuring the security and privacy of individuals' medical information. The standards aim to maintain the right of individuals to keep private information about themselves. HIPAA covers medical records and other "individually identifiable health information" (communicated electronically, on paper, or orally) that are created or received by covered health care entities that transmit information electronically.
Although the kind of information protected by HIPAA is broad, the requirement to keep such information private applies only to health care entities that create or receive such information and who transmit information electronically. In the U.S. Department of Health and Human Services website on HIPAA, there is a set of "Frequently Asked Questions" Question number 190 is, "Who must comply with these new HIPAA privacy standards?" The answer provided by HHS is health plans, health care clearinghouses and health care providers who conduct certain financial and administrative transactions electronically. Clergy and churches are NOT listed and I cannot locate any provision that would apply in regard to prayer lists or visitation. (On the other hand, church owned health care facilities and clergy who provide care for a fee may well be required to comply with HIPAA).
To date, HIPAA has impacted clergy patient lists and notification by a health care facility that a church member is in their facility. Many such institutions in Connecticut had a "professional courtesy" practice of calling clergy to notify them that a member of their church was admitted to their facility. Now, hospitals and health care facilities can only inform clergy about parishioners in the facility if the patient is told in advance that facility notifies clergy or maintains a clergy patient list and the patient does not object. Because of the rule, many facilities have decided it is easier to just not notify clergy that a church member has been hospitalized and to cease providing a patient list for clergy.
General common sense must still dictate care in placing a person on a church prayer list, as different people will react differently to public disclosure of their health information. Use caution with respect to the level of detail provided. Clergy should continue to respect the privacy confidentiality of information they learn while in a health care facility or from a church member. However, HIPAA was not intended to limit our ability to pray for others, and to date, we know of no lawsuit arising solely out of an earnest prayer by one for another.