The Department of Health and Human Services (HHS) issued a modification to the HIPAA Privacy Rule in January 2016, expressly permitting certain HIPAA covered entities (CE) to disclose the identities of individuals with certain federal “mental health prohibitors” to the National Instant Criminal Background Check System (NICS). 

The NICS, established from the 1993 Brady Gun Law, conducts background checks on persons who may be disqualified from receiving a firearm and is maintained by the Federal Bureau of Investigation (FBI).

Certain prohibitors to gun ownership include, but are not limited to, involuntary commitment to a mental institution, incompetency to stand trial, or other lawful authority to be a danger to themselves or others.

In a press release, Jocelyn Samuels, director of the Office for Civil Rights (OCR), HHS, was keen to stress that the modification does not change access to a firearm for Americans with mental health conditions, but rather the modification only affects the ability of authorities to gain medically relevant information of individuals already prohibited by federal law from having a firearm.

Balancing the privacy rights of individuals with public safety, HHS narrowly tailored the modification to permit only certain CEs to disclose the information.

The modification strictly prohibits the disclosure of medical information, other than the indication that the individual is subject to the federal mental health prohibitor.

Balancing the privacy rights of individuals with public safety is becoming an almost defining challenge for organizations responsible for safeguarding sensitive information.

The narrow scope is intended to preserve the patient-provider relationship, while also ensuring individuals are not discouraged from seeking voluntary treatment.

The modification will amend 45 C.F.R. § 164.512 by adding a paragraph (k)(7) to the existing “Uses and disclosures for which an authorization or opportunity to agree or object is not required.”

HIPAA BootCamp

Michelle Caswell

Senior Director, Legal & Compliance at Clearwater Compliance
Michelle Caswell has over 14 years legal and healthcare experience and worked as a HIPAA Investigator for the U.S. Department of Health and Human Services, Office for Civil Rights where she ensured covered entities were in compliance with HIPAA, conducted complaint investigations and educated entities on HIPAA compliance. Michelle brings that experience to Clearwater Compliance as Senior Director, Legal and Compliance.