Health Insurance Portability and Accountability Act (HIPAA)

HIPAA Privacy Rule Proposed Change

HHS released proposed changes to the HIPAA Privacy Rule with the goal of strengthening individuals’ rights to access their own health information, including electronic information; improving information sharing for care coordination and case management for individuals; facilitating greater family and caregiver involvement in the care of individuals experiencing emergencies or health crises; and enhancing flexibilities for disclosures in emergency or threatening circumstances, such as the Opioid and COVID-19 public health emergency.

Comments are due Thursday, May 6, 2021. APA developed a template letter for District Branches to submit comments. Download APA's template letter here (.docx). The template letter responds to the following proposed changes:

  • Requiring the sharing of protected health information (PHI and electronic protected health information or ePHI) at the point of care.
  • The proposal would amend the Privacy Rule to replace the "serious and imminent threat" standard with a "serious and reasonably foreseeable threat" standard. This is defined to mean "that an ordinary person could conclude that a threat to health or safety exists and that harm to health or safety is reasonably likely to occur if a use or disclosure is not made, based on facts and circumstances known at the time of the disclosure." It also modifies the standard for certain permitted disclosures from one based on a covered entity's "professional judgment," to one based on its "good faith" belief that a disclosure would be in the best interest of the individual.
  • The proposal notes, some covered health care providers, such as licensed mental and behavioral health professionals, have specialized training, expertise, or experience in assessing an individual's risk to health or safety (e.g., through a violence or suicide risk assessment) and, therefore, the standard includes an express presumption that such a health care provider has met the reasonably foreseeable standard when it makes a disclosure related to facts and circumstances about which the health care provider (or a member of the team) has specialized training, expertise, or experience.

HIPAA Guides For APA Members

If you are an APA member, you can access two comprehensive HIPAA guides.

APA's HIPAA Privacy Rule Manual: A Guide for Your Psychiatric Practice

HIPAA Privacy Rule Manual is avialable in pdf and word documents:

Download Manual - PDF Document

Download Manual - Word Document

HIPAA Privacy Rule Manual, includes:

APA HIPAA Security Rule Manual

Download HIPAA Security Rule Manual

Also available to APA members is a How to Guide on Using the Security Rule Manual

Important notice

APA HIPAA compliance manuals are a membership benefit. They are copyrighted documents. APA members may use them in their private practice without first seeking written permission from APA. Redistribution, resale or reproduction is expressly prohibited without prior written consent.

APA Resource Documents

Resources on Privacy and Psychiatric Disorders

Important disclaimer regarding HIPAA and the laws of your state

Many state privacy laws will continue to apply following the compliance date of the HIPAA privacy regulations. You are advised to consult with your state medical society, local chapter of specialty society, legal counsel or advisors familiar with your state’s laws to determine which state laws and regulations will impact:

  1. the operation of your practice, and
  2. the contents of any form, template document or agreement contained on this page

This page or any materials hosted within are not intended as, and do not constitute, legal or other professional advice.

HIPAA & HIT: A Primer

Helping you keep patient information private and secure in the digital era.

Learn More

New HHS Guidance: HIPAA and the Opioid Crisis

As part of the 21st Century Cures Act, the American Psychiatric Association supported provisions to clarify the circumstances under which a healthcare provider may disclose protected health information under the Health Insurance Portability and Accountability Act (HIPAA). As follow up to passage of the law, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights launched new guidance to clarify how HIPAA applies to information sharing with a patient's friends and family in response to the opioid crisis. The guidance does not amend current regulations or law.

View the Guide

Final Rule: 42 CFR Part 2, Confidentiality of Substance Use Disorder Patient Records

For the first time in 30 years, HHS updated its regulations for 42 CFR Part 2 (Part 2), Confidentiality of Substance Use Disorder Patient Records. The updated regulations, scheduled to go into effect on March 21, 2017 intend to allow for better information sharing while balancing the privacy rights for people seeking treatment for substance use issues.

Learn More

Do you have to be HIPAA compliant?

Learn more from HHS on how to report a HIPAA complaint.

Learn More