ABCCR

HEALTH INSURANCE AND ACCOUNTABILITY ACT
by Dr. Fred Ansell

In April, 2003, new federal guidelines for privacy went into effect. Some hospitals have become rather stringent in handling information, choosing to err on the protective side to be safe. The law is somewhat complex and it will probably be a while before it is interpreted consistently across the country. Since a few pastors have called to ask if it is now against the law to list the names of hospitalized members in church bulletins or on church “prayer lists” (no, at least not usually), I want to give you some information about this development.

A good summary of the law is found in the March/April 2003 issue of Church Law and Tax Report. The article states that in 1996 Congress enacted the huge Health Insurance and Accountability Act (HIPAA) in order to improve “portability” and continuity of health insurance, which allows us to move from one health insurance provider to another without losing benefits; to combat waste, fraud and abuse in health insurance; to promote the use of medical savings accounts; to improve access to long-term care; and to simplify the administration of health insurance. Trying to simplify administration, the U.S. Department of Health and Human Services (HHS) adopted national standards for electronic health care transactions. Realizing that advances in electronic technology could erode the privacy of health information Congress incorporated into HIPPA mandatory federal privacy protections. Because of this HHS published a Privacy Rule in December 2000, to regulate the process and to become effective April 14, 2001, with compliance standards in place by April 14, 2003.

Reading the law should help people feel more comfortable about their privacy. However, it makes it difficult for churches and clergy to get some information from hospitals. The Federal Privacy Rule guarantees patients access to their medical records; giving them more control over how their health information is used and disclosed; and provides a remedy if their medical privacy is compromised.
Patients must give specific authorization before entities covered by this regulation could use or disclose protected information. Hospitals will have to follow the regulations and inform their patients in writing of their rights.

One of the sections of this massive Act that applies to churches and pastors in 164.510 which begins, “A covered entity may use or disclose protected health information, provided that the individual is informed in advance of the use or disclosure and has the opportunity to agree to or prohibit or restrict the use or disclosure, in accordance with applicable requirements of this section.” It also states that the agreement can be done orally.

The sections that follow indicate that the hospital can maintain a directory of individuals in its facility that includes name, room number, the person's condition described in general terms that does not communicate specific medical information about the individual, and religious affiliation. This can be disclosed, “(A) To members of the clergy; or (B) Except for religious affiliation, to other persons who ask for the individual by name.”

HHS has determined that “allowing clergy access to patient information pursuant to this section does not violate the Establishment Clause (U.S. Constitution) because it is a “permissible religious accommodation.” This will allow the hospital to disclose limited protected health information without obtaining authorizations so it should not be much more difficult “than it commonly has been for clergy to provide services to patients.”

There are many nuances written into the law, for example, what happens in an emergency and the patient can't consent. Most of this regulates the health care provider and not the clergy. There are also many questions to be clarified as the law is used.

The bottom line is that the hospital can no longer notify the church or pastor when a parishioner is a patient. However, the information can be obtained at the initiative of the pastor. Don't divulge information, though, without consent, jut to be safe. There is a risk of invasion of privacy, even unintentional because of the complexity of the Act, when a church publishes information on their web sites, or in church bulletins or newsletters, concerning the health condition of employees or church members. To eliminate this risk, these kinds of disclosures should not be made without consent, even to call the congregation to pray for individuals. The consent can be “express,” meaning no information about the health condition of a member or employee is published by the church in any form without that persons' signed consent. It can also can be “implied” consent. This can be done by occasionally publishing notices in the church media advising members that prayer lists are compiled by the church that contain the names and medical conditions of persons who are known to be hospitalized or ill, and advising members who do not want their name and medical condition published on church prayer lists to so inform the pastor or church office. A list should be made of the persons who object to being included on these lists. This is not as protective as “express” consent, but certainly easier to obtain.

Church Law and Tax Report suggests a model statement for occasional notice in bulletins, newsletters and web sites to inform the congregation.

Hospital Stays

A new federal law greatly restricts the disclosure of patient information by hospitals. As a result, the pastor and church office may not know that a member of the church has been admitted to the hospital. If you are hospitalized and would like to notify the pastor, it is important that you (or a family member) inform the church office as soon as possible. Call us at [church phone number]. Remember, hospitals no longer can provide this information to us.

So, HIPPA is not violated when a church publishes a “prayer list” in its bulletin, newsletter, web site, or elsewhere, that contains the names and medical conditions of church members who are either hospitalized or ill. HIPPA only addresses the unauthorized disclosure of patient information by hospitals. While a hospital cannot contact you to inform you of members who have been hospitalized, you (the church) is not liable for using this information for prayer lists or pastoral visits.
I hope this information allows you to continue providing care to your church members. Our society is becoming much more complicated which means people need the loving touch of Christ through the church more than ever.