New HIPAA Opioid Guidance out of HHS - Landscape

New HIPAA Opioid Guidance out of HHS


The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that it will be releasing new HIPAA Opioid Guidance in response to President Trump’s declaration of a nationwide public health emergency.

HHS is the executive body governing HIPAA regulation, and OCR is the HIPAA enforcement body behind the regulation.

The new HIPAA Opioid guidance will outline how and when healthcare professionals may share protected health information (PHI) in the event of an opioid-related health crisis. These crises can include incapacitation, like circumstances involving an opioid overdose.

Prior to the new HIPAA opioid guidance, healthcare providers were barred from sharing patient information in the event of an opioid overdose with the patient’s family, friends, and legal representatives. This limitation has been widely criticized by families of opioid-dependent individuals and health care professionals alike as an unnecessary burden that restricts quality of care.

“HHS is bringing all of the resources our department has to bear in order to address this crisis. This will ensure families have the right information when trying to help loved ones who are dealing with the scourge of drug addiction,” said Acting HHS Secretary Eric D. Hargan.

“We know that support from family members and friends is key to helping people struggling with opioid addiction, but their loved ones can’t help if they aren’t informed of the problem,” said Director Roger Severino, of the HHS Office for Civil Rights. “Our clarifying guidance will give medical professionals increased confidence in their ability to cooperate with friends and family members to help save lives.”

In general, the HIPAA Privacy Rule does not allow disclosures to family or legal representatives unless expressly stated in a proper patient consent form and accompanying HIPAA policy. Standards involving the disclosure of PHI to patients themselves are also heavily regulated under the HIPAA privacy rule.

Healthcare professionals are federal mandated to have documented HIPAA policies and procedures that address each aspect of HIPAA regulation. Regulatory standards are outlines in the HIPAA Privacy Rule, the HIPAA Security Rule, the HIPAA Breach Notification Rule, and the Omnibus Rule.

Without proper policies and procedures in place, health care organizations run the risk of HIPAA violations and significant financial penalties.

Introduction to Telehealth Theory & Practice

Enjoy a fast-moving overview of telebehavioral and telemental health. Understand the key points related to telehealth clinical, legal, ethical, technology, reimbursement, social media and other pivotal issues.

Disclaimer: The Telebehavioral Health Institute (TBHI offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to TBHI Privacy Policy and Terms and Conditions.

Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x