The Health Insurance Portability and Accountability Act of 1996 (HIPAA) created a national standard for the protection of certain types of health care information. The U.S. Department of Health and Human Services issued a “Privacy Rule” in 2002 to implement the requirements of HIPAA.

The Privacy Rule limits the circumstances in which individually identifiable health information can be used and disclosed by covered entities (health care insurers, providers and clearinghouses). When a loved one has severe mental illness, family members and other caregivers need to understand what kind of information they can obtain regarding the diagnosis, treatment plan, medications, etc.

HIPAA establishes minimum protections for the release of such protected health information (PHI). Generally speaking, when a state law and HIPAA conflict, HIPAA preempts the state law. However, state laws that prohibit or further restrict the disclosure of protected health information will prevail even if HIPAA would permit the disclosure. Many states have their own laws governing confidentiality – several of which are more stringent than federal law.

When faced with a HIPAA hurdle, it’s important to find out what your state’s law says. IMPORTANT: Providers are not precluded under HIPAA from accepting information from families or others who are knowledgeable about the individual and his or her treatment needs. A good medical provider will want to know all the relevant information available. If your loved one’s provider refuses to listen to your information, contact a supervisor such as the hospital administrator, insist that you be heard, and/or submit written information.