How Obama’s HIPAA Modifications for Gun Control Will Impact Health IT

For years, the US has endured a series of disturbing and violent shootings, mainly at the hands of mentally unstable persons. These mass shootings have sparked debate over what the country should do, if anything, to reduce gun violence. No matter which side of the gun control debate you’re on, most rational people will agree that guns should not be getting in the hands of people who have mental health conditions. Rather, those people should be getting help from the many qualified professionals existing in our mental health system. Thankfully, the Brady Gun Law has already been in place but stricter requirements and background checks are clearly needed.

On Jan. 4, the Obama Administration announced their new strategy to reduce gun violence. These actions are mostly focused on closing loopholes, including requiring background checks at gun shows and online, with the ultimate goal to diminish gun violence. The new executive actions, which include a new $500 million investment to help engage individuals with serious mental illness in care, will be a major focus of the mainstream media. For those of us in the health IT world, though, it was an amendment to the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule that will affect us.

While limited in its design, it’s still a step in the right direction. An HHS (Department of Health and Human Services) press release on the final ruling notes, “The new modification is carefully and narrowly tailored to preserve the patient-provider relationship and ensure that individuals are not discouraged from seeking voluntary treatment. This rule applies only to a small subset of HIPAA covered entities that either make the mental health determinations that disqualify individuals from having a firearm or are designated by their States to report this information to NICS – and it allows such entities to report only limited identifying, non-clinical information to the NICS. The rule does not apply to most treating providers and does not allow reporting of diagnostic, clinical, or other mental health treatment information.”

Furthermore, identifying patient information will be needed to complete the background check, and it needs to be made easier and clearer on how HIPAA covered entities can share this data. Obama’s amendment will help accomplish that goal. However, some medical professionals have expressed concern that the change will discourage people from seeking treatment. Indeed, while the patient-provider relationship is one that should certainly be respected, it is more important to potentially save lives by providing these mental health records to the people who need them.

So how do Healthcare IT teams prepare for the new law? While we’re still waiting for further information, medical organizations need to begin to prep their security infrastructures. Access to sensitive information will now need to be made available while still providing security to the overall database. Working with consultants such as Gordian Dynamics, will help your Health organization create and execute a plan that will enable you to be ready for the new laws.