HIPAA Guidance

The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996.  This federal legislation imposes national standards for the control of sensitive health care information.  There has been some confusion among local hospitals and nursing homes in implementing these new standards.  This has resulted in some recent inadvertent denial of patient information to clergy or congregationally sponsored lay visitors (considered clergy under HIPAA).

The following information is presented as guidance for rostered leaders.

Section 164.510 (ii) (A) of the HIPAA regulations direct that clergy visiting parishioners in hospitals or other health care facilities such as nursing homes be given access to the following information:

–   the patient’s name

–   the patient’s location in the health care facility

–   the patient’s condition, described in general terms that do not communicate specific  information about the individual.  This information will be stated as follows (translations are provided):

  • Undetermined: Patient awaiting physician assessment.
  • Good: Vital signs are stable and within normal limits. Patient is conscious and comfortable. Indicators are excellent.
  • Fair: Vital signs are stable and within normal limits. Patient is conscious but may be uncomfortable. Indicators are favorable.
  • Serious: Vital signs may be unstable and not within normal limits. Patient is acutely ill. Indicators are questionable.
  • Critical: Vital signs are unstable and not within normal limits. Patient may be unconscious. Indicators are unfavorable.
  • Treated and Released: Received treatment but not admitted.
  • Treated and Transferred: Received treatment. Transferred to a different facility.

The only exceptions to this information being available to visiting clergy is if the patient has EXPRESSLY REFUSED TO RELEASE THIS INFORMATION by exempting themselves from the hospital or nursing home directory, or if the patient is a minor (in which case a parent or guardian must authorize release of information).

The following procedures are suggested for clergy to gain necessary patient information in the event that the institution challenges access:

1) First effort to gain patient location and information should be through the hospital information desk.  If the admission was through the Emergency Room, first effort should be through the Admissions Clerk in the Emergency Room.

2)  Failing to receive required information from the above sites, clergy should request to speak to the Nursing Supervisor for the facility.

3)  If the Nursing Supervisor refuses to release the required information, the visiting clergy should request to speak with the on-call hospital administrator (all hospitals are required by statute to have an on-call administrator).

4)  In extreme cases facilities may still be hesitant to release allowed patient information to visiting clergy.  In such cases, please contact Bishop Robert Driesen at 570-524-9778 to report the denial.


There has also been some confusion regarding the scope of HIPAA within our congregations.  Questions have arisen whether or not clergy and authorized lay worship leaders can share health information regarding their parishioners with other congregational members.  This action includes such activities as including the parishioner’s name and health conditions in prayer lists.

In simple terms, HIPAA does not apply to churches except in very specific circumstances. HIPAA privacy constraints by statute ONLY apply to “covered entities” under the legislation. Covered entities are “health plans, health care providers, and health care clearinghouses.”  HIPAA does not affect traditional sharing of health information within congregations.

There are several specific exceptions to this, however.  Congregations that have implemented Parish Nurse programs or other community health programs may be considered health care providers under HIPAA.  Those churches should obtain a written authorization from patients before sharing the above basic health status information.

Another exception that applies is if the pastor or other agent of the congregation is a licensed counselor providing services under the auspices of the church.  In such cases information regarding clients, even if it is not related to counseling activities, must be safeguarded under HIPAA.

Finally, health status information gleaned from health care workers who are members of the congregation (e.g., physicians, nurses, technicians, food service employees, etc.) that comes to the pastor or authorized lay worship leader informally may not be shared with the congregation without the express consent of the parishioner.  For example, if Pastor Ann is told by Amy, a registered nurse and member of the congregation, that Mr. Jones was admitted to the hospital with a certain diagnosis then Pastor Ann could not divulge that information without first gaining the approval of Mr. Jones (nurse Amy’s sharing of the information is, of course, a violation of her own professional ethics).

For the most part, then, HIPAA need not impact traditional congregational life, but is an issue that clergy and authorized lay visitors may face.