In an interview on uses and disclosures of PHI in sensitive cases, MRO’s Rita Bowen, MA, RHIA, CHPS, CHPC, SSGB, discusses common misconceptions about privacy under HIPAA and shares information that all patients need to know.

In recent months, OCR announced its plans to launch an education program on patients’ rights in response to
the national opioid crisis. In their request for information (RFI), which closes for comment on February 12, OCR
has expressed concern that providers and other covered entities (CEs) may be reluctant to inform and involve
the loved ones of individuals facing health crises like opioid use disorder or serious mental illness (SMI) for fear
of violating HIPAA.

The HIPAA Privacy Rule aims to give patients control over how their information is used, while still allowing for
the flow of health information needed to provide and promote quality care and to protect the public’s health
and well-being. Situations involving patients with sensitive conditions like opioid use disorder and SMI can be
difficult to navigate for everyone involved.

So what are the most important things patients need to know about their privacy rights, especially patients with
sensitive conditions like opioid use disorder or SMI? While OCR’s education program is still in development,
covered entities (CE) can help keep patients and their families informed of their privacy rights under HIPAA.
Here, we look at some common misconceptions about privacy under HIPAA and point to the information that all
patients need to know.