Sample Release of PHI to Clergy Policy Posted in Premium Member Section: HIPAA & HITECH Act Blog by Jonathan P. Tomes


As I discussed in my December 21, 2017, blog post, which included a new Sample Media Policy, and my November 28, 2017, post regarding the Department of Health and Human Services (“DHHS”) Office for Civil Rights (“OCR”) updated guidance on release of PHI during man-made disasters, these and natural disasters result in the media, law enforcement, family members, and others seeking information from health care providers about victims. The recent sample media policy provided as a holiday gift covers disclosure of PHI to reporters and others seeking to provide to the public news about victims of such disasters. But what about the clergy who want to provide pastoral services and otherwise comfort victims and their families? The Privacy Rule provides for certain limited disclosures to permit clergy to meet with their parishioners who are in a health care facility to provide pastoral services to them. These disclosures are the following: a patient’s name, general condition, location in the facility, and religious affiliation.

If the pastor’s request does not fall within the guidelines for disclosure, you can always seek the patient’s authorization, as with any other disclosure not permitted under the disclosures for treatment, payment, and health care operations ground or under other grounds not requiring a consent, an authorization, or an opportunity to object.

To ensure that such disclosures are proper, consider adopting a disclosure to clergy policy or a section on such disclosures in your overall release of information/disclosure policy. I have drafted such a policy, and it is available in the Premium Member section of our website at As always, determine whether other federal or state laws prohibit or restrict these disclosures, and make sure that your policy reflects those prohibitions/restrictions.

Heads-up reminder again: We plan to conduct our two-day Hands-on HIPAA workshop in the Kansas City area, at the Baker University campus at Metcalf and College, on Thursday and Friday, March 15–16, 2018. Advance registration for the two-day Hands-on HIPAA workshop is $1,095 through Valentine’s Day, February 14, 2018, and regular registration thereafter goes up to $1,295. Registration includes a Gap Analysis Survey Questionnaire, which we will need for you to fill out and return to us so that we can help you identify where you are in your HIPAA compliance efforts, where you need to be, and exactly how to fill that gap and write a report tailored to your organization. Registration also includes copies of the following books: Your Happy HIPAA Book, The Complete HIPAA Policies and Procedures Guide, with accompanying CD, HIPAA in the Digital Age (forthcoming), and HIPAA Hysteria, perhaps among others. During the two days, you will use your Gap Analysis and our report about it to develop your initial Risk Analysis or update your last year’s version with help from our faculty and our Risk Analysis ToolKit. Then, with more help from our faculty, you will use your completed Risk Analysis and our CD of sample policies and procedures to develop your policies and procedures, required, addressable, and others, tailored to your organization. To help you maintain your stamina during this workshop designed to help you get your organization HIPAA compliant, your registration will also include refreshments during the sessions, two lunches, and a happy hour on Thursday evening, tentatively planned for at a nearby Hilton. We hope to have registration available on our website soon. More exact info to follow, so stay tuned and block out your calendars! Thanks. We look forward to seeing you and to helping you achieve your HIPAA compliance goals. Happy New Year!

seo by: k.c. seo