The Latest on HIPAA: The Gun Check Rule
If you provide care for patients with mental illness, understand the nuances of this final rule.
As of January 6, there’s a new HIPAA final rule. Formally known as the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and the National Instant Criminal Background Check System (NICS) final rule, it’s been nicknamed the “gun check” rule. Effective February 5, 2016 this rule requires an FBI check to determine whether an individual who wants to purchase a firearm from a federally licensed vendor is diagnosed with mental illness.
Note: Parts of this article appeared in Litmos, an online blog.
If your organization is a covered entity that cares for people with mental illness, you need to understand the nuances of the new rule, and be ready to report to the NICS when necessary.
The HIPAA Privacy Rule has been added on to at Section 512 “Uses and disclosures for which an authorization or opportunity to agree or object is not required (k) Standard: Uses and disclosures for specialized government functions, (7) National Instant Criminal Background Check System.”
Per the revised rule:
- If a covered entity orders involuntary commitments or makes other adjudications regarding an individual’s mental health, or that serve as repositories of the relevant data, they are permitted to use or disclose the information needed for NICS reporting of such individuals either directly to the NICS or to a state repository of NICS data.
- If a covered healthcare entity also has a role in the relevant mental health adjudications or serves as a state data repository, it now may disclose the relevant information for NICS reporting purposes under this new permission, even if it’s not designated as a HIPAA hybrid entity or required by state law to report it.
- It does not create an express permission for covered entities to disclose to NICS for reporting purposes the protected health information of individuals who are subject to state-only mental health prohibitors.
If you are a covered entity that must report to the NICS, the preamble states that you must report the data elements the NICS needs to create a record, plus there is more that you’re permitted to share with NICS. The elements needed to create the NICS record are:
- The individual’s name
- The individual’s sex
- The individual’s date of birth
The Federal Mental Health Prohibitor
The federal mental health prohibitor makes individuals ineligible to purchase a firearm because they have been “committed to a mental institution” or “adjudicated as a mental defective.” Department of Justice regulations define these categories to include persons:
- Who have been involuntarily committed to a mental institution for reasons such as mental illness or drug use;
- Have been found incompetent to stand trial or not guilty by reason of insanity; or
- Otherwise have been determined by a court, board, commission, or other lawful authority to be a danger to themselves or others or unable to manage their own affairs as a result of marked subnormal intelligence or mental illness, incompetency, condition, or disease.
- The record documenting the involuntary commitment or adjudication
- The entity from which the record initiated (your business name)
Additional data you may send include the individual’s:
- Social Security number
- State of residence
- Place of birth
- Eye color
- Hair color
These additional elements will help authorities weed out false positives.
The new section in the HIPAA Privacy Rule does not name any data elements outlined above. This gives the covered entity the flexibility to report the data required and requested by the federal government and any state requirements your state may have for your area.
Sue Miller has a 10-page memorandum explaining the new HIPAA final rule in depth. You may contact her at firstname.lastname@example.org or (978) 505-5660.
Latest posts by Guest Contributor (see all)
- Telehealth Services Under Close Inspection - August 9, 2018
- Coding Electrophysiology Studies and Arrhythmia Ablation - August 9, 2018
- 5 Tips to Improve E/M Chart Audits and Provider Education - August 9, 2018