Facility Directories Under HIPAA - Letting People Know You’re in the Hospital

Description

Under the HIPAA Privacy Rule, hospitals and other covered health care providers can maintain and use facility directories to share very limited patient information with others when asking about a patient by name.  This provision balances the federal law’s core goal (protecting patient privacy) with the very practical need for families, friends, and clergy to locate patients and receive basic status updates.

A facility directory typically contains a patient’s name, general location within the facility (such as ward, room), general health condition, and, at some hospitals, religious affiliation (which may be disclosed only to clergy).  The information is intentionally very limited:  it must not include specific medical details or other protected health information (PHI) that could meaningfully reveal clinical conditions beyond general status descriptors like “stable,” “critical,” or “recovering.”

For a hospital to include a patient in the directory, the patient must be informed about what information will be listed, how it may be shared, and must be given a meaningful opportunity to opt out or restrict disclosure.  This basic notification can be done orally or in writing, and patients have the right to decline inclusion or limit what details are shared.  If the patient objects, directory information should not be disclosed.  So, if you are a rock star or politician, you have the right to opt out of the facility directory.

HIPAA does not require patients to opt in before basic directory information can be shared, but it does require that they be given the opportunity to decline.  Covered entities must respect these preferences, ensuring that inclusion in the facility directory only proceeds with patient awareness and without objection.
 
HIPAA also permits hospitals to notify family members, personal representatives, or others responsible for the patient’s care about the patient’s presence, general condition, or death.  Under 45 CFR 164.510(b), covered entities may make such notifications if the patient agrees, does not object, or if the provider reasonably infers a lack of objection based on professional judgment.  These allowances also extend to situations when the patient is incapacitated or unavailable, as long as disclosing this basic information is determined to be in the patient’s best interest.

Overall, facility directories under HIPAA are a controlled exception to the rule’s strict privacy protections.  They allow essential information to flow to those who need it—such as family, friends, clergy, and other support persons—while upholding patients’ rights to privacy and choice.

Areas Covered in the Session

• What a facility directory is and why it exists
• Types of information a directory can include
• Patient notification and opt out rights before listing
• Who may receive directory info and when
• Restriction on use of specific medical details
• Use of professional judgement
• Bonus:  How Rock Stars and Politicians Navigate the Issue of the Facility Directory

Why should you Attend?

This webinar is designed for those who want to learn more about how HIPAA applies to hospital operations, specifically medical directories.