HIPAA, Privacy Laws, and Prayer
Non-legal observations (see "Disclaimer"):
In general the following
points apply to churches, privacy laws, and prayer lists:
- HIPAA Privacy Rules
do not generally apply to a church's disclosure of health related
information on prayer lists.
- Generally, churches
were not violating privacy laws / HIPAA before these laws were
- The traditional ways
churches have handled prayer lists usually do not violate privacy
laws / HIPAA
- With regard to
church procedures for handling prayer requests and publishing prayer
lists, the general principles below could apply:
- Although consent
is not legally required in most circumstances, if it is easily
obtainable, then obtain it.
- The church
secretary of staff member would respond when given a prayer
request, "Would you mind if we shared this information with
the congregation?", or, "Would you like us to add you to our
- As a routine
practice, oral consent should be sufficient, unless the
church is disclosing particularly sensitive information
- Less is best -
publish only general and not specific information on prayer
- DO NOT publish
detailed, health related prayer concerns about church employees,
including pastors as separate rules apply to employers releasing
information about employees.
- Most of the time
the following rule will apply when weighing how much information
to publish on a prayer list: If I am in the hospital, how
much detail do I want released about my condition?
- Place any online
prayer lists behind a login on the church website for members only.