HIPAA, Privacy Laws, and Prayer Lists
 |
|
|
|
|
|
|
|
|
|
|
|
|
Non-legal observations (see "Disclaimer"):
In general the following points apply to churches, privacy laws, and prayer lists:
- HIPAA Privacy Rules do not generally apply to a church's disclosure of health related information on prayer lists.
- Generally, churches were not violating privacy laws / HIPAA before these laws were enacted.
- The traditional ways churches have handled prayer lists usually do not violate privacy laws / HIPAA
- With regard to
church procedures for handling prayer requests and publishing prayer
lists, the general principles below could apply:
- Although consent
is not legally required in most circumstances, if it is easily
obtainable, then obtain it.
- The church secretary of staff member would respond when given a prayer request, "Would you mind if we shared this information with the congregation?", or, "Would you like us to add you to our prayer list?"
- As a routine practice, oral consent should be sufficient, unless the church is disclosing particularly sensitive information
- Less is best - publish only general and not specific information on prayer lists
- DO NOT publish detailed, health related prayer concerns about church employees, including pastors as separate rules apply to employers releasing information about employees.
- Most of the time the following rule will apply when weighing how much information to publish on a prayer list: If I am in the hospital, how much detail do I want released about my condition?
- Although consent
is not legally required in most circumstances, if it is easily
obtainable, then obtain it.
- Place any online prayer lists behind a login on the church website for members only.