iAn amendment to HIPAA’s privacy rules will allow a limited subset of covered entities (such as, potentially, state agencies) to disclose information to the National Instant Criminal Background Check System (NICS).
The amendment takes effect February 5, 2016, and will be most relevant in those states that do not already require reporting of this information to the NICS. According to a 2014 article from the Washington Post[1], thirty states have passed laws requiring the reporting of this information to the NICS. The amendment will allow the qualified entities that aren’t required by state law to report the information to NICS to do so without violating HIPAA.
This amendment will only apply to a very limited subset of entities that are considered “covered entities” under HIPAA that have lawful authority to make mental health adjudications or decisions of involuntary commitments, or act as designated repositories to collect and report to the NICS the identities of individuals prohibited from possessing a firearm because they are subject to a “[f]ederal mental health prohibitor”. For example, a state health agency may fall within this definition.
An individual is subject to a “federal mental health prohibitor” if he has been:
- Involuntarily committed to a mental institution;
- Found incompetent to stand trial or not guilty by reason of insanity, or;
- Otherwise determined by a court, board, commission or other lawful authority to be a danger to themselves or others or to lack the mental capacity to contract or manage their own affairs; as a result of marked subnormal intelligence or mental illness, incompetency, condition or disease.
The information permitted to be reported by these entities is also very limited. Diagnostic and clinical information from medical records or other sources may not be disclosed. Only the information needed for NICS reporting may be disclosed (such as the name of individual, their date of birth, and their gender).
[1] See here (last accessed January 7, 2016).
