45 CFR 164.506 - Uses and disclosures to carry out treatment, payment, or health care operations.

This final rule amends the Clinical Laboratory Improvement Amendments of 1988 (CLIA) regulations to specify that, upon the request of a patient (or the patient's personal representative), laboratories subject to CLIA may provide the patient, the patient's personal representative, or a person designated by the patient, as applicable, with copies of completed test reports that, using the laboratory's authentication process, can be identified as belonging to that patient. Subject to conforming amendments, the final rule retains the existing provisions that require release of test reports only to authorized persons and, if applicable, to the persons responsible for using the test reports and to the laboratory that initially requested the test. In addition, this final rule amends the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule to provide individuals (or their personal representatives) with the right to access test reports directly from laboratories subject to HIPAA (and to direct that copies of those test reports be transmitted to persons or entities designated by the individual) by removing the exceptions for CLIA-certified laboratories and CLIA-exempt laboratories from the provision that provides individuals with the right of access to their protected health information. These changes to the CLIA regulations and the HIPAA Privacy Rule provide individuals with a greater ability to access their health information, empowering them to take a more active role in managing their health and health care.

The Department of Health and Human Services (HHS or “the Department”) is issuing this notice of proposed rulemaking to modify the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule to expressly permit certain HIPAA covered entities to disclose to the National Instant Criminal Background Check System (NICS) the identities of individuals who are subject to a Federal “mental health prohibitor” that disqualifies them from shipping, transporting, possessing, or receiving a firearm. The NICS is a national system maintained by the Federal Bureau of Investigation (FBI) to conduct background checks on persons who may be disqualified from receiving firearms based on federally prohibited categories or State law. Among the persons subject to the Federal mental health prohibitor are individuals who have been involuntarily committed to a mental institution; found incompetent to stand trial or not guilty by reason of insanity; or otherwise have been determined by a court, board, commission, or other lawful authority to be a danger to themselves or others or to lack the mental capacity to contract or manage their own affairs, as a result of marked subnormal intelligence or mental illness, incompetency, condition, or disease. Under this proposal, only covered entities with lawful authority to make adjudication or commitment decisions that make individuals subject to the Federal mental health prohibitor, or that serve as repositories of information for NICS reporting purposes, would be permitted to disclose the information needed for these purposes. This disclosure would be restricted to limited demographic and certain other information and would not include medical records, or any mental health information beyond the indication that the individual is subject to the Federal mental health prohibitor. HHS notes that the Department of Justice (DOJ) has proposed clarifications to the regulatory definitions relevant to the Federal mental health prohibitor. The DOJ proposal is published elsewhere in this issue of the Federal Register . While commenters should consider this proposed regulation in light of the clarifications proposed in DOJ's proposal, we note that those clarifications would not change how this proposed HIPAA permission would operate.

These technical corrections address certain inadvertent errors and omissions in the HIPAA Privacy, Security, and Enforcement Rules that are located at 45 CFR parts 160 and 164.

On January 16, 2013, President Barack Obama announced a series of Executive Actions to reduce gun violence in the United States, including efforts to improve the Federal government's background check system for the sale or transfer of firearms by licensed dealers, called the National Instant Criminal Background Check System (NICS). Among those persons disqualified from possessing or receiving firearms under Federal law are individuals who have been involuntarily committed to a mental institution; found incompetent to stand trial or not guilty by reason of insanity; or otherwise have been determined, through a formal adjudication process, to have a severe mental condition that results in the individuals presenting a danger to themselves or others or being incapable of managing their own affairs (referred to below as the “mental health prohibitor”). Concerns have been raised that, in certain states, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule may be a barrier to States' reporting the identities of individuals subject to the mental health prohibitor to the NICS. The Department of Health and Human Services (HHS or “the Department”), which administers the HIPAA regulations, is issuing this Advance Notice of Proposed Rulemaking (ANPRM) to solicit public comments on such barriers to reporting and ways in which these barriers can be addressed. In particular, we are considering creating an express permission in the HIPAA rules for reporting the relevant information to the NICS by those HIPAA covered entities responsible for involuntary commitments or the formal adjudications that would subject individuals to the mental health prohibitor, or that are otherwise designated by the States to report to the NICS. In addition, we are soliciting comments on the best methods to disseminate information on relevant HIPAA policies to State level entities that originate or maintain information that may be reported to NICS. Finally, we are soliciting public input on whether there are ways to mitigate any unintended adverse consequences for individuals seeking needed mental health services that may be caused by creating express regulatory permission to report relevant information to NICS. The Department will use the information it receives to determine how best to address these issues.