The President and HIPAA
There has been a huge trend over the last couple of days on Google and, I presume, other search engines for ‘Does HIPAA apply to the President?’
The short answer is YES.
The Long Answer
HIPAA affords all patients the same rights and protections, including Presidents. The HIPAA Privacy Rule ‘…establishes national standards to protect individuals’ medical records and other personal health information…’ The Privacy Rule sets limits and conditions how personal health information can be released without the patient’s specific authorization.
One exception specifically addresses this question: ‘…assuring proper execution of a military mission, conducting intelligence and national security activities that are authorized by law, providing protective services to the President…’
This clearly authorizes the release of Presidential healthcare records to the Secret Service, DOD and Intelligence Agencies but NOT to the general public or the media.
Other Questions and Answers:
- Can the president make his healthcare info available or does HIPAA prevent that?
Yes. Patients, including Presidents, may authorize the release of part or all of their Personal Health Information. The HIPAA Authorization process allows patients to authorize healthcare providers to release personal health information for purposes that would otherwise not be permitted by the HIPAA Privacy Rule.
- Is the White House a Covered Entity?
No. The White House is not considered a Covered Entity under HIPAA. The President is being treated by members of the Defense Health Agency and Public Health Service. These agencies would be the Covered Entities, in this example.
- When does the president’s health affect essential government functions?
Respectfully, this question is outside the scope of this topic. I would direct readers to a summary of the 25th Amendment to the Constitution of the United States.
Here are related pages: HIPAA Compliance Services
Bill Richardson, CISA, HCISPP, PMP, HITRUST CCSFP is the Security Practice Leader, vCISO and HITRUST Assessor for Assured SPC. Bill has provided HIPAA Assessment services since 1997.
Assured SPC helps organizations minimize compliance risk and achieve security and privacy requirements and goals. We assist organizations assess, design and implement operational compliance requirements.