The U.S. Department of Health and Human Services (HHS) Office of Civil Rights has posted a new FAQ which clarifies that the HIPAA Privacy Rule permits disclosures to loved ones regardless of whether they are recognized as relatives under applicable law. Specifically, the FAQ clarifies that the potential recipients of information under the relevant permissive disclosure provisions of 45 CFR 164.510(b) are not limited by the sex or gender identity of the person and can apply to a patient’s family member, relative, guardian, caregiver, friend, spouse, or partner. The FAQ goes on to state that the Privacy Rule defers to a covered entity’s professional judgment in these cases and does not require the entity to verify that a person is a family member, friend, or otherwise involved in the patient’s care or payment for care.
