HIPAA Provider to Provider CommunicationProviders often have a need to communicate with other providers to consult on patient care. HIPAA provider to provider communication is permitted under certain circumstances without prior patient consent.

HIPAA provider to provider communication refers to the communication of a patient’s current providers. It is not permitted to discuss patient information with providers that are not currently treating the patient without written consent from the patient.

HIPAA Provider to Provider Communication Without Patient Consent

HIPAA provider to provider communication is permitted, between a patient’s current providers, without prior consent except for the following:

  • Substance abuse treatment records maintained by a licensed substance abuse program. Substance abuse records in other treatment settings can be disclosed between providers without prior patient consent.
  • Written psychotherapy notes except under specific circumstances. The following are the circumstances in which use or disclosure of psychotherapy notes is permitted without prior consent:
    • To a coroner or medical examiner to identify a deceased person, determine cause of death, or other duties as authorized by law.
    • The use or disclosure is required by law and complies with relevant requirements of the law.
    • For its own training programs in which students, trainees, or practitioners in mental health learn under supervision to practice or improve their skills in group, joint, family, or individual counseling.
    • To defend itself in a legal action or other proceeding brought by the patient.
    • If the covered entity believes the use or disclosure:
      • Is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public; and
      • Is to a person(s) reasonably able to prevent or lessen the threat, including the target of the threat.

However, in addition to federal HIPAA provider to provider communication requirements, there are state regulations as well. There are some instances in which it is permitted to use and disclose a patient’s protected health information (PHI) under the HIPAA regulation, but the state’s laws may prohibit it. Where state laws are stricter than federal regulations, providers must abide by state disclosure requirements.