4 Things You Can Tell The Police Without Violating HIPAA

HIPAA Rules. Is there anything in medicine that is more commonly misunderstood?Aurora truck by sRose17 via flickr

I was recently involved in a pretty tense scene where several drunk friends tried to assist in the resuscitation of their drunk, half drowned buddy. By the time we were done, there were multiple patients, multiple TASER deployments and several of our local law enforcement officers requesting written statements from all crew members involved. While we sat around the E.R. break room, filling out forms in triplicate, the predictable HIPAA question was asked.

What can we say in this statement? Can I just write, “Information protected by HIPAA?”

The short answer is, no. It isn’t professional or cooperative to simply throw up the HIPAA flag as soon as a law enforcement officer requests information about your medical scene. And it’s also incorrect. There is a bunch of information that you can legally provide to the police.

1) Any information that your state laws requires you to disclose.

State laws often include provisions that require EMS to disclose information regarding certain types of situations and medical conditions. In many states, you are required to tell the police about stab wounds, gunshot wounds, assault wounds, child abuse and elder abuse. These disclosures aren’t necessarily related to physical injuries. Know what types of information disclosures your state mandates. None of these disclosures are a violation of HIPAA. If your state requires the disclosure, you can speak freely with police about the injuries or wounds, the identity of the patient and the identity of the possible assailant.

2 ) Any information that a police officer overhears during the course of routine care.

We sometimes get this idea that it is our job to sequester the patient to a private area before we ask any questions or perform any assessments. It isn’t our job to prevent information from being passed from the patient to police officers. We aren’t there to inhibit the police from doing their job. You can ask the patient any question in the presence of a police officer. You can allow the police to search and question your patient.

You are not the patients law enforcement shield. Information that passes from the patient OR the care provider to the police during routine care is considered an incidental disclosure.

3) Any information specifically regarding the commission of a crime.

HIPAA is intended to protect the patients personal medical information. It isn’t intend to protect them from prosecution for a crime. It also isn’t intended to prevent the collection of evidence of a crime. This is an important and often misunderstood facet of HIPAA. If you have evidence regarding the commission of a crime, you can tell the police what you know. That includes the location of the crime and the description and location of the perpetrator. (Even if they are your patient.)

You are also allowed to respond to any official law enforcement inquiry as long as the information requested is, “relevant and material to a legitimate law enforcement inquiry.”

4) Any information requested by a court order.

During a recent presentation by Doug Wolfberg to the Denver Metro Physicians group, he asked what the group thought was the most typically enforced HIPAA infraction? Every guess had something to do with the accidental or purposeful disclosure of protected medical information. None of the guesses were even close. The most common HIPAA infraction is not providing information to parties when agencies are legally obligated to do so.

To date, HIPAA governed agencies have paid far more fines for NOT releasing information than they have for improperly releasing information. If the court has ordered the release of medical documentation, we are legally obligated to release the subpoenaed information. Do so completely, accurately and without delay.

When it come to releasing information about the commission of a crime. EMS providers are fairly well protected under HIPAA. Don’t feel like you need to clam up when police officers want information about criminal activity. Chances are, the information you are providing is perfectly legal.


  1. Fantastic article, a must-read. Most medics aren’t aware of point number two, so thank you for clarifying things. 🙂

  2. Um, great article but where are links to HIPAA guidelines, references or citations. Was this article written by a medical attorney, reviewed by any HIPAA related government official. Without additional background information, this article sounds good and is eloquently written but has not supporting backup to actually confirm that what is being said is actually factual. Additionally, it would appear that hospitals are willing to pay HIPAA violation fines so that they don’t get a reputation for disclosing patient information to the police at the drop of the hat. Without providing links to actual HIPAA sections and/or a vetted review of this article by an authorized HIPAA representative, then one may be opening themselves and their employer up to HIPAA violations and saying that you read on a website that it was ok may not hold up in the long run. Please provide additional background information regarding the above mentioned claims. Thank you.

  3. I think it’s important to note while it’s not your job to protect your patients from the police, you do have a duty to their health. Having the police present while you question your patient may prevent them from disclosing information necessary to treat them. An example of such information would be illegal drug use.

    Please remember that first and foremost you have a duty to your patient to perform, the police can question them after you’ve finished your assessment.