Privacy & Confidentiality of Medical Information
Student Health Services (SHS) is committed to maintaining patient privacy and confidentiality. Unless required by law, subpoena, court order, or required confidential reports to the Public Health Department, SHS does not release individual medical information without the authorization/consent of the patient. SHS may leave an appointment reminder and similar message (but not actual medical information) on a patient's voice mail unless we have been specifically requested not to do so.
Student Health Services does not share individual medical information with family members, faculty, university administrators or others who are not the healthcare professionals involved in the patient's care unless the patient has formally authorized us to do so. In rare circumstances and only as allowed by law, SHS may share medical information without patient authorization if the treating clinician determines that not doing so would present significant danger to the patient or to others.
In accordance with privacy laws and ethical practice, SHS also restricts access to individual medical information within the SHS to staff who are involved in the provision of the patient's medical care on a minimum necessary - need to know basis. Similarly, the SHS might share pertinent medical information with a hospital emergency room or another physician when we refer the patient to them for medical care.
SHS does not release medical records sent to us from other medical providers. Patients should direct their requests for the release of such information to the physician or healthcare entity that provided the medical care that created the information the patient wants released.
The patient's informed consent to release medical information is legally limited to circumstances that have already happened. Blanket consent can't be given in advance for circumstances that have not yet occurred. A patient may terminate a consent to release medical information at any time. This must be done in writing. It is not possible for this to apply to records that have already been released as authorized. SHS does not currently bill third parties, so information is not released for this purpose.
Health Insurance Portability and Accountability Act (HIPAA) privacy rules require health care providers to define and communicate the methods used to safeguard private medical information. The state of Tennessee has determined that many HIPAA procedures don't apply to university student health centers as currently written; however other more stringent state and federal privacy laws do apply, and SHS follows these regulations as well as many HIPAA based privacy and security safeguards.
The Family Educational Rights and Privacy Act (FERPA) protects the confidentiality of student educational records on campus. Under FERPA, Tennessee medical privacy laws apply to information and records SHS develops and maintains for patient diagnosis and treatment purposes. However, under FERPA, medical records that a student authorizes to have released to campus entities outside SHS for non-treatment purposes become the responsibility of the recipient and are protected by FERPA only as educational but not medical diagnosis/treatment records. In this circumstance, the confidentiality protections under FERPA, though stringent, could allow further access to campus entities that are not a student's medical or mental health providers.