Privacy and Confidentiality of Medical Information
We are committed to maintaining patient privacy and confidentiality.
Unless required by law, subpoena, court order or required confidential reports to the Public Health Department, Student Health Services (SHS) does not release individual medical information without patient authorization/consent. SHS may leave an appointment reminder and similar message (but not actual medical information) on a patient's voice mail unless we have been specifically asked not to do so.
SHS does not share individual medical information with family members, faculty, university administrators or others who are not healthcare professionals involved in the patient's care unless the patient has formally authorized us to do so. In rare circumstances and only as allowed by law, SHS may share medical information without patient authorization if the treating clinician determines that not doing so would present significant danger to the patient or to others.
In accordance with privacy laws and ethical practice, SHS also restricts access to individual medical information within the SHS to staff involved in the patient's medical care on a minimum necessary need-to-know basis. Similarly, SHS might share pertinent medical information with a hospital emergency room or physician when referring the patient for medical care.
SHS does not release medical records sent to us from other medical providers. Patients should direct their requests for the release of such information to the physician or healthcare entity that provided the medical care that created the information the patient wants released.
The patient's informed consent to release medical information is legally limited to circumstances that have already happened. Blanket consent can't be given in advance for circumstances that have not yet occurred. A patient may terminate a consent to release medical information at any time. This must be done in writing. It is not possible for this to apply to records that have already been released as authorized. SHS does not currently bill third parties, so information is not released for this purpose.
Federal Health Insurance Portability and Accountability Act (HIPAA) privacy rules require healthcare providers to define and communicate the methods used to safeguard private medical information. The state of Tennessee has determined that many HIPAA procedures don't apply to university student health centers as currently written. Other, more stringent state and federal privacy laws do apply; however, and SHS follows these regulations and many HIPAA-based privacy and security safeguards.
The federal Family Educational Rights and Privacy Act (FERPA) protects confidentiality of student educational records on campus. Under FERPA, Tennessee medical privacy laws apply to information and records SHS develops and maintains for patient diagnosis and treatment. However, FERPA makes medical records that a student authorizes to have released to campus entities outside SHS for non-treatment purposes become the responsibility of the recipient/s. Such records are protected by FERPA only as educational but not medical diagnosis/treatment records. In this circumstance, FERPA confidentiality protections, though stringent, could allow further access to campus entities that are not a student's medical or mental health providers.