When can and cannot a patient’s medical and mental health information be shared with law enforcement?

Some patients with serious mental illness (SMI) may be worried about confidentiality and how information they share with a clinician could be shared with the criminal justice system. A report by the US Department of Health and Human Services offers clarification on how data is classified, how law enforcement can request and use data, and when a provider can share data without consent.

  1. Information such as data on arrests, jail days, and utilization of 911 services collected by a HIPAA covered provider for the purposes of offering care are protected. If this data is used to help inform the treatment and services then it is also considered personal health information.
  2. A covered entity is permitted to disclose PHI in response to a request by a law enforcement official having lawful custody of an individual if the official represents that such PHI is needed to provide health care to the individual or for the health and safety of the individual. Other state laws may apply and there are often stricter standards for sharing substance abuse information. Often, state and local police or other law enforcement agencies are not covered by HIPAA and thus, are not subject to HIPAA’s use and disclosure rules. HIPAA, however, does apply to the disclosure of health information by most health providers to law enforcement.
  3. A provider may disclose PHI for treatment of the individual without having to obtain the authorization of the individual. Treatment includes the coordination of health care or related services by one or more health care providers, including the coordination or management of health care by a health care provider with a third party. A provider may also disclose PHI to such entities with an authorization signed by the individual which in some case may include social services providers for purposes of housing, public benefits, counseling, and job readiness.

Access the resource below for more details.


Data Driven Justice and the Health Insurance Portability and Accountability Act (HIPAA) Frequently Asked Questions (U.S. Department of Health and Human Services (HHS), 2016)

This resource was developed by SMI Adviser content partners and approved by the SMI Adviser clinical expert team for inclusion in the knowledge base.


  • Was this Helpful ?
  • YesNo

Join our #MissionForBetter now

Sign up for our newsletter. We’ll let you know about new resources, education, and more.