Part 1: Learning About HIPAA (FAQ 6 of 65)

6. Do Children Have Privacy Rights?

The basic answer is that if a child has a right to make a health care decision about himself or herself, then the child has the right to control information associated with that decision. Otherwise, a parent or guardian or person acting in loco parentis can exercise privacy rights on behalf of a child.

To state the rule more specifically, a child can exclusively exercise his or her own privacy rights with respect to a health care service if:

• the child is emancipated;
• the child consents to the health care service and no other consent is needed;
• the child may lawfully obtain the service without a parent's consent; or
• the parent or guardian has consented to an agreement of confidentiality between the child and the health care provider. The legal technicalities can make a big difference here.

In addition, a special rule covers cases where a covered entity has a reasonable belief that the child is a victim of domestic violence, abuse, or neglect. (A covered entity can be a hospital or health care provider required to comply with HIPAA. For more on what is a “covered entity,” see FAQ 9.) The covered entity may decide that it is not in the best interest of the abused child to allow the parent to act on behalf of the child.

It gets more complicated because the HIPAA rule recognizes that States may have other policies governing privacy, health, and children. When state law specifically addresses disclosure of health information about a minor to a parent or guardian, that law preempts (supersedes) HIPAA whether it prohibits, mandates, or allows discretion about a disclosure.

Jump to list of FAQs 1-65 | See all of Part 1