In July 2012, James Holmes killed 12 people and wounded 70 others in an Aurora, Colorado movie theater pre-meditated shooting.  He was arrested outside the movie theater immediately after the shooting.  Not long after his arrest, the public defender attorneys representing James Holmes began to enter a plea of not guilty by reason of insanity.

James Holmes’ defense attorneys, three psychiatrists hired by his defense attorneys, police investigators, his family members, university administrators, health care professionals, and other investigators found and reported the following facts:  James Holmes had suffered from mental illness since at least age 11 when he tried to commit suicide.  In June of 2011 at the age of 24, James Holmes enrolled as a Ph.D. student of neuroscience at the University of Colorado.  During his one year period of enrollment at the University of Colorado, James Holmes met with three different mental health professionals.  One of these mental health professionals considered placing him on an involuntary mental health hold because of his homicidal thoughts, but she did not.  During his enrollment at the University of Colorado, James Holmes expressed to  a female student that he was dating, his desire to kill people.  He made a similar statement to a male student.

One month prior to the shooting, a University of Colorado psychiatrist Dr. Lynne Fenton believed that James Holmes was mentally ill and possibly dangerous, and at that time she reported to the University of Colorado campus police that James Holmes had made homicidal statements.  During this time, James Holmes purchased a Glock 22 pistol, a Remington 870 Express tactical shotgun, a Smith & Wesson M&P15 rifle, 3,000 rounds for the pistol, 3,000 rounds for the rifle, and 350 rounds for the shotgun.

A few hours before the shooting, James Holmes mailed his notebook which contained all his thoughts and plans about killing people to his psychiatrist Dr. Fenton.  A few minutes before the shooting, James Holmes called an emergency mental health crisis line to try to get help, but the crisis line disconnected him before he could speak to anyone.

In the days and weeks following the shooting, when I heard about the school psychiatrist Dr. Lynne Fenton having told the campus police that James Holmes was mentally ill, possibly dangerous, and that he had made homicidal statements, I thought that she had really stuck her neck out in order to try to prevent murder and tragedy.  At that time, I thought that whatever James Holmes had told her, was bound by doctor-patient confidentiality.  I thought, “Didn’t the campus police understand that the threat from James Holmes was so severe, that the psychiatrist was violating professional rules of conduct in order to let them know that they had to do something?”

Most people have heard about and know about HIPAA, the Health Insurance Portability and Accountability Act of 1996.  What most people know about HIPAA, is that it restricts and prohibits the disclosure of PHI, an individual’s Protected Health Information, which means any part of their medical record.  In my experience working in healthcare, every day, there is always someone accusing someone else of a HIPAA violation, to a ridiculous degree.  For a healthcare worker to go so far as to call the police and give a an individual’s personal identifying information, that is unheard of.  But did you know, that there is a specific law in HIPAA that allows this?  In the whole entire hospital that I worked at, and in this hospital’s parent health care system, no one knew about the following section of HIPAA:

Section 164.512(j):

A covered entity may use or disclose protected health information without the written authorization of the individual, as described in §164.508, or the opportunity for the individual to agree or object as described in §164.510, in the situations covered by this section, subject to the applicable requirements of this section. When the covered entity is required by this section to inform the individual of, or when the individual may agree to, a use or disclosure permitted by this section, the covered entity’s information and the individual’s agreement may be given orally.

(j)Standard: Uses and disclosures to avert a serious threat to health or safety –

(1)Permitted disclosures. A covered entity may, consistent with applicable law and standards of ethical conduct, use or disclose protected health information, if the covered entity, in good faith, believes the use or disclosure:

(i)

(A) Is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public; and

(B) Is to a person or persons reasonably able to prevent or lessen the threat, including the target of the threat; or

(ii) Is necessary for law enforcement authorities to identify or apprehend an individual:

(A) Because of a statement by an individual admitting participation in a violent crime that the covered entity reasonably believes may have caused serious physical harm to the victim; or

(B) Where it appears from all the circumstances that the individual has escaped from a correctional institution or from lawful custody, as those terms are defined in § 164.501.

(2)Use or disclosure not permitted. A use or disclosure pursuant to paragraph (j)(1)(ii)(A) of this section may not be made if the information described in paragraph (j)(1)(ii)(A) of this section is learned by the covered entity:

(i) In the course of treatment to affect the propensity to commit the criminal conduct that is the basis for the disclosure under paragraph (j)(1)(ii)(A) of this section, or counseling or therapy; or

(ii) Through a request by the individual to initiate or to be referred for the treatment, counseling, or therapy described in paragraph (j)(2)(i) of this section.

(3)Limit on information that may be disclosed. A disclosure made pursuant to paragraph (j)(1)(ii)(A) of this section shall contain only the statement described in paragraph (j)(1)(ii)(A) of this section and the protected health information described in paragraph (f)(2)(i) of this section.

(4)Presumption of good faith belief. A covered entity that uses or discloses protected health information pursuant to paragraph (j)(1) of this section is presumed to have acted in good faith with regard to a belief described in paragraph (j)(1)(i) or (ii) of this section, if the belief is based upon the covered entity’s actual knowledge or in reliance on a credible representation by a person with apparent knowledge or authority.

Most readers probably don’t have much interest in reading the above section of HIPAA law.  There are some health care workers, and their attorneys, who might rejoice at finding this section of HIPAA law.  What it means, is that if you are a health care worker, and you are treating a patient that is an imminent threat to you, others, or the public, you can inform security, your supervisor, your department, and even law enforcement if you believe that this is necessary to prevent the imminent threat to a person or the public.