No, when a covered health care provider uses an interpreter to communicate with an individual, the individual’s authorization is not required when the provider meets the conditions below. Covered entities may use and disclose protected health information for treatment, payment and health care operations without an individual’s authorization, 45 CFR 164.506(c). A covered health care provider might use interpreter services to communicate with patients who speak a language other than English or who are deaf or hard of hearing, and provision of interpreter services usually will be a health care operations function of the covered entity as defined at 45 CFR 164.501.
When using interpreter services, a covered entity may use and disclose protected health information regarding an individual without an individual’s authorization as a health care operation, in accordance with the Privacy Rule, in the following ways:
When the interpreter is a member of the covered entity’s workforce (i.e., a bilingual employee, a contract interpreter on staff, or a volunteer) as defined at 45 CFR 160.103;
When a covered entity engages the services of a person or entity, who is not a workforce member, to perform interpreter services on its behalf, as a business associate, as defined at 45 CFR 160.103. A covered entity may disclose protected health information as necessary for the business associate to provide interpreter services on the covered entity’s behalf, subject to certain written satisfactory assurances set forth in 45 CFR 164.504(e). For instance, many providers including those that are recipients of federal financial assistance and are required under Title VI of the Civil Rights Act of 1964 to take reasonable steps to provide meaningful access to persons with limited English proficiency — will have contractual arrangements with private commercial companies, community-based organizations, or telephone interpreter service lines to provide such language services. If a covered entity has an ongoing contractual relationship with an interpreter service, that service arrangement should comply with the Privacy Rule business associate agreement requirements.
In addition, a covered health care provider may, without the individual’s authorization, use or disclose protected health information to the patient’s family member, close friend, or any other person identified by the individual as his or her interpreter for a particular healthcare encounter. In these situations, that interpreter is not a business associate of the health care provider. As with other disclosures to family members, friends or other persons identified by an individual as involved in his or her care, when the individual is present, the covered entity may obtain the individual’s agreement or reasonably infer, based on the exercise of professional judgment, that the individual does not object to the disclosure of protected health information to the interpreter. 45 CFR 164.510(b)(2).
For example, if a covered health care provider encounters a patient who speaks a language for which the provider has no employee, volunteer member of the workforce or contractor who can competently interpret, but then is able to identify a telephone interpreter service to communicate with the patient, the provider may contact the telephone interpreter service and identify the language used by the patient, so that the interpreter may explain to the patient that the interpreter is available to assist the patient in communicating with the provider. If the provider reasonably concludes that the patient has chosen to be assisted by the interpreter, and, by the patient’s willingness to continue the health care encounter using the interpreter, reasonably infers that the individual does not object to the disclosure, protected health information may be disclosed in accordance with 45 CFR 164.510(b) without a business associate contract.
Organizations that are subject to both HIPAA and Title VI must comply with the requirements of both laws, though not all HIPAA covered entities are recipients of federal financial assistance and thus, required to comply with Title VI; and not all recipients of federal financial assistance are also HIPAA covered entities, subject to the Privacy Rule. For information about the obligation of recipients of federal financial assistance to take reasonable steps to provide meaningful access to persons who are limited English proficient, see Guidance to Federal Financial Assistance Recipients Regarding Title VI Prohibition Against National Origin Discrimination Affecting Limited English Proficient Persons. This guidance includes information for recipients of federal financial assistance about important considerations for determining the competency of interpreters, such as their understanding of applicable confidentiality requirements, that should be taken into account when using interpreters arranged by the provider or when individuals elect to use friends, family or others as interpreters. HIPAA covered entities may also be required to comply with the Americans with Disabilities Act and/or Section 504 of the Rehabilitation Act of 1973, both of which have requirements for the provision of sign language and oral interpreters for people who are deaf or hard of hearing.