We obviously aren’t going to go about calling the police on everyone who we somehow find out has an outstanding warrant. That is not our job. If, however, there is a manhunt going on for a dangerous criminal, then our civic duty is to act. One is not revealing confidential healthcare information, rather one is revealing the location of a fugitive. The fact that the location is a hospital is not the issue.

My reading of HIPAA is that it does not prohibit this disclosure. Was there a state law prohibiting it? Almost undoubtedly not. Worried about a tort? Doing the wrong thing is not usually the best way to avoid the risk of a suit and is not a morally defensible way in any case.

What would make anyone think that security would be an expert on the HIPAA reg? Did anyone in security read the HIPAA reg? I have heard seminars on HIPAA given by people who have never read it.