Skip to Content

Tenn. Code Ann. § 68-11-1503 - Confidentiality of Patient Information

Link to the law
This will open in a new window

The name, address and other identifying information of a patient may be released in the following circumstances:

  1. Required reporting to health or government authorities;
  2. Access by a third-party payer or designee for utilization reviews, case management or peer review or other administrative function;
  3. Access by health care providers who treat the patient;
  4. If the patient does not object, any directory information, including the patient’s name, health status, general location, and phone number may be released to all inquirers;
  5. Pursuant to a request by the office of the inspector general or Medicaid fraud unit regarding an ongoing investigation.

The sale of a patient’s name, address or other identifying information is strictly prohibited.

Providers must have a policy limiting the use and disclosure of medical records, images and video or picture used for medical education purposes, even if the patient information is de-identified.  The policy must include circumstances for when such use or disclosure is permissible and when prior written authorization from the patient or patient’s representative is required.

Any violation of these confidentiality requirements will be considered an invasion of the patient’s right to privacy.


Current as of June 2015