Covered entity healthcare providers may need to use HIPAA interpreters to communicate with a patient. Covered entities may use an interpreter to communicate with a patient (i.e., because the patient speaks another language, is deaf, or is hard of hearing) – without the need for the individual to authorize use or disclosure of PHI – provided certain conditions are met. The rules that permit use of HIPAA interpreters without individual authorization are discussed below.

When May HIPAA Interpreters Be Used?

Covered entities may use and disclose protected health information (PHI) for treatment, payment and healthcare operations without an individual’s authorization.  A covered healthcare provider may need to use interpreter services to communicate with patients who speak a language other than English or who are deaf or hard of hearing. Provision of interpreter services is usually regarded as a healthcare operations function of the covered entity.

When using interpreter services, a covered entity may use and disclose protected health information regarding an individual, without an individual’s authorization, as a healthcare operation. The covered entity may do so, in accordance with the HIPAA Privacy Rule, in the following ways:

◈ When the interpreter the provider uses is a member of the covered entity’s workforce (i.e., a bilingual employee, a contract interpreter on staff, or a volunteer). 

◈ When a covered entity engages the services of a person or entity, who is not a workforce member, to perform interpreter services on its behalf, as a business associate.

◆ A covered entity may disclose PHI as is necessary for the business associate to provide interpreter services on the covered entity’s behalf. 

◆ If a covered entity has an ongoing contractual relationship with an interpreter service, that service arrangement should comply with the Privacy Rule’s business associate agreement requirements.

In addition, a covered healthcare provider may, without individual authorization, use or disclose protected health information to the patient’s family member, close friend, or any other person identified by the individual as his or her interpreter for a particular healthcare encounter. 

HIPAA permits this because in such situations, that interpreter is not a business associate of the healthcare provider. 

As with other disclosures to family members, friends, or other persons identified by an individual as involved in his or her care, when the individual is present, the covered entity may obtain the individual’s agreement or reasonably infer, based on the exercise of professional judgment, that the individual does not object to the disclosure of protected health information to the interpreter. 45 CFR 164.510(b)(2).

For example, if a healthcare provider sees a patient who speaks a language for which the provider has no employee volunteer member of the workforce or contractor who can competently interpret, BUT, later identifies a telephone interpreter service to communicate with the patient, then the provider may contact the telephone interpreter service and identify the language used by the patient, so the interpreter may explain to the patient that the interpreter is available to assist the patient in communicating with the provider. 

If, under such circumstances, the provider:

◈ Reasonably concludes that the patient wants to be assisted by the chosen to be assisted by the interpreter; and

◈ Reasonably infers, from the patient’s willingness to continue the treatment using the interpreter, that the individual does not object to the disclosure,

THEN, protected health information may be disclosed by the provider, in accordance with the Privacy Rule, without a business associate contract.