"Shoot them all and let God sort it out"????

When I read things like this I wonder, why do they need Security or Police, even courts. Arm everyone & let everyone shoot the criminals. Sure as heck will save a lot of money for the state.

Security and Police Are Not In Your Home.

The police are useless when an intruder is in your home. So is security. At that time, the encounter will last about... 10 to 35 seconds. And the 35 seconds will be a protracted firefight.

We have a serious problem in the US with "home invasion" robberies, where one or more attackers forcibly enter the home, terrorize the people inside it, attack / rape / molest / maim and kill them, and then take stuff in the house.

When you have intruders in your home who are looking to do you harm, the police are minutes away. The intruder(s) are already in your home.

Having been required to be certified in HIPAA, I would like to clarify this issue.

Contrary to what many, including a lot of ill-informed news reporters, might believe, HIPAA permits each state (and even local governments) to determine what mandated reporting will be done by healthcare entities operating in that state. As such, the law looks quite different from one state to the next, and that's exactly the way HIPAA was designed. When HIPAA was enacted, most states had their own healthcare privacy laws and the federal government was not interested in changing these, for the most part.

Examples of state mandates include reporting communicable diseases to the state department of health, reporting gunshot wounds to the police, reporting burns to the state fire marshall, etc., etc., etc. The list of legally-mandated "releases" that different states have enacted is almost endless.. They differ from state to state, and they're all quite legal under HIPAA.

The issue with regard to reporting mental illness to the federal gun-check database has not been a HIPAA issue as some like to think. HIPAA fully permits such reporting. This has been a state-by-state issue with respect to state privacy laws. Even now, a number of states report mental illness in one form or another to the federal gun-check database and Missouri will now simply join them.

Incidentally, even though HIPAA is not the issue here, I'll add this general observation about HIPAA. What does control the release of your records to third parties under HIPAA is not HIPAA itself, but the HIPAA-required POLICY STATEMENT AND RELEASE that every patient signs. Typically, these incorporate all state-mandated reporting requirements in one way or another - either by specific reference or general reference ("...and all other legal reporting requirements", etc.).

For instance, here's Columbia Medical Center's policy statement concerning the many forms of New York-mandated reporting/releases that will be done "without your permission": Columbia HIPAA Policy Statement. If New York passes a law tomorrow mandating that mental illness will be reported to the federal gun-check database, you will see simply see this added to this lengthy list of mandatory reporting requirements. That's all there is to it.

You can expect, then, that in Missouri all the hospitals and clinics will be scrambling to update their policy statements to include the new federal reporting that is now required under the new gun law. No doubt there will be a few pestilential test cases, because you can always find some nut who will (mis)represent himself pro se or who will find an equally goofy attorney, but if the law in Missouri is properly crafted they will not prevail.

Gun licensing application forms typically include permission for checking the federal database information, which is HIPAA-compliant in the way it is operated, and this will obviously be signed by the license applicant before any such inquiry is made. When I go to apply for a gun license, I am the one initiating the records check, not someone else. No one just decided one cloudy Thursday to ask for my record...I initiated it by trying to purchase a gun, and I gave permission for the inquiry when I signed the application. As far as HIPAA is concerned, there has been no impermissible release of records because I authorized my records to be released when I signed the application form.

Sec Trainer

I too am certified in HIPPA security - and while I will not be drawn into yet anohter one of your "legal analysis" I will simply say, my point is valid and rooted in clearly established law.

The law Governor Blunt signed is that of S.B. 62, and is very powerful when you read the law. It does however, limit the cause of action to shoot an intruder rather than giving an open-ened cause.

What is surprising to me in this law is that it incorporates "vehicles." I understand the reason; just did not expect it to be right there in black and while print.

Well said and I agree with you 100%.


I have a few questions regarding vehicles and the law in Mo. Being ignorant of Mo. law, how would one carry a weapon, as a citizen, in a vehicle legally being loaded? Does Mo. allow this? I did not think Mo had a ccw law or do they? You sound shocked about this. So it would lead me to think it was illegal.

I looked, but I couldn't find a single HIPPA certification anywhere.

I could, however, find a lot of information about HIPAA.

Missouri does issue CCW permits. I am not familiar with the particulars of vehicles in regards to carrying concealed or how this new law will effect them. You could, however, visit http://www.packing.org/state/missouri/ for summaries of Missouri's laws in regards to concealed carry. Keep in mind that Packing.org is a private Website that is not run by the State of Missouri.

in South Carolina the "castle doctrine" extends the area where there is no duty to retreat to your vehicle. It also states that you cannot be held liable in civil court for any force that you use in self defense. We discussed it in my CWP class. The instructor supported the law but stated that he and a lot of his colleagues (he is a state trooper) do not feel that it will stand once someone actually "uses" the law in their defense; in other words, it has not been tested yet.

Look for HIPAA certification rather than "HIPPA". You'll find a number of cert programs. Some are real professional certs requiring substantial study, during which the student will at least learn that it's "HIPAA", not "HIPPA". See, for instance, the CHP, CHA and CHSS certifications provided by the HIPAA Academy. These are the only certs recognized by the American Hospital Association, incidentally.

Most others so-called "certs" are very superficial 4- and 8-hour courses that are sponsored by hospitals and clinics. These are "awareness" courses that really don't deserve the name "certification". They barely provide a nodding acquaintance with this legislation, let alone touch on the technical (computer security) implementation aspects of it, which almost approach the level of the CISSP cert. Basically, you learn what PHI (personal health information) constitutes and then you're told "don't give out any information to anyone". Bada bing, bada boom, "You're certified". Uh-huh.

I was required to teach these courses from time to time when the hospital IT director was traveling. They were part of the new-employee orientation and everyone took them, including the dishwashers, which gives you an idea what they amounted to. You give out a 20-page pamphlet (with cartoons), take a million breaks to fill up the 8 hours and keep people awake, answer questions like "What if the patient's uncle swears that he has the patient's durable power of attorney for healthcare?"...when you just covered the statement on page 3 that says it doesn't matter what anyone says - NO INFO GIVE-O OUT-O.

Then, the next day, you're walking around the nursing stations to take care of a password issue and you see systems left unattended with a patient's record on the screen...It was truly ditzy.

Mr. Cross, you haven't a clue what you're talking about. First of all you don't even realize that we're not talking about "HIPPA security" or "HIPAA security" but about the HIPAA "Privacy Rule". This is a very different thing from the security provisions of HIPAA.

Second, you don't know even as much about HIPAA as an ordinary individual could learn by simply visiting the government's website and reading up on this subject, so I'll quote from that sourceand enlighten you:

Under the Privacy Rule, many disclosures are allowed without a patient's permission including these (among many others):

"(5) Public Interest and Benefit Activities: The Privacy Rule permits use and disclosure of protected health information, without an individual’s authorization or permission, for 12 national priority purposes. These disclosures are permitted, although not required, by the Rule in recognition of the important uses made of health information outside of the health care context. Specific conditions or limitations apply to each public interest purpose, striking the balance between the individual privacy interest and the public interest need for this information.

Required by Law: Covered entities may use and disclose protected health information without individual authorization as required by law (including by statute, regulation, or court orders).29

Public Health Activities: Covered entities may disclose protected health information to: (1) public health authorities authorized by law to collect or receive such information for preventing or controlling disease, injury, or disability and to public health or other government authorities authorized to receive reports of child abuse and neglect; (2) entities subject to FDA regulation regarding FDA regulated products or activities for purposes such as adverse event reporting, tracking of products, product recalls, and postmarketing surveillance; (3) individuals who may have contracted or been exposed to a communicable disease when notification is authorized by law; and (4) employers, regarding employees, when requested by employers, for information concerning a work-related illness or injury or workplace related medical surveillance, because such information is needed by the employer to comply with the Occupational Safety and Health Administration (OHSA), the Mine Safety and Health Administration (MHSA), or similar state law.30 See OCR “Public Health” Guidance; CDC Public Health and HIPAA Guidance.

Victims of Abuse, Neglect or Domestic Violence. In certain circumstances, covered entities may disclose protected health information to ppropriate government authorities regarding victims of abuse, neglect, or domestic violence.31

Health Oversight Activities: Covered entities may disclose protected health information to health oversight agencies (as defined in the Rule) for purposes of legally authorized health oversight activities, such as audits and investigations necessary for oversight of the health care system and government benefit programs.32

Judicial and Administrative Proceedings: Covered entities may disclose protected health information in a judicial or administrative proceeding if the request for the information is through an order from a court or administrative tribunal. Such information may also be disclosed in response to a subpoena or other lawful process if certain assurances regarding notice to the individual or a protective order are provided.33

Law Enforcement Purposes. Covered entities may disclose protected health information to law enforcement officials for law enforcement purposes under the following six circumstances, and subject to specified conditions: (1) as required by law (including court orders, court-ordered arrants, subpoenas) and administrative requests; (2) to identify or locate a suspect, fugitive, material witness, or missing person; (3) in response to a law enforcement official’s request for information about a victim or suspected victim of a crime; (4) to alert law enforcement of a person’s death, if the covered entity suspects that criminal activity caused the death; (5) when a covered entity believes that protected health information is evidence of a crime that occurred on its premises; and (6) by a covered health care provider in a medical emergency not occurring on its premises, when necessary to inform law enforcement about the commission and nature of a crime, the location of the crime or crime victims, and the perpetrator of the crime.34"

You will find here not one, but two provisions under which a state may, under HIPAA, by law, direct that "covered" healthcare entities shall disclose mental health information to the federal "instant-check" database. First, any disclosure required by statute is allowed. Second, there is the specific provision regarding requirements by law enforcement - not only under the color of specific state statute, but "administrative requests" as well.

You will note that these disclosures are "permitted, but not required". This is how other laws (health, job safety, gun regulation and a million other laws pertaining to healthcare information privacy) which are enacted at all levels of government (but primarily the state level), are very easily accommodated under HIPAA.

So HIPAA both by specific reference and general statement permits all kinds of disclosures and there is nothing, per se, that would prevent Missouri from requiring, by law, that covered entities provide mental health information to the federal database.

I can't help but wonder how many armed security officers in Missouri (for instance, let's say, a "Class A" security officer in Kansas City) might wind up having their weapons taken away from them when their mental health records are disclosed. It's probably a question that's occurred to the Board of Police Commissioners, I daresay. What do you think?

Given the context of the bill, that was a pretty ludicrous statement.

Given the context of the b- hell, that's a great statement.

Regardless of your Legalities debate, as I am unfamiliar with them being on this side of the continent, I like this idea. I believe that one should have the right to defend there property using reasonable force, if that means the person who is unlawfully entering the dwelling capable of grievous bodily harm or death, than the victim should be alowed the same in order to protect themselves.

In regards to a vehicle as I saw mentioned, say the owner/driver of the vehicle was to drive off while being car-jacked or robbed and the bad guy was holding onto the vehicle should fall or be thrown off and suffer GBH or death as the result, then the same should hold true.

Just my opinion, neither situation is plesant and we all want to survive. If someone was to break in to my residence or vehicle (while I was in it) I would fight back hopefully not causing GBH or death.

You raise a good question. To my understanding a citizen is permitted to carry a firearm so long as it is in plain view and can be seen from two different angles, from outside the car.

Notwithstanding this, Mo. does have a concealed weapons right and the law (S.B. 62) does not limit use of deadly force only insofar as your having to be inside the car. The wording used, also appears to authorize deadly force if you are outside the car and the criminal is inside the car, or the criminal is stading outside the car next to you.