To keep pace with changing technology and to provide better treatment to the public, U.S. poison control centers have increasingly implemented new ways of communicating with healthcare providers and with patients, including electronic transfer of patient information. Innovation in communication and information sharing raises concerns over patient privacy and compliance with applicable laws. This narrative review analyzes both typical activities and emerging innovations of PCCs in relation to U.S. law and regulation regarding privacy, specifically the Health Insurance Portability and Accountability Act, the Substance Abuse and Mental Health Treatment Act, and the Federal Trade Commission Act. PCCs that are "covered entities" under HIPAA may exchange patient health information with other providers by telephone for purposes of treatment, and certainly during the emergency management of poisonings. SAMHSA regulations, however, limit information that can be shared outside of emergencies without patient consent. The FTC Act prohibits unfair or deceptive trade practices which may in some circumstances involve privacy violations. Text message exchanges between PCCs and patients present particularly difficult privacy challenges under these laws.
Keywords: Health Insurance Portability and Accountability Act; Poison control center; United States Substance Abuse and Mental Health Services Administration; electronic health records; health information exchange; jurisprudence; privacy; text messaging; toxicology.