Joint Office of the Governor and Office of the New York State Attorney General Guidance to Private and Non-Profit Organizations and Entities

February 18, 2025

I just received the info (below) from the Governor’s Office and the NYS AG’s Office.  See info linked here.

As a reminder, recently the NYS Council hosted a discussion with an attorney from Feldesman Leifer, LLP on the topic of Immigration Enforcement.  That discussion along with documents related to the meeting, are posted on our Website in the Archived Events section. www.nyscouncil.org

To access the materials you need Website credentials (to enter the protected area of our site).  If you need credentials please write to Cindy Levernois, Director, NYS Council Member Support and Communications at:  cindy@nyscouncil.org

In the subject line please type “I need Website credentials’ and Cindy will get back to you within 24 hours.  You should also receive an automated email from the Website once your credentials have been updated.
————————–

Dear Colleagues,

Attached, please find New York State’s Q&A Guidance entitled “Joint Office of the Governor and Office of the New York State Attorney General Guidance to Private and Non-Profit Organizations and Entities,” developed to assist providers in navigating the recent rescission of federal protections for “sensitive locations.” Given the potential for increased enforcement activity within providers and other healthcare facilities, this guidance serves as a resource to support operational preparedness while upholding patient rights and compliance with federal and state privacy laws.

While this guidance addresses important considerations for providers, we wish to highlight the critical importance of protected health information safeguards under the Health Insurance Portability and Accountability Act (HIPAA) and Mental Hygiene Law (MHL) § 33.13. These laws strictly limit the disclosure of patient information, including to federal immigration authorities, absent appropriate legal process. Facilities should remain vigilant in applying these protections, particularly in response to requests for a person’s records or location inquiries (even related to questions of whether person receives services at your organization).

As a reminder, healthcare providers are not required to disclose PHI to immigration officials except under the following circumstances:

  • A valid court order, subpoena, or search warrant—each of which must be signed by a judge—that specifically authorizes disclosure of PHI;
  • A legally executed patient authorization permitting disclosure; or
  • Another applicable legal mandate under state or federal law.

Absent these conditions, under HIPAA and MHL § 33.13, providers are generally prohibited from confirming or denying whether an individual is receiving mental health services.  It is suggested that any inquiries should be referred to the designated facility administrator or privacy officer for appropriate review.  Ensuring that frontline staff are trained on these policies will help mitigate the risk of inadvertent disclosures and reinforce trust with the communities served.

Given the evolving legal landscape, providers are encouraged to review internal policies on law enforcement interactions, revisit staff training programs, and assess response protocols to ensure continued compliance with privacy and confidentiality requirements. 

Providers are encouraged to consult with their legal counsel for any questions or further guidance on these matters. Thank you for your ongoing commitment to patient care and privacy in these matters.