By Randle S. Davis and William F. Maxwell
(This article is intended to be a brief, but informative overview of a growing concern about prayer requests and privacy.)
The issue of prayer and privacy is a growing concern among churches and other religious organizations that disseminate individual prayer requests through prayer lists. Much of the concern can be traced back to the implementation of the federal law known as the Health Insurance Portability and Accountability Act (HIPAA). As strange as it may sound, this law that was intended to improve the portability and continuity of health insurance, among other things, also instituted restrictions on the patient information that health care providers can share. This began a movement towards privacy that has impacted many areas of daily life, including churches praying for specific needs within their congregation.
For the record, HIPAA only applies to hospitals and other health care providers that conduct certain financial and administrative transactions electronically. Therefore, churches are NOT subject to the HIPAA provisions. However, the American jurisprudence system has a history of broadening principles from one area of the law to another. It is reasonable to expect that American society will begin to expect that dissemination of medical information from any institution violates a person's privacy and is as such illegal. Because of this expectation, in the future, the principles of the HIPAA law may be expanded either through court decisions or further congressional action. Therefore, churches should be aware of this trend and develop policies and procedures that encourage the appropriate sharing of prayer needs, while protecting the privacy of congregants, their extended families and community members.
Churches can bolster their positions with respect to potential invasion of privacy claims and possible legal action by developing policies and procedures for the receipt and distribution of prayer concerns related to individuals. Such a policy would include the following:
1) Required authorization for the dissemination of information on an individual
2) Scope of information that the Church will disseminate about an individual
3) Means through which individual information will be disseminated
4) Audiences that may receive various levels of information
5) How and where information will be retained
Authorization may come either through direct consent or implied consent. When an individual submits a prayer request for himself directly to the church that is considered direct consent. The individual may request that the specifics of the request be shared at any number of levels within the church, as defined by the church policy. Implied consent includes the church regularly informing the membership of the church policy on prayer requests and that unless otherwise notified by members, prayer requests received in this fashion shall be disseminated according to the policy. The policy should address prayer requests received from third parties. In either case, the church should have established procedures that document the request, the person providing the information, and any dissemination restrictions or instructions.
Common sense should dictate the scope of information disseminated. Generally, sharing the name of the person and general information (e.g. having surgery, is sick or ill, recuperating from recent procedure, etc.) should be the maximum amount of information disseminated to the broadest audience. In most instances, ministerial staff may need more detailed information (e.g. hospital location, surgical times, type of illness, etc.) and often more details will be shared in Sunday School classes or small prayer groups. However, official dissemination from the church should be simplified. Remember, the Lord already knows the details. The congregation just needs the basics to begin praying.
The policy should define the means through which prayer requests will be disseminated. In today's technological age, the speed at which information can be spread is unlimited. This was a primary concern in the development of the HIPAA law. Churches should inform membership on a regular basis along with anyone requesting placement on a prayer list, the ways in which their request is shared with various audiences in the church. These may include, Sunday bulletin, Wednesday night prayer list, Church prayer wall, website prayer list, e-mail prayer gram, etc. The broader the scope of the dissemination means the narrower the scope of specific information that should be included.
Likewise, individuals should be informed of the various audiences that will have access to the information. Information posted to a website or sent through e-mail has the possibility of worldwide distribution. Therefore, great care should be taken in limiting the disclosure of specific information through these means. However, individuals may want ministerial staff to have more detailed information on specific conditions and statuses.
Churches should protect themselves by maintaining good records on the source of information for prayer concerns. Therefore, the procedure for maintaining these records should be included in the development of the policy. Who will keep these records, where will they be kept, how long will they be kept, and how will they be destroyed are all-important issues.
Intercessory prayer is a central function of the Church and should never be abandoned for fear of legal retribution. However, churches can help themselves and ultimately their prayer ministry by developing common sense policies and procedures that encourage members and others to share needs. This will happen when churches effectively communicate to the congregation appropriate information that does not violate any individual's sense of privacy.