How HIPAA Law Applies to Mental Health Records

Health Care IT

  • HIPAA Guidelines on Mental Health
  • Congressional Bills Currently Under Discussion
  • Maintaining HIPAA Compliant Technology

HIPAA compliance is fundamental for healthcare companies and the business associates who handle their patient information, but mental health is a special case.

Specific considerations for mental health include:

  • Determining what is acceptable in terms of informing caregivers and family
  • Figuring out how records can be transferred to other practices
  • Understanding whether sharing between providers is allowable.

HIPAA Guidelines on Mental Health

HIPAA discusses the requirements of covered entities related to mental health records. This information is often especially sensitive compared to other health data.

Federal regulations are designed to maintain the security and privacy of information but also aim for transparency when appropriate. HIPAA Privacy Rules state that covered entities can discuss mental health issues directly with loved ones and professionals caring for the patient. Most health institutions might get the help of a HIPAA Compliance Consultant to meet HIPAA regulatory standards to reduce the risk of noncompliance.

Anyone who has suffered from mental health before will know how hard a topic it is to discuss, with those closest to you and those who are trying to help find treatment or counselling sessions (maybe at Counselling Kingston sites similar to Kurated) for you. Because of multiple difficulties, many mental health sufferers make the decision to fight their battle alone.

Most of the time, they may be successful, especially if you try something like these Bluebird Botanical products that have been known to help those who are suffering from anxiety, depression, or stress. When you have found something that works, it is much easier to shy away from your mental health struggles, even to the point where others may not even know that you are struggling. However, this is a huge burden to face alone and could also elevate your financial burden. Luckily, there are various schemes in certain countries like the NDIS (National Disability Insurance Scheme) in Australia that provide patients with mental disorders or disabilities with the required economic help. Also, there are ndis support coordination agencies that help people avail the benefits of such plans.

Things considered, many experts treat patients with mental health problems like depression, taking different approaches. They frequently provide several suggestions for overcoming depressive moods. For instance, counselors tend to advise their clients to speak with their loved ones, go out, find something to do, or engage in outdoor activities. According to studies, being in shape or participating in sports helps with depressive symptoms and lowers the chance of relapsing. In one study, it was shown that a physical workout was just as beneficial as a typical antidepressant therapy in reducing depression. Playing a sport like golf or croquet (learn croquet rules here) makes them focus on the work at hand and put their problems aside. They can relax, calm down, and sleep more comfortably as a result. Sports and outdoor activities, as well as the rules and regulations thereof, can serve as a distraction and provide temporary relief from intrusive thoughts. Another good part is that the patients don’t even have to worry about others learning about their disease because the information is often kept private.

Also, according to the mental-health guidance on the HIPAA site, mental health facilities can ask the patient if it is okay to communicate particular details to people involved in their daily care. Doctors can also inform the patient that they are going to make disclosures, allowing them a chance to say that it’s unacceptable. Another option is that they can “infer from the circumstances, using professional judgment, that the patient does not object,” states the HHS guidelines. “A common example of the latter would be situations in which a family member or friend is invited by the patient and present in the treatment room with the patient and the provider when a disclosure is made.”

It’s also permissible for a covered entity to reveal mental-health details when the patient is absent or unconscious – as long as the patient’s best interests remain the top priority. Also, it’s only acceptable to relay information that specifically applies to the third party’s involvement in billing or the care continuum.

Now, for the most part, mental health and physical health are treated the same under the law. But notes from mental therapy sessions are given specific focus in the regulations.

Notes taken during psychotherapy sessions are considered to be in a different category from the rest of mental health records for two reasons, according to the HHS: “both because they contain particularly sensitive information and because they are the personal notes of the therapist that typically are not required or useful for treatment, payment, or health care operations purposes, other than by the mental health professional who created the notes.”

Healthcare organizations have to get authorization signed for any disclosure of these notes – except for cases in which other laws demand their disclosure, as when the patient admits to harming someone or makes threatening statements. The specific rule is that healthcare providers generally can’t give any information to relatives or caregivers that the patient does not want them to have, but they can do so if there is an imminent threat that third parties might help to mitigate.

Similarly, it’s okay for covered entities to listen to the perspectives of family and others to better design treatment plans. Notes related to those additional perspectives are protected within the law as well.

“[A]ny information disclosed to the provider by another person who is not a health care provider that was given under a promise of confidentiality … may be withheld from the patient if the disclosure would be reasonably likely to reveal the source of the information,” states the HHS.

Congressional Bills Currently Under Discussion

As of June 2015, two bills being discussed in US Congress could change how mental health is handled. First, the Including Families in Mental Health Recovery Act is intended to make it more clear when it’s acceptable to share information and provides $30 million of funds to train relevant parties on what sharing is allowable under HIPAA.

Second, the proposed objective of the Helping Families in Mental Health Crisis Act is to clarify that it’s okay to share protected health information when specific parameters are met:

  • The information that is disclosed is related specifically to diagnosis; courses of treatment; setting dates for visits; or pharmaceuticals and directions for their use. No mental therapy notes can be included.
  • Sharing the information is critical to safeguard the patient or others.
  • Sharing will be helpful in the care the patient receives for additional illnesses.
  • It will improve consistency and quality throughout the care continuum.
  • Failing to disclose the details could lead to additional health problems.
  • Due to the mental condition, the patient is unable to grasp to the doctor’s instructions or could suffer disability if the treatment isn’t completed.

Keep in mind that, as of this writing, both of the above are still moving their way through the congressional process.

“Until any changes are made final,” explained HIT writer Elizabeth Snell, “healthcare providers must keep themselves educated on how to maintain HIPAA compliance while caring for patients being treated for mental health conditions.”

Maintaining HIPAA Compliant Technology

Obviously much of the concern about mental health, as discussed above, has to do with whether or not it’s okay to communicate information to additional parties. Determining what parties have access to information is just one element of the law. The core concern with information itself is the security of IT systems.

That’s our specialty. Our HIPAA compliance-ready solutions provide secure cloud and data center hosting practices to help healthcare providers achieve HIPAA compliance.

By Kent Roberts

Loading Facebook Comments ...
Loading Disqus Comments ...

Leave a Reply

Your email address will not be published. Required fields are marked *