Protecting Information10/29/2022 2022-11-16 19:20
How We Protect Your Information (HIPAA Policy)
It’s an honor to have you as our patient, and we take handling your sensitive information with the utmost care and privacy as one of our core promises to you.
If you have any questions about how your information is handled, please contact our office at 720-222-0550 and ask for our Executive Director, Sara Short. She’ll be glad to hear your questions and answer them.
What is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 to:
- Protect patients’ confidential health information;
- Allow American workers and their families to continue or transfer their health insurance coverage when they change jobs;
- Reduce healthcare fraud and abuse; and
- Create an industry-wide standard for healthcare billing and other processes.
HIPAA’s Privacy Rule creates national standards to protect patients’ individually identifiable health information, which it refers to as protected health information (PHI). PHI is any information that relates to:
- the individual’s past, present, or future physical or mental health or condition;
- The provision of healthcare to the individual; or
- The past, present, or future payment of health care to the individual,
In other words, health information, if coupled with common identifiers such as the patient’s name, address, or birthdate, must remain private and in the confines of the clinic.
The Privacy Rule exists to create a trusting environment between patients and their caregivers. A clinician cannot disclose PHI unless the patient consents or an exception applies.
There may be times when health care providers are required to share mental and behavioral health information to enhance patient treatment and to ensure the health and safety of the patient or others. The Privacy Rule, added to this legislation in 2000, set further standards to prevent inappropriate use or disclosure of protected health information. Importantly, it also:
- Clarified when therapists and counselors were able to share treatment information with other care providers and a client’s family members.
- Made provisions to allow therapists and counselors to keep psychotherapy notes separate and confidential.
This is relevant for the mental health profession since privacy concerns may act as a barrier to many individuals who might otherwise seek help.
Therapists are allowed to discuss information that’s relevant to a person’s care with other members of their health care team. This wouldn’t include information from psychotherapy notes or any information about substance abuse treatment from a licensed treatment program.
It’s important to note that HIPAA requirements provide that a therapist (or other health care provider) must protect the information of the person they’re working with, but it’s always permitted for family members and loved ones to share information about a person’s mental health with the care provider.
Provisions under HIPAA allowing therapists to communicate certain information can help therapists, doctors, and family members collaborate on treatment, which can lead to improved, more supportive care.
It should be noted that under HIPAA, health care professions such as therapists may share pertinent information (information directly related to treatment) with people involved in a person’s care if the person in treatment:
- Has agreed.
- Has been given an opportunity to object and has not objected.
- Has indicated they don’t object by bringing a partner to treatment or having a parent help schedule sessions and pick up prescriptions.
- Is unconscious, delirious, experiencing psychosis, intoxicated, or otherwise incapable of making decisions.
In additional circumstances, HIPAA allows for the release of PHI. In these situations, rule-makers acknowledge that the benefits of releasing protected information may outweigh the drawbacks. Permitted disclosures include those that:
- Prevent imminent harm. A healthcare provider may release PHI as necessary to prevent a serious imminent threat to the health or safety of a person or the public. However, the provider should disclose the minimum amount of information necessary and only disclose PHI to someone capable of reducing the risk of harm, such as the target of the harm or law enforcement personnel.
- Facilitate treatment, payment, and healthcare operations. A provider can disclose PHI for treatment and payment. For example, a physician can discuss a patient’s treatment with other treatment team members or release PHI to train employees.
- Are required by law, including specific state regulations or court orders that mandate disclosure of PHI.
Laws specific to minors
MINORS AND OUTPATIENT MENTAL HEALTH SERVICES
- A mental health professional (as defined by this statute) may provide psychotherapy services (as defined) to a minor 12 or older, if the mental health professional determines that: (1) the minor is knowingly and voluntarily seeking such services, and (2) the provision of psychotherapy services is clinically indicated and necessary to the minor’s well-being. Colo. Rev. Stat. §. 12-45-203.5.
- The mental health professional providing services under Colorado statute 12- 43-202.5 may notify the minor’s parent or legal guardian of the psychotherapy services given or needed, with the minor’s consent, or, with the consent of the individual who a court has ordered holds the minor’s therapeutic privilege, unless notifying the parent or legal guardian would be inappropriate or detrimental to the minor’s care and treatment. The mental health professional shall engage the minor in a discussion about the importance of involving and notifying the minor’s parent or legal guardian and shall encourage such notification to help support the minor’s care and treatment. The mental health professional may notify the minor’s parent or legal guardian of the psychotherapy services given or needed with the minor’s consent, if in the professional opinion of the mental health professional, the minor is unable to manage the minor’s care or treatment. Colo. Rev. Stat. § 12-45-203.5.
- Minors 15 Years or older may consent to receive mental health services to be rendered by a facility or a professional person. Colo. Rev. Stat. § 27-65-103(2).
When a minor consents for their own health care, the HIPAA Privacy rule states that a parent or guardian’s right to inspect the related medical records depends on state and other federal law. 45 C.F.R. § 164.502(g)(3)(ii). If there is nothing in state or other law, including case law, specifying whether or not a parent may have access to the information, a health care provider may provide or deny access to a parent or guardian as long as that decision is consistent with state or local law, and the decision is made by a licensed health care professional exercising his or her professional judgment. 45 C.F.R. §§ 164.502(a)(1)(i)&(iv); (a)(2)(i); (g)(1); (g)(3)(i); (g)(5). © 2019 National Center for Youth Law.