The Department of Health and Human Services Office for Civil Rights (OCR) moved to clarify further when and how health care providers can disclose mental health information to a patient’s family or caregivers without viewing the the Health Insurance Portability and Accountability Act (HIPAA) as a barrier to doing so.
In guidance, issued as Frequently Asked Questions, OCR emphasized health care providers may share information with a patient’s family and caregivers so long as the patient is present and does not object.
“Where a patient is not present or is incapacitated, a health care provider may share the patient’s information with family, friends, or others involved in the patient’s care or payment for care, as long as the health care provider determines, based on professional judgment, that doing so is in the best interests of the patient,” the guidance notes.
According to the guidance, under the privacy rule, a health care provider may use professional judgment to determine whether a patient is incapacitated and whether disclosure of protected health information (PHI) is in the patient’s best interests at that time.
In those instances, the provider should disclose “only the PHI that is directly relevant to the patient’s care or payment for care,” the guidance says, and the patient should be given the opportunity to consent to further disclosures once he regains capacity.
A health care provider also may disclose patient information to law enforcement, family members, and caregivers despite a patient’s objections “when the provider believes the patient presents a serious and imminent threat to self or others,” the guidance notes.
“Specifically, when a health care provider believes in good faith that such a warning is necessary to prevent or lessen a serious and imminent threat to the health or safety of the patient or others, the Privacy Rule allows the provider, consistent with applicable law and standards of ethical conduct, to alert those persons whom the provider believes are reasonably able to prevent or lessen the threat,” the guidance explains.
The guidance notes many states have statutes or common law requiring a health care professional to disclose patient information to prevent or lessen the risk of harm to the patient or others.
The guidance points out that psychotherapy notes receive special protection under the privacy rule.
“Psychotherapy notes are treated differently from other mental health information both because they contain particularly sensitive information and because they are the personal notes of the therapist that typically are not required or useful for treatment, payment, or health care operations purposes, other than by the mental health professional who created the notes,” the guidance says.
At the same time, a health care provider may disclose psychotherapy notes where “required by law,” including “duty to warn” situations.