The U.S. Department of Health and Human Services (HHS) has released new guidance explaining how the HIPAA Privacy Rule operates to protect individuals’ privacy rights with respect to their mental health information and in what circumstances the Privacy Rule permits health care providers to communicate with patients’ family members and others to enhance treatment and assure safety.
The guidance published today addresses some of the more frequently asked questions about when it is appropriate under the Privacy Rule for a health care provider to share the protected health information of a patient who is being treated for a mental health condition. The HHS Office for Civil Rights clarifies when HIPAA permits health care providers to: communicate with a patient’s family members, friends, or others involved in the patient’s care, depending on whether the patient is an adult or a minor; and consider the patient’s capacity to agree or object to the sharing of their information. In addition, the guidance further clarifies how providers may communicate with family members, law enforcement, or others when the patient presents a serious and imminent threat of harm to themselves or others.
The guidance also provides relevant reminders about related issues, such as the heightened protections afforded to psychotherapy notes by the Privacy Rule, a parent’s right to access the protected health information of a minor child as the child’s personal representative, the potential applicability of Federal alcohol and drug abuse confidentiality regulations or state laws that may provide more stringent protections for the information than HIPAA, and the intersection of HIPAA and FERPA in a school setting.
The complete guidance is available at http://www.hhs.gov/ocr/privacy/hipaa/understanding/special/mhguidance.html
HIPAA FAQs are available at http://www.hhs.gov/ocr/privacy/hipaa/faq/index.html