OCR Issues Guidance on Mental Health Data Sharing Under HIPAA
March 6, 2014 in News
HHS’ Office for Civil Rights has issued new guidance to clarify how health care providers can share information on patients with mental illnesses without violating HIPAA, Health Data Management reports (Goedert, Health Data Management, 3/5).
According to Health IT Security, there is some confusion among providers and health care organizations about mental health privacy, which could be exacerbated by the meaningful use program’s data sharing requirements.
Under the 2009 federal economic stimulus package, health care providers who demonstrate meaningful use of certified electronic health record systems can qualify for Medicaid and Medicare incentive payments (Ouellette, Health IT Security, 2/21).
Details of Guidance
The six-page guidance covers 13 frequently asked questions regarding when providers should communicate with law enforcement and patients’ family, friends and other caregivers. For example, the guidance clarifies:
- Allowable communications when a patient poses an imminent threat of harm;
- Appropriate communications when a patient is under an emergency psychiatric hold;
- Assessing a patient’s capacity to agree or object to the sharing of their information;
- Communications with other providers, family members and friends for adult and minor patients;
- When to involve others to improve patient medication or treatment adherence; and
- Discussing a patient’s treatment plan with family members (Health Data Management, 3/5).
Overall, the guidance notes that the HIPAA Privacy Rule uniformly applies to protected health information with the exception of psychotherapy notes, which are defined as “notes recorded by a health care provider who is a mental health professional documenting or analyzing the contents of a conversation during a private counseling session or a group, joint or family counseling session and that are separate from the rest of the patient’s medical record” (Health IT Security, 2/21).