Mental health has always been considered highly sensitive information with added protection for release. However, the Privacy Rule recognizes that there are certain circumstances when it is necessary to share a patient’s mental health information for the purpose of treatment and the safety of the patient and/or others.
The U.S. Department of Health and Human Services (HHS) recently released new guidance on how the HIPAA Privacy Rule operates to protect patient privacy rights with respect to mental health information. In the article, HHS clarifies when it is appropriate for a health care provider to communicate and share protected health information with their patients’ family members, friends or others involved with the patient’s care or payment for treatment and safety purposes.
Ideally, the patient should always be in agreement with the sharing of his/her information but there are situations that allow for the disclosure even if the patient is not in agreement. For example, the provider may notify a patient’s family members of a serious and imminent threat to the health or safety of the patient (or others) if those family members are in a position to lessen or avert the threat.
Another example of when a provider may disclose information is if a patient in not present or is unable to agree or object to a disclosure due to incapacity or emergency circumstances. In this instance, the health care provider is permitted to determine whether disclosing the patient’s information, is in the best interest of the patient.
Once the patient regains the capacity to make choices for himself however, the provider should offer the patient the opportunity to agree or object to any future sharing of his information.
In situations when it is considered inappropriate for the health care provider to share patient information, HIPAA does not prevent him/her from listening to family members or other caregivers who may have concerns about the health and well-being of the patient so the health care provider can factor that information into the patient’s care.
Regardless of the circumstance, any disclosure of protected health information should be limited to the information directly relevant to the person’s involvement in the patient’s care or payment for care.
It is also important to keep in mind that HIPAA permits, but does not require, providers to disclose information in these situations. Health care providers, who are subject to more stringent privacy standards, need to consider state laws to determine whether they would apply under these circumstances.
How does your facility handle the disclosure of mental health information?