When your patients need mental and behavioral health support, it can be confusing to determine what information you are allowed to share while still ensuring the privacy rights of their protected health information (PHI).
In this article, we’ll summarize how the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule protects mental health information and when exceptions are made.
HIPAA provides patients with invaluable privacy rights and protections with respect to their health information, including important regulations over how their health information is used and disclosed by health plans and health care providers.
HIPAA is designed to protect the privacy of all of an individual’s identifiable health information — including their mental health information — and to ensure that the appropriate details of their health are available when needed for treatment and other purposes (such as billing).
In fact, HIPAA helps increase the likelihood of successful mental health treatment by fostering the therapeutic alliance, or trust, between a mental health provider and patient.
Yes. HIPAA treats mental health information the same as any other protected health information, with few exceptions, such as the necessary disclosure of psychotherapy notes (more below).
Some examples of protected mental health information that may be found in a medical record include:
HIPAA permits health care providers to disclose to other health providers (including mental health providers) any PHI in the medical record about an individual for treatment, case management, and coordination of care.
The one exception to this general rule is for psychotherapy notes, which receive special protections. HIPAA defines psychotherapy notes as “notes by a mental health professional documenting or analyzing a conversation during a private counseling session or a group, joint, or family counseling session and that are separate from the rest of the patient’s medical record.”
Psychotherapy notes are treated differently from other mental health information because they contain particularly sensitive information and because they are the therapist’s own personal notes. Typically, these notes are not required or useful for treatment, payment, or health care operations purposes other than by the mental health professional who created the notes.
HIPAA requires a patient’s authorization prior to disclosing psychotherapy notes for any reason, including a disclosure for treatment purposes to a health care provider.
A significant exception exists for disclosures required by law, such as mandatory reporting of abuse and mandatory “duty to warn” situations regarding threats of serious and imminent harm made by the patient. State laws vary as to whether such a warning is mandatory or permissible, so it is recommended that mental health providers stay up to date with their specific state requirements, in addition to the federal HIPAA regulations.
To summarize, HIPAA regulations permit broad sharing of treatment information without prior authorization by the patient, except that HIPAA only permits the sharing of psychotherapy notes with prior patient authorization.
For additional information about HIPAA and mental health, please visit the Department of Health and Human Services Office of Civil Rights’ Guidance on Sharing Mental Health Information.
If you have additional questions regarding HIPAA and your partnership at SonderMind, please email [email protected].
**Disclaimer: This document is intended for educational purposes only. Please check with your legal counsel or state licensing board for specific requirements.
Also reviewed by Carmen Feldman, SonderMind Legal Counsel