Strategies for Electronic Exchange of Mental Health Records



Similar documents
Strategies for Electronic Exchange of Substance Abuse Treatment Records

PCPCC National Briefing/Webinar

Patient Any person who consults or is seen by a physician to receive medical care

Notice of Privacy Practices

NOTICE OF PRIVACY PRACTICES

How To Protect Mental Health Information In Upb

NOTICE OF PRIVACY PRACTICES

GONZABA MEDICAL GROUP PATIENT REGISTRATION FORM

MEDICAL RECORDS ACCESS GUIDE IOWA

NOTICE OF PRIVACY PRACTICES

DISCLOSURE OF ALCOHOL AND SUBSTANCE/DRUG ABUSE RECORDS. This Policy describes permissible disclosures of Alcohol and Substance/Drug Abuse Records.

GENERAL ASSEMBLY OF NORTH CAROLINA SESSION 2011 S 1 SENATE BILL 375. Short Title: Facilitate Statewide Health Info. Exchange. (Public) March 21, 2011

University of Wisconsin-Madison Policy and Procedure

Jerry M. Ruhl Ph.D. Clinical Psychologist (Texas #34359) 5200 Montrose Blvd. Houston, TX 77006

MEDICAL RECORDS ACCESS GUIDE MICHIGAN

NOTICE OF PRIVACY PRACTICES

HIPAA Policy Use and Disclosure of Protected Health Information November 3, 2015

BUSINESS ASSOCIATE AGREEMENT ( BAA )

FIREARM OWNER IDENTIFICATION (FOID) PROGRAM REPORTING REQUIREMENTS

LIVING WILL AND DURABLE POWER OF ATTORNEY FOR HEALTH CARE

UNIVERSITY PHYSICIANS OF BROOKLYN, INC. POLICY AND PROCEDURE. No: Supersedes Date: Distribution: Issued by:

Parsonage Vandenack Williams LLC Attorneys at Law

Sarasota Personal Medicine 1250 S. Tamiami Trail, Suite 202 Sarasota, FL Phone Fax

JEWISH FAMILY SERVICE NOTICE OF PRIVACY PRACTICES

HIPAA Privacy Rule CLIN-203: Special Privacy Considerations

NOTICE OF PRIVACY PRACTICES UNIVERSITY OF CALIFORNIA DAVIS HEALTH SYSTEM

NOTICE OF HIPAA PRIVACY AND SECURITY PRACTICES

Understanding Your Health Record Information

IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy Use and Disclosure of Psychotherapy Notes 10130

BUSINESS ASSOCIATE AGREEMENT

The Health and Benefit Trust Fund of the International Union of Operating Engineers Local Union No A-94B, AFL-CIO. Notice of Privacy Practices

HIPAA. The Privacy Rule. what you need to know now. A primer for psychologists

ADULT REGISTRATION FORM. Last Name First Name Middle Initial. Date of Birth Age Identified Gender. Street Address. City State Zip Code

NOTICE OF PRIVACY PRACTICES TEMPLATE. Sections highlighted in yellow are optional sections, depending on if applicable

State of Connecticut Department of Social Services HIPAA Policies and Procedures Manual

MERCY HEALTH MEDICAL TRANSPORTATION SERVICES PRIVACY NOTICE Revised Notice Effective Date: September 23, 2013

HIPAA NOTICE OF PRIVACY PRACTICES Woodlands Behavioral Healthcare Network (WBHN)

NC General Statutes - Chapter 90 Article 29A 1

BILLING INFORMATION AND ASSIGNMENT OF BENEFITS

ELECTRONIC HEALTH RECORDS

We are required to provide this Notice to you by the Health Insurance Portability and Accountability Act ("HIPAA")

HIPAA NOTICE OF PRIVACY PRACTICES

MEDICAL POWER OF ATTORNEY AND HIPAA RELEASE THE STATE OF TEXAS KNOW ALL MEN BY THESE PRESENTS COUNTY OF WALKER

DETAILED NOTICE OF PRIVACY AND SECURITY PRACTICES OF THE Trustees of the Stevens Institute of Technology Health & Welfare Plan

POLICY NUMBER B JULY 8, 2014

BUSINESS ASSOCIATE AGREEMENT

Kiran Mishra, Ph.D. Licensed Clinical Psychologist. Sugar Land, TX (832) TEXAS NOTICE FORM

NOTICE OF PRIVACY PRACTICES

Harris County - Texas HIPAA Notice of Privacy Practices

Release of Medical Records

HIPAA IN A NUTSHELL: A Synopsis of How the HIPAA Privacy Rules Impact Ex Parte Communications. By Larry A. Golston, Jr.

JOINT NOTICE OF PRIVACY PRACTICES Cumberland County Hospital System d/b/a Cape Fear Valley Health System

MAIL: Recovery Center Missoula FAX: Wyoming St. OR ATTN: Admissions Missoula, MT ATTN: Admissions

HIPAA HITECH PA Physician Practices

NOTICE OF PRIVACY PRACTICES

Minor Rights: Access and Consent to Health Care

NOTICE OF HEALTH INFORMATION PRIVACY PRACTICES (HIPAA)

GENOA, a QoL HEALTHCARE COMPANY, LLC WEBSITE PRIVACY POLICY

HIPAA Omnibus Notice of Privacy Practices Effective Date: March 03, 2012 Revised on: July 1, 2015

Practices. Effective Date: 4/2003.Revised.11/2014

Dale C. Godby, Ph.D., ABPP, CGP 6330 LBJ Suite 150 Dallas, Texas

NOTICE OF PRIVACY PRACTICES

New Developments in Safeguarding Protected Health Information During 2014

Disability Insurance Claim Packet Instructions. Your Disability Benefit Claim. The Standard Benefit Administrators. How To Apply For Benefits

HIGHMARK BLUE CROSS BLUE SHIELD DELAWARE NOTICE OF PRIVACY PRACTICES PART I NOTICE OF PRIVACY PRACTICES (HIPAA)

Maintaining the Privacy of Health Information in Michigan s Electronic Health Information Exchange Network. Draft Privacy Whitepaper

BUSINESS ASSOCIATE AGREEMENT

HIPAA Business Associate Agreement

OFFICE OF CONTRACT ADMINISTRATION PURCHASING DIVISION. Appendix A HEALTHCARE INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPPA)

Notice of Privacy Practices. Introduction

DALLAS ALLERGY & ASTHMA CENTER

HIPAA BUSINESS ASSOCIATE AGREEMENT

NOTICE OF PRIVACY PRACTICES

Business Associate Agreement Involving the Access to Protected Health Information

HIPAA, Minnesota s Health Records Act, and Psychotherapy Notes

HIPAA Privacy and Business Associate Agreement

Effective Date: March 23, 2016

ACKNOWLEDGMENT OF RECEIPT OF NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES

Ann Dunnewold, Ph.D., 2012

NOTICE OF PRIVACY PRACTICES. The University of North Carolina at Chapel Hill. UNC-CH School of Nursing Faculty Practice Carolina Nursing Associates

Neither You Nor Your Business Associates Can Afford to be Lax About Complying with HIPAA Requirements

HIPAA and Mental Health Privacy:

Central Maine Healthcare

Disability Insurance Claim Packet Instructions. Your Disability Benefit Claim. How To Apply For Benefits

UNITED CEREBRAL PALSY OF NORTHWEST MISSOURI NOTICE OF PRIVACY PRACTICES EFFECTIVE DATE: OCTOBER 22, 2014

North Florida Medical Centers, Inc. Notice of Information Practices

ADVANCE DIRECTIVE. A LIVING WILL A Directive To Withhold Or To Provide Treatment. A Durable Power Of Attorney FOR HEALTH CARE

ARTICLE 4.4. ADDICTION TREATMENT SERVICES PROVIDER CERTIFICATION

Tulane University. Tulane University Business Associates Agreement SCOPE OF POLICY STATEMENT OF POLICY IMPLEMENTATION OF POLICY

Salt Lake Community College Employee Health Care Benefits Plan Notice of Privacy Practices

The Northern Lakes CMH Recipient Rights Officer is designated as the Substance Abuse Program Recipient Rights Advisor.

HIPAA RISKS & STRATEGIES. Health Insurance Portability and Accountability Act of 1996

NOTICE OF PRIVACY PRACTICES

Client Intake Information. Client Name: Home Phone: OK to leave message? Yes No. Office Phone: OK to leave message? Yes No

ACKNOWLEDGEMENT OF RECEIPT OF WESTERN DENTAL S NOTICE OF PRIVACY PRACTICE

Population Health Management Program Notice of Privacy Practices

BUSINESS ASSOCIATE AGREEMENT

NOTICE OF PRIVACY PRACTICES Walter Chiropractic Clinic, 5219 Peters Creek Rd Ste 5, Roanoke VA 24019

Public Act No

Transcription:

Strategies for Electronic Exchange of Mental Health Records John Lunstroth, J.D., LL.M., M.P.H. Allison Winnike, J.D. Prepared for the Texas Health and Human Services Commission and the Texas Health Services Authority with support from the State Health Information Exchange Cooperative Agreement Program February 2013

STRATEGIES FOR ELECTRONIC EXCHANGE OF MENTAL HEALTH RECORDS John Lunstroth, J.D., LL.M., M.P.H. and Allison Winnike, J.D. University of Houston Law Center Health Law & Policy Institute Texas law and the Privacy Rule 1 approach the disclosure protections for information from mental health records in very different ways creating an uncomfortable maze for both health care professionals and facilities to navigate. In addition to the differences in terminology used, Texas law ties disclosure protections to the professional or the facility that created the record, but the Privacy Rule ties disclosure protections to the purpose of the disclosure. In addition, the Privacy Rule generally refers to providers as covered entities, but Texas statutes define providers in relation to creation of mental health records in terms of professionals and facilities. Texas providers (both facilities and professionals) who perform the evaluation, diagnosis and treatment for maintenance of mental health include both private and public providers, and private providers under contract to public providers. Patients of such providers may be children or adults, who may seek evaluation and/or treatment voluntarily or involuntarily, and whose records may be created or maintained by more than one provider. APPLICABLE LAWS The Texas Mental Health Code is found at Chapter 611 of the Texas Health & Safety Code. Texas law regarding the disclosure of mental health records for treatment purposes is dependent on a number of definitions, not all of which are included in the Privacy Rule. DEFINITION OF A MENTAL HEALTH RECORD Neither the Privacy Rule nor state law creates a separate definition of precisely what constitutes a mental health record. Texas law focuses on how such records are created, tying the rules for protection of the information in the record to the person or entity that either actually creates the record or that holds the record. Under Texas law, a mental health record is created by defined professionals in interactions with a specific definition of patient. The Privacy Rule also does not distinguish a mental health record as separate and apart 1 Health Insurance and Portability Act of 1996 (HIPAA), Pub. L. No. 104-191 (1996) codified in 45 C.F.R. Parts 160 and 164. 1

from a general medical record. Both contain protected health information (PHI). 2 A covered entity 3 may not use or disclose PHI except as permitted by the Privacy Rule. 4 However, the Privacy Rule carves out a specific part of a mental health record, psychotherapy notes, for special protection. 5 Psychotherapy notes are defined as notes recorded (in any medium) by a health care provider who is a mental health professional 6 documenting or analyzing the contents of conversation during a private counseling session or a group, joint, or family counseling session and that are separated from the rest of the individual's medical record. Psychotherapy notes must be kept separate and apart from the patient s other medical and billing records. Psychotherapy notes exclude medication prescription and monitoring, counseling session start and stop times, the modalities and frequencies of treatment furnished, results of clinical tests, and any summary of the following items: diagnosis, functional status, the treatment plan, symptoms, prognosis, and progress to date. 7 The Privacy Rule requires specific patient authorization for any use or disclosure of psychotherapy notes with limited exceptions. 8 Under the Privacy Rule, patients are entitled to inspect and receive copies of their mental health records, with the exception of psychotherapy notes. 9 However, according to Texas law, a professional may deny patient access to any portion of a record if the professional determines that release of that portion would be harmful to the patient's physical, mental, or emotional health. 10 This particular part of the law is contrary to and preempted by the Privacy Rule requirement that an individual has access to their protected health information (PHI) unless the access requested is reasonably likely to endanger the life or physical safety of the individual or another person. 11 The Texas Attorney General determined that the Privacy Rule preempts Texas law in this instance because the standard for harm under the Texas statute is a much lower threshold for denying access to the individual than the more stringent reasonably likely to 2 45 C.F.R. 160.103. Protected health information means individually identifiable health information that is maintained or transmitted or maintained in any form or medium. 3 Id. Covered entities include health plans, health care clearinghouses, and health care providers who transmit any health information in electronic form in connection with a transaction covered under the HIPAA Privacy and Security Rules. 4 45 C.F.R. 164.502(a). 5 45 C.F.R. 164.501. 6 Mental health professional is not defined in HIPAA. 7 45 C.F.R. 164.501. 8 45 C.F.R. 164.508(a)(2) and (3)(ii). 9 45 C.F.R. 164.524(a)(1) 10 TEX. HEALTH & SAFETY CODE 611.0045(b). 11 45 C.F.R. 164.524(a)(3)(i). 2

access. 13 The Texas Mental Health Code does not define mental health records in its chapter endanger the life or physical safety standard in the Privacy Rule. 12 If the patient is denied access to their mental health record, Texas law still requires that the professional must allow examination and copying of the record by another professional if the patient selects the professional to treat the patient for the same or a related condition as the professional denying dedicated to the subject, 14 but does define a patient for purposes of creating a mental health record. Patient, for purposes of a mental health record, is defined as a person who consults or is interviewed by a professional for diagnosis, evaluation, or treatment of any mental or emotional condition or disorder, including alcoholism or drug addiction. 15 Mental illness is defined under the Texas Mental Health Code as an illness, disease, or condition, other than epilepsy, senility, alcoholism, or mental deficiency, that (A) substantially impairs a person s thought, perception of reality, emotional process, or judgment; or (B) grossly impairs behavior as demonstrated by recent disturbed behavior. 16 Note that, in Texas law, the definition of mental illness is more restrictive than the delineation of conditions for which a patient might have a mental health record created, and that the definition of mental illness specifically excludes alcoholism, but not drug addiction. CREATING A MENTAL HEALTH RECORD IN TEXAS Both health care professionals and health care facilities may create or maintain mental health records. 17 A professional means: (A) a person authorized to practice medicine in any state or nation; (B) a person licensed or certified by this state to diagnose, evaluate, or treat any mental or emotional condition or disorder; or (C) a person the patient reasonably believes is authorized, licensed, or certified as provided by this subsection. 18 The Texas Occupations Code 12 Report of the Office of the Attorney General of Texas, Preemption Analysis of Texas Laws Relating to the Privacy of Health Information & the Health Insurance Portability & Accountability Act & Privacy Rules (HIPAA), 308 (Nov. 1, 2004), available at https://www.oag.state.tx.us/notice/hipaa.pdf. 13 TEXAS HEALTH & SAFETY CODE 611.0045(e). 14 TEXAS HEALTH & SAFETY CODE 611. 15 TEXAS HEALTH & SAFETY CODE 611.001(1). 16 TEXAS HEALTH & SAFETY CODE 571.003(14). 17 TEXAS HEALTH & SAFETY CODE 611.0045(j). 18 TEXAS HEALTH & SAFETY CODE 611.001(2). 3

sets out the governance requirements applicable to physicians, nurses, psychologists, counselors, social workers, marriage and family therapists, and pharmacists and pharmacies. For purposes of mental health records, facilities are divided into two broad groups to which further regulations apply. Facilities regulated by the Department of State Health Services (DSHS), 19 community mental health centers, and psychiatric hospitals are governed under the Texas Mental Health Code. 20 There are also protections for the confidentiality of patient records related to other points of care such as general medical facilities (hospitals), 21 nursing homes, 22 assisted living facilities, 23 and juvenile and adult criminal justice facilities that are not contracted providers with DSHS. Finally, there are differences in the definitions for who can create a mental health record. The Mental Health Code specifically defines professional, for purposes of creation of a mental health record, to include both physician 24 and non-physician mental health providers. Nonphysician mental health providers include psychologists, nurses with advanced degrees in psychiatric nursing, clinical social workers, professional counselors, and marriage and family therapists who are licensed by and authorized to practice in this state. 25 Code provisions related specifically to mental health records define professional using slightly different language but appear to incorporate both physician and non-physician providers. 26 DISCLOSURE OF MENTAL HEALTH RECORDS Texas law generally treats mental health records as it does other medical records for purposes of treatment 27 and payment. 28 Specifically, Texas law states that mental health records may be released to other professionals and personnel under the professionals direction [emphasis added] who participate in the diagnosis, evaluation, or treatment of the patient. 29 Texas law also specifies that communications between the professional and the patient are both 19 25 TEX. ADMIN. CODE 404.152. 20 TEXAS HEALTH & SAFETY CODE 571-595. 21 TEX. HEALTH & SAFETY CODE 241.153. 22 TEX. HEALTH & SAFETY CODE Chpt. 242; 40 TEX. ADMIN. CODE 19.407 and 19.413. 23 TEX. HEALTH & SAFETY CODE Chpt. 252; 40 TEX. ADMIN. CODE Chpt. 19. 24 TEX. HEALTH & SAFETY CODE 571.003(18). 25 TEX. HEALTH & SAFETY CODE 571.003(15). 26 TEX. HEALTH & SAFETY CODE 611.001(2). 27 TEX. HEALTH & SAFETY CODE 611.004(a)(7). 28 TEX.HEALTH & SAFETY CODE 611.004(a)(6). 29 TEX. HEALTH & SAFETY CODE 611.004(a)(7). 4

confidential 30 and privileged 31, meaning that only the patient, someone with authority to act on behalf of the patient, or the professional acting on behalf of the patient may release information from such records. 32 As with other health records, under the Privacy Rule, a patient who wishes to withhold disclosure of treatment for payment purposes may do so if the patient pays in full for the treatment and requests that such treatment not be billed to the patient s insurer. 33 Similarly, the Privacy Rule also allows a patient who wishes to restrict access to his or her mental health records to request such restrictions, but a professional or facility does not have to grant the requested restriction. 34 However, if the requested restriction is granted, both the professional and any facility that holds the record are bound to honor it. 35 Texas laws related to creation of mental health records appear to focus more on such records as part of institutional or outpatient treatment for a specifically diagnosed mental illness. The Privacy Rule, on the other hand, appears to recognize that such records are created in many medical settings, not all of which are specific to treatment of defined mental illnesses, or with an expectation of institutionalization. The relationship between the definition for covered entity under the Privacy Rule and the Texas statute add another twist in the maze. The Privacy Rule permits disclosure by a covered entity of a health record, including a mental health record that excludes psychotherapy notes, for purposes of treatment, without specific patient authorization. 36 It does not distinguish between different types of covered entities. 37 Much of Texas law focuses on the disclosure by professionals of mental health records for treatment purposes to exchange within state-run facilities for treatment of mental illness. Within state-run facilities, such records can generally be transferred without specific patient authorization for any purpose, including for treatment. 38 Some of the entities in the state-run system are subcontractors who are private mental health care providers, creating a class of entities that are covered entities under Texas law, but which, as provider entities, have control of mental health records, though they are not the professional who 30 TEX. HEALTH & SAFETY CODE 611.002(a). 31 TEX. OCC. CODE 159.001 and 159.002(b) 32 TEX. OCC. CODE 159.002(e) 33 45 C.F.R. 164,522(a)(1)(iv) 34 45 C.F.R. 164.522(a)(1)(i). 35 45 C.F.R. 164.522(a)(1)(ii) 36 Subject to certain limitations. 45 C.F.R. 164.506(c). 37 45 C.F.R. 164.506(a). 38 TEX. HEALTH & SAFETY CODE 576.005, 611.001-611.005 and 25 TEX. ADMIN. CODE Chp. 404. 5

created the record. Because institutional members of DSHS and their subcontractors may transfer mental health records for any purpose within the system, as though those institutions and their subcontractors are one entity, it raises the question of who maintains the records created by the professional in a private mental health facility. Who has ownership rights in the records? As noted previously, patients generally have rights to access and obtain copies of information from their medical records, but the record itself is generally the property of the person who creates it or the entity that maintains it. 39 Texas law also reaches out and protects even the hint of mental illness by covering evaluations, whether or not they lead to diagnosis and/or treatment, but this protection leads to ambiguity by not spelling out how such records are to be handled by institutions, how they are to be distinguished from regular medical records when a patient presents with co-morbidities or is diagnosed with a physical disorder, and by linking the protection from unauthorized disclosure to ownership (who created and maintained ) of the patient s record. On the other hand the Privacy Rule protection of psychotherapy notes is distinguishable as a clearly defined subject, and requires special protection for such notes by the facility that maintains the record, not just the professional who created the record. Finally, the definition of confidential communication covers communication for a patient who is never diagnosed or treated for a defined mental illness, but who may be evaluated even if the evaluation does not result in a diagnosis, and such evaluation may be conducted by a private provider, a provider in a state-run facility, or by a private provider under contract to a state-run facility or program. POLICIES OF SELECTED HIEs FOR SEGMENTATION OF MENTAL HEALTH RECORDS HIEs throughout the nation are struggling with both policy and technical needs to segment data covering particularly sensitive information contained in an individual s PHI such as mental health information. This type of information may be accorded special confidentiality status by the Privacy Rule or other federal and state laws. The Health Information Technology for Economic and Clinical Health (HITECH) Act 40 recently amended the Privacy Rule to require 39 Supra note 16. 40 Part of the American Recovery and Reinvestment Act of 2009 (ARRA), P.L. 111-5 (2009), found at 13001. 6

a covered entity to restrict disclosure of an individual s PHI to a health plan for any health care service or item for which the individual paid out of pocket and in full, i.e., not filed through a health plan, if the individual so requests. 41 There appear to be three basic approaches to management of mental health information in a patient s mental health record: (1) maintenance of a separate behavioral health record system; (2) exclusion of mental health data altogether; and (3) notice only that such records are included. EXAMPLES OF STATES THAT MAINTAIN A SEPARATE BEHAVIORAL HEALTH RECORD SYSTEM The Nebraska Health Information Initiative (NeHI) maintains a regionally based Electronic Behavioral Health Information Network (ebhin) that includes diagnoses and medication history, but does not include clinical notes. 42 The Michigan Health Information Network Shared Services (MiHIN) supports sub state health information exchange networks. MiHIN recently signed data sharing agreements authorizing a private information technology and services company to become a Virtually Qualified Data Sharing Organization (VQO) authorized to manage behavioral health and substance abuse treatment data from its network of participating providers. The VQO can connect its network of behavioral health and substance abuse treatment providers to Michigan s sub state HIEs through the MiHIN. This means that the existing networks that could previously only exchange physical health data will now be able to access behavioral health data for participating patients with patient authorization. EXAMPLES OF STATES THAT EXCLUDE MENTAL HEALTH INFORMATION Alabama s One Health Record system currently in development has a draft policy to exclude mental health records [not defined]. 43 The Alaska ehealth Network specific list for exclusion mentions only records of mental health treatment centers, 44 but not mental health records generally. EXAMPLES OF STATES THAT PROVIDE NOTICE TO PATIENTS 41 42 U.S.C. 17935(a). 42 See generally http://www.ebhin.org/who_we_are/frequent_questions.html. 43 One Health Record Legal and Policy Workgroup, Notice to Patients of One Health Record 2 (Feb. 17, 2011), http://onehealthrecord.alabama.gov/documents/1.2_workgroups/1.2.2_legal_and_policy/1.2.2.2_february-17-2011/1.2.2.2_notice_to_pts_of_ohr.pdf 44 Alaska ehealth Network, Network Responsibilities Policy 2.500 18 (Jan. 25, 2012), http://www.akehealth.org/wp-content/uploads/network-responsibilities-2.500_final.pdf 7

Two states that provide notice to patients take different approaches about giving patients an option to participate in their HIE. ehealth Connecticut, a regional provider in that state, includes the following language in its notice to patients: Types of information included: Information accessed through the ehealthct HIE includes ALL OF your medical information, including but not limited to, sensitive information related to HIV/AIDS, mental health, genetic disease or tests, sexually transmitted diseases and family planning. Types of information NOT included: Information as it relates to treatment for alcohol, substance or drug abuse received by [the patient] in any program or by any provider. 45 Utah, on the other hand, advises patients for its Utah Clinical Health Information Exchange (chie) that they may wish to opt out of participation by including this statement: The chie may also contain information about substance abuse, mental health conditions, and other conditions you may consider sensitive. Unfortunately the chie is not able to exclude specific tests, visit, or treatments. If you are concerned about some or all of your information being shared in the chie, you may want to consider opting out of the chie. 46 UNRESOLVED ISSUES Texas law reaches out and protects even the hint of mental illness by shielding evaluations, whether or not they lead to diagnosis and/or treatment, but this protection leads to ambiguity by not spelling out how such records are to be to be distinguished from regular medical records. In addition, neither Texas state law nor the Privacy Rule adequately address the issue of mental health information that is created incidental to other health records such as when an obstetrician diagnoses and treats post-partum depression or a pediatrician diagnoses and treats attention deficit disorder. There are also ambiguities about how to handle records for patients who have both mental health and substance abuse disorders, and for patients who are also diagnosed with a physical disorder. 45 ehealth Connecticut, Patient Educational Factsheet 1-2 (2010), http://www.ehealthconnecticut.org/linkclick.aspx?fileticket=jq7hmvyy_wm%3d&tabid=100 46 Utah Health Information Network My chie, Frequently Asked Questions, http://mychie.org/support/faq. 8

The lack of clarity in defining what constitutes a mental health record complicates management of that information for purposes of electronic exchange of the information, but also implicates issues ranging from accessing health data for research to reporting for law enforcement purposes to determine who should or should not have access to firearms. 9

APPENDIX A The following Table summarizes the provisions of Texas Statutes governing mental health records and the relevant or correlative Privacy Rule provisions. TX Professionals may disclose under these circumstances For treatment, payment or health care operations H&SC 611.004(a) (3) to qualified personnel for management audits, financial audits, program evaluations, or research, in accordance with Subsection (b); H&SC 611.004(a) (6) to individuals, corporations, or governmental agencies involved in paying or collecting fees for mental or emotional health services provided by a professional; H&SC 611.004(a) (7) to other professionals and personnel under the professionals' direction who participate in the diagnosis, evaluation, or treatment of the patient; H&SC 611.004(a) (9) to designated persons or personnel of a correctional facility in which a person is detained if the disclosure is for the sole purpose of providing treatment and health care to the person in custody H&SC 611.004(a) (10) to an employee or agent of the professional who requires mental health care information to provide mental health care services or in complying with statutory, licensing, or accreditation requirements, if the professional has taken appropriate action to ensure that the employee or agent: (A)will not use or disclose the information for any other purposes; and (B)will take appropriate steps to protect the information; H&SC 611.004(a) Professional may not disclose record for treatment purposes without consent NONE H&SC 611.502 Professional may refuse to disclose record to patient if professional deems release harmful to the patient s physical, mental or emotional health. H&SC 611.004(a) (4) to a person who has the written consent of the patient, or a parent if the patient is a minor, or a guardian if the patient has been adjudicated as incompetent to manage the patient s personal affairs H&SC 611.004(a) (11) to satisfy a request for medical records of a deceased or incompetent person pursuant to Section 74.051(e), Civil Practice and Remedies Code. H&SC 611.004(a) (5) to the patient's personal representative if the patient is deceased; HIPAA Controlling HIPAA rules Directly, and by definition of health care operations 45 CFR 164.501, 502(ii) & 506 Directly, and by definition of health care operations 45 CFR 164. 501, 502(ii) & 506 Directly, and by definition of health care operations 45 CFR 164. 501, 502(ii) & 506 Directly, and by definition of health care operations 45 CFR 164. 501, 502(ii) & 506; 164.512(k) (5). Directly, and by definition of health care operations 45 CFR 164. 501, 502(ii) & 506 NONE With consent Prohibition on disclosing psychotherapy notes without authorization 45 CFR164.506(b)(2); 164.508(a)(2) Access to protected health information may only be denied if health care provider deems release reasonably likely to endanger the life or physical safety of the individual or another person. HIPAA provides the same but is more restrictive and detailed, and it controls. 164.502(g) 164.502(g) Official reasons H&SC 611.004(a)(1) to a governmental agency if the 164.512(a)&(f) disclosure is required or authorized by law; H&SC 611.004(a) (2) to medical or law enforcement 164.512(j) personnel if the professional determines that there is a probability of imminent physical injury by the patient to the HIPAA provides the same but is more detailed and it controls. 164.502(g) 10

patient or others or there is a probability of immediate mental or emotional injury to the patient; H&SC 611.004(a) (8) in an official legislative inquiry relating to a state hospital or state school as provided by Subsection (c), but if identifiable records then only with consent; 11

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information