Jennifer Bernstein, JD, MPH
Senior Attorney, The Network for Public Health Law – Mid-States Region
University of Michigan School of Public Health
This is the second of three posts discussing privacy rights for mental health care provided by Attorney Jennifer Bernstein. Read the first installment from earlier this week. Additionally learn more by reading FAQs from the U.S. Department of Health & Human Services.
When and How Can A Family Member Become Involved in Care?
Now that we have discussed some of the basics of the HIPAA Privacy Rule, let’s consider some specific concerns that family members often have regarding treatment and care of their adult family members with a mental health disorder. Generally, HIPAA gives ultimate deference to a patient’s wishes as to the sharing of their health information. There are some exceptions that are important for the family members of individuals with mental illness.
When does mental illness constitute incapacity under the Privacy Rule?
The HIPAA Privacy Rule does make allowance for when a patient is unable to authorize disclosure due to incapacity. A major determining factor on whether to disclose a patient’s information to the their family, friends or other persons involved in their care is whether or not the disclosure is in the best interests of the patient. Incapacity criteria may include when a patient is incoherent or suffering from psychosis.
When a provider determines that such a disclosure is in the patient’s best interests, the provider is permitted to disclose only information that is directly relevant to the person’s involvement in the patient’s care or payment for care.
What if the patient is not incapacitated and objects to disclosure of information, but sharing information may still be in the best interest of the patient?
In instances when the patient has capacity and objects to the sharing of information, the provider may share the information only when the following guidelines are met:
- doing so is consistent with applicable law and standards of ethical conduct
- the provider has a good faith belief that the patient poses a threat to the health or safety of themselves or others, and
- the person to whom the information is disclosed is reasonably able to prevent or lessen the threat
Note, though, that the Privacy Rule does not prevent providers from listening to concerns raised by family or friends about the health of the patient. These concerns may provide the health care provider with additional information that better informs their evaluation of the patient and any potential threat the patient may pose to the health and safety of themselves or others. These concerns can be withheld from the patient if the disclosure of such information would be reasonably likely to reveal the identity of the concerned individual.
What is a personal representative under HIPAA?
A personal representative is a person legally authorized to make health care decisions on an individual’s behalf. The Privacy Rule allows a covered entity (e.g., health care provider) to treat a “personal representative” of a patient in the same manner as the patient. This includes providing the personal representative with the same rights of disclosure and review as the patient. Personal representatives can include:
- health care power of attorney
- court appointed legal guardian
- general power of attorney, or
- durable power of attorney that includes the power to make health care decisions
The “personal representative” exception reminds us that advance planning is essential. Laws for appointing or designating a personal representative vary by state, so consult with an attorney regarding the requirements for designating a personal representative.
The final post in this series will discuss some innovative state laws that seek to assist the family members of patients with mental illness in taking an active part in the treatment and care of their loved ones.
- What experience, negative or positive, have you had in dealing with HIPAA while obtaining mental health care?
- What do you think needs to change about the HIPAA law?
- How do you think the balance should be struck between patient rights and families seeking to ensure prompt and appropriate treatment?