The HIPAA Privacy Rule allows for provider to provider communications – for providers that are part of a patient’s care team – to exchange clinical information, including protected health information (PHI) among each other. Circumstances under which provider to provider communications involving use and disclosure of PHI are addressed below.
When Are Provider to Provider Communications Permitted Under the HIPAA Privacy Rule?
Generally, under the HIPAA Privacy Rule, which imposes restrictions on the use and disclosure of PHI by covered entities (including healthcare providers), any pertinent clinical care information, including mental health treatment information, can be disclosed and discussed between a patient’s current treatment providers (that is, can be the subject of provider to provider communications) without written authorization by the patient, representative, or guardian, except for the content of written psychotherapy notes.
What Constitutes Psychotherapy Note Information?
The HIPAA Privacy Rule definition of a “psychotherapy note” is quite restrictive. Under HIPAA, psychotherapy notes consist of:
- A mental health professional’s written analysis, of
- A conversation that occurred, during
- A private counseling session
The written analysis must be maintained separately from the medical record to qualify as “psychotherapy notes.”
Generally, patients do not have the right to obtain a copy of these under HIPAA. When a psychologist denies a patient access to these notes, generally, the denial is not subject to appeal or review. A provider may, in the exercise of his or her discretion, choose to provide a copy of the patient’s psychotherapy notes to the patient, consistent with applicable state law.
The Privacy Rule does permit psychotherapy notes to be disclosed under very limited circumstances:
- A covered entity may disclose protected health information contained in psychotherapy notes to a coroner or medical examiner for the purpose of identifying a deceased person, determining a cause of death, or other duties as authorized by law.
- A covered entity may use or disclose protected health information in psychotherapy notes to the extent that such use or disclosure is required by law and the use or disclosure complies with and is limited to the relevant requirements of such law.
- A covered entity may use or disclose psychotherapy notes for its own training programs in which students, trainees, or practitioners in mental health learn under supervision to practice or improve their skills in group, joint, family, or individual counseling.
- A covered entity may use or disclose psychotherapy notes to defend itself in a legal action or other proceeding brought by the patient.
- A covered entity may, consistent with applicable law and standards of ethical conduct, use or disclose psychotherapy notes, if the covered entity, in good faith, believes the use or disclosure:
- Is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public; and
- Is to a person or persons reasonably able to prevent or lessen the threat, including the target of the threat.
A covered entity MUST disclose psychotherapy notes, when disclosure is required by the Secretary of Health and Human Services, to determine whether the entity is HIPAA compliant.