… The House Energy and Commerce Subcommittee on Oversight and Investigations, chaired by Rep. Tim Murphy of Pennsylvania, has held several hearings on the nation’s mental health system, recently focusing on the Health Insurance Portability and Accountability Act (HIPAA) and how its application can help or hinder patient care and public safety. Members of Congress and others have expressed concern that the HIPAA “Privacy Rule” may interfere with the timely and continuous flow of health information between health care providers, patients, and families, thereby impeding patient care, and in some cases, public safety. These hearings are in large part an outgrowth of the Newtown, Connecticut elementary school shootings.
One of the concerns expressed by one or more members of the Subcommittee was that covered entities (including individual mental health providers) were so concerned about privacy and confidentiality, and so afraid that the federal government may come after them for an alleged violation, that they tended to not share information with others under circumstances where they are in fact allowed to do so – just to act on the cautious side. Connected to this concern was the question of what HIPAA allows with respect to health care providers communicating with family members or other relatives of the patient, close friends, or parents. The testimony around this issue confirmed that HIPAA allows providers to communicate with such interested persons, but only in a limited way and under limited circumstances. Reference to the applicable section of the federal regulations was made – that is, 45 CFR 164.510.
Another concern involved the dangerous patient issue. One of the witnesses who testified at the hearing was Leon Rodriguez, Director of the Office for Civil Rights (OCR) – the enforcement arm of the U.S. Department of Health and Human Services (HHS). Director Rodriguez testified, among other things, that the “Privacy Rule” allows health care providers to warn or alert law enforcement, family members of the patient, or any other persons who may reasonably be able to prevent or lessen the risk of harm when the provider in good faith believes that a warning or report is necessary to prevent threatened harm from the patient. Essentially, the Director stated that HIPAA allows disclosures in dangerous patient situations (danger to self or others), but that providers must act consistent with the requirements or authorizations of state law and the ethical standards of the particular profession. His testimony in this regard was intended to convince the Subcommittee that HIPAA does not impede public safety.
Of the most interest to me was the testimony that indicated that there may be some who believe that the HIPAA regulations do not go far enough when it comes to the dangerous patient scenarios I have often written about. The position expressed was that the HIPAA regulations were permissive only, and were too deferential to state law and applicable professional ethical standards. What therefore remains is a hodge-podge of widely varying state laws that take different positions as to whether or not there is a duty to protect a third party, and whether or not certain disclosures must be made to law enforcement or intended victims or others under circumstances where a patient threatens violence. There appears to be some interest in exploring whether or not it would be appropriate and effective to promulgate a national and uniform standard that would not only allow a psychotherapist to break confidentiality, but would establish a duty to protect third parties (intended victims) when a patient threatens imminent physical violence. I don’t see anything happening in the near future, although the idea is interesting and worthy of debate.