In the April 2016 issue of this Avoiding Liability Bulletin, I asked whether the practitioner’s actions in the scenario presented were supportable, lawful, and ethical. The practitioner chose to initiate an involuntary commitment of the client when the client presented a serious and imminent danger of violence against co-workers, even though no specific threat was articulated. The practitioner decided to not inform the client of a recent change to federal regulations (involving, among other things, voluntary vs. involuntary commitments) that could ultimately affect the client’s right to purchase or possess guns. The client was described as a staunch Second Amendment advocate and the practitioner was described as a strong gun control advocate. See the April 2016 article for the full details.
My brief answer to the questions raised is not intended to be compliant with a particular state law, as state laws will vary with fine nuance, and there are fifty states! Moreover, there are multiple professional associations with differing ethical standards, which also vary with fine nuance. The comments below are simply intended to be representative of an argument that might be made in support of the practitioner. The argument might need to be altered or enhanced if state law or a particular ethical standard proved problematic for an appropriate defense of the practitioner. One never knows what might be alleged or argued by a client, former client, state regulatory agency, or a professional association’s ethics committee.
The practitioner did nothing wrong. The actions taken are supportable, lawful, and ethical. First, a specific threat need not be articulated in order for the practitioner to take the action that was taken. If a practitioner determines, from all of the facts and circumstances involved, that there is an imminent danger of violence against an intended (or foreseeable) victim or victims, the therapist is under a duty (or permitted, depending upon state law) to take reasonable steps to protect the intended victim(s) from that violence. Such possible steps include making a reasonable attempt to warn the intended victim, notifying the police, or hospitalizing the patient. Some state statutes provide immunity from liability for the practitioner under particular circumstances and provided that one or more specified actions are taken by the practitioner.
There exists no duty to inform the patient of changes to federal regulations that involve mandatory or permissive reporting by others (non-health care practitioners) to the FBI’s NICS system. Likewise, the therapist is not under a duty to protect the patient’s right to own or purchase guns, especially a patient who the therapist has determined presents an imminent danger of violence to the identified others. Likewise, the therapist need not give the patient the option of a voluntary hospitalization. Once the determination is made of the imminent danger, the therapist must take reasonable action(s) to prevent the harm. In this case, that is precisely what the therapist did. With respect to acting in the “best interests” of the patient or promoting the welfare of the client, if those principles are asserted or argued, the practitioner is the one who initially determines “best interests” or what promotes the welfare of the client by using his or her best judgment under all of the facts and circumstances involved. The fact that the actions taken by the practitioner well-suited his belief system regarding guns does not necessarily mean that those actions were inappropriate, unsupportable, unlawful, or unethical.
CONFIDENTIALITY – INSURANCE REIMBURSEMENT
The duty of confidentiality is often on the minds of practitioners when it comes to dealing with insurance companies and insurance reimbursement issues. The comments that follow do not cover the entire spectrum of issues that may arise, but rather, review several basic principles of law or practice related to confidentiality that are important to keep in mind as one deals with the various situations that may occur when dealing with insurers.
First, practitioners will either be governed by the HIPAA Privacy Rule or by the laws of the states where they practice. It is obviously important to know which laws (and regulations) govern one’s practice. Secondly, whether governed by state law or HIPAA, it is important to remember that if there is doubt as to the appropriateness of a particular disclosure to an insurer, a signed authorization from the patient can usually be obtained. If the patient is for some reason unwilling to sign an authorization, and knows the possible consequences with respect to reimbursement, then release of the information will likely not occur. It is important for practitioners to know with certainty the required contents or elements of a valid authorization form, whether governed by HIPAA or by state law.
Those practitioners who are covered entities under HIPAA must be aware of the definition of “psychotherapy notes” in the “Privacy Rule,” since a written authorization is required before such notes (documenting or analyzing the contents of conversation during a counseling session) can be released to an insurer. It is not very often that an insurer will seek “psychotherapy notes,” which must be kept separate from the rest of the patient’s treatment record, but in some cases, this will occur. Typically the insurer is primarily interested in the dates of service, the symptoms, the diagnosis, the treatment plan, the prognosis, the progress to date, and other “routine” information contained in the treatment record. The fact that there may be disclosures of such information without the patient’s signed authorization must be described in the Notice of Privacy Practices (for covered entities under HIPAA) given to the patient at the outset of treatment.
It is helpful to remember the minimum necessary rule or principle. The principle makes abundant sense and should (or must) be followed, with some exceptions, whether one is governed by HIPAA or by state law. In essence, it provides that the practitioner must make reasonable efforts to only release the minimum amount of information necessary to accomplish the purpose of the request. This principle applies primarily to releases of information that are permitted without a written and signed authorization from the patient, such as information that an insurer might routinely request (see above) to determine if payment should be made or continue to be made. The minimum necessary principle would generally not apply, for example, to a release of information to another licensed health care provider for purposes of diagnosis or treatment of the patient, or in situations where there is use of an authorization form. In the latter case, the amount of information released would not be the minimum necessary, but rather, the amount released would be determined by the specific wording in the authorization.
HIPAA regulations were to a large extent modeled after state laws. State laws usually specify the circumstances under which a written and signed authorization from the patient is not required. In other words, and counter-intuitively, the practitioner can often release information without the patient’s signed authorization. It is either required (e.g., by the Notice of Privacy Practices provisions under the HIPAA Privacy Rule, or by a particular state law) or advisable to inform patients, in a written disclosure form (sometimes referred to as an informed consent form), that certain disclosures of otherwise confidential information may be required and permitted under applicable law – without the patient’s signed authorization. The most helpful (from a treatment perspective) permissive exception to the requirement of a written and signed authorization from the patient involves releases of information to other health care providers or health care facilities for purposes of diagnosis or treatment of the patient.
Another permissive exception under state laws typically provides, among other things, that a health care provider may release medical information (includes mental health information) about a patient to an insurer or other person or entity responsible for paying for health care services rendered to the patient, to the extent necessary to allow responsibility for payment to be determined and payment to be made. State law may also provide that medical information may be disclosed to a person or entity that provides billing, claims management, medical data processing, or other administrative services for providers of health care. HIPAA’s Privacy Rule essentially recognizes these common exceptions to confidentiality and the required Notice of Privacy Practices form informs patients of these and other exceptions.