5 myths about the HIPAA Privacy Rule | Behavioral Healthcare Executive Skip to content Skip to navigation

5 myths about the HIPAA Privacy Rule

January 25, 2017
by Tom Valentino, Senior Editor
| Reprints

The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule protects patients’ personal health information, but there are exceptions to what data can be shared and when. With an assist from the U.S. Department of Health and Human Services (HHS), we debunk five common misperceptions.

Myth 1: You can’t share a patient’s information with his family, friends or caregivers.

If the patient is present, has the capacity to make healthcare decisions and does not object, you can communicate with family and loved ones. If a patient is incapacitated or not present, you must determine, based on your professional judgment, if communicating is in the best interests of your patient. Disclosures must be directly relevant to the patient’s care or payment for care.

Myth 2: HIPAA provides extra protections for mental health information specifically.

Your personal psychotherapy notes are the only form of mental health information to receive special protections under the HIPAA Privacy Rule.

Myth 3: Parents have a right to see your psychotherapy notes about their child’s mental health treatment.

As personal representatives of their child, parents are entitled to a copy of the child’s mental health information, but do not have a right of access to your psychotherapy notes.

Myth 4: You cannot share information about an adult patient with family members who are concerned about his mental health if he refuses to allow it.

You can disclose information to family members “to the extent that the provider perceives a serious and imminent threat to the health or safety of the patient or others, and the family members are in position to lessen the threat,” says HHS. Otherwise, you must respect the patient’s wishes.

Myth 5: You may not disclose health information about your patient to another provider who is treating a family member of the individual.

HIPAA does allow personal health information to be used or disclosed for the purpose of treating another patient without an individual’s written authorization.