Paranoid about counseling and privacy

Related Q&As:

Sick about going to counseling—For someone having difficulty seeking counseling, and a list of the potential benefits of making that final commitment and how to approach an initial session.

How to find a therapist—Tips for how to choose a good match for therapy

Symptoms of mental illness?—This lists some of the more common psychiatric illnesses and resources for learning more and finding help

Free therapy at Columbia?—This is a Columbia-specific resource on mental health offerings at Columbia.

Problem with psychiatrist at Columbia—How to address concerns with a mental health professional at Columbia

RESEARCH:

1. HIPAA Privacy Rule and Sharing Information Related to Mental Health--Research
2. Privacy and Confidentiality UCIrvine--Research
3. Guidance Regarding Methods for De-identification of Protected Health Information in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule--Research
4. Informed Consent in Adult Psychiatry--Research
5. A Participant's Guide to Mental Health Research--Research
6. HIPPA FAQ 316: Revoked Consent--Research
7. Protecting your Privacy: Understanding Confidentiality--Research

________________________________________

Definitions:

PHI = Protected Health Information

________________________________________

Source 1: HIPAA Privacy Rule and Sharing Information Related to Mental Health

SUMMARY

This summarizes HIPPA’s Privacy Rule and FDA regulations and gives general information about the kinds of patient information that can and cannot be shared between mental health professionals, health plans, other health care providers, patient family, friends, other caretakers, and law enforcement.

The rule is designed to protect and maintain an individual’s trust in their healthcare provider and encourage them to seek care when needed, but additionally to outline circumstances in which health information may need to be shared for the best interests of the patient or others. Such situations may include disclosing information to a patient’s family, friends, or others involved in the patient’s care; emergencies in which the patient is incapable of making decisions (ie unconscious or in other incapacitated mental state), and law enforcement.

Additionally, there are distinctions between what goes in a patient’s medical record and what goes in a provider’s psychotherapy notes. Psychotherapy notes are defined as “notes recorded by a health care provider who is a mental health professional documenting or analyzing the contents of a conversation during a private counseling session or a group, joint, or family counseling session and that are separate from the rest of the patient’s medical record.” These do not include medication information, information about treatment, test results, diagnoses, symptoms, prognosis, or progress—aka they do not contain information that would be in the patient’s medical record and are for the counselor’s personal use. These are treated differently from other mental health information because of their particularly sensitive nature and if psychotherapy notes will be disclosed (including to another provider other than the note-creator), this requires a covered entity to gain written permission from a patient. Exceptions include reporting of known or real threats of harm to others or harm to self. Lastly, student health information is also regulated by FERPA, a privacy act specific for educational institutions.

Source 2: Privacy and Confidentiality, UCIrvine—Research

SUMMARY

I think this source is quite useful. They highlight differences between privacy and confidentiality and stress the importance of maintaining privacy and confidentiality in order to protect people from potential harm, including psychological (embarassment, distress), social (loss of employment, financial damage), and criminal and civil damage.

Privacy is about people being able to control the amount of access that others have to them, and is a right that needs protection. It is also in the eye of the participant, not the researcher who may be interested in a person as a potential study participant. For instance, it is unacceptable for researchers to search through medical records and then contact individuals to ask them to participate in a study.

Confidentiality is an extension of privacy, and it regards about the security of information that one discloses in a relationship of trust. It involves the identifiableness of one’s data, consent and agreements as to who can access the data. Ideally, researchers will collect and use data as minimally as necessary and use data that has no identifers in it, preventing anyone from linking the data to the person’s identity.

________________________________________

Source 3: Guidance Regarding Methods for De-identification of Protected Health Information in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule—Research

SUMMARY

This describes all the kinds of information found in medical records that can be used to determine someone’s personal identity and the specific methods a covered entity should use in order to de-identify medical records.

Protected Health Information (PHI) includes anything that relates to a person’s past, present or future physical or mental health or condition, any health care to that person, and payment information for health care in which the individual can be identified. PHI includes identifiers such as name, address, contact information, birth date, SSN, medical records, laboratory results, hospital bills—anything that links a person’s identity with their health care.

Once all the personal identifiers are removed from health information, it is no longer considered protected and the Privacy Rules no longer apply.

Source 4: Informed Consent in Adult Psychiatry—Research

SUMMARY

This is written by a clinician reviewing consent in adult mental health, where sometimes it’s unclear whether a participant is competent to give consent or not. It’s a nice summary from a provider’s POV and lays out the five important components of informed consent (voluntarism, competency, disclosure, understanding, and decision), particular mental health challenges and disorders in psychiatry that can inhibit competent consent, exceptions to obtaining consent (necessity, emergency), and lastly what I think our reader would be most interested in: consent waivers in psychiatric research.

Patient consent is NOT needed for research when it does not include interventions and is more retrospective, based only on medical records, registries, or large-scale populations. This is only approved by a committee (IRB) when they are sure that there is minimal risk to subjects, no adverse effect to the subjects’ rights and welfare, that obtaining consent would be impractical for the study to happen, and appropriate situations in which subjects and their providers are notified about information regarding the study.

________________________________________

Source 5: A participant’s guide to Mental Health Research—Research

SUMMARY

This is a PDF from the National Institute of Mental Health Research for potential research participants on the costs, benefits, and process of clinical research. Additionally, it outlines differences in seeing a provider and participating in research and considerations when deciding to participate.

Below, I copy and pasted directly from p.11:

What rights do I have?

• Deciding whether or not to participate
• If you are eligible for a clinical study, you will be given information that will help you decide whether or not to take part As a patient, you have the right to:
• Be told about important risks and benefits
• Require confidentiality, or having maintained as private all
• personal medical information and personal identity
• Know how the researchers plan to carry out the research, how long your participation will take, and where the study will take place
• Know what is expected of you
• Know any costs you or your insurers will be responsible for
• Know if you will receive any financial compensation or
• reimbursement for expenses
• Be informed about any medical or personal information that may be shared with other researchers directly involved in the clinical research
• Talk openly with doctors and ask any questions

Once you have decided to participate

• After you join a clinical research study, you have the right to:
• Leave the study at any time Participation is strictly voluntary You can choose not to participate in any part of the research However, you should not enroll if you do not plan to complete the study
• Receive any new information that might affect your decision to be in the study
• Continue to ask questions and get answers
• Maintain your privacy Neither your name nor any other identifying information will appear in any reports based on the study
• Ask about your treatment assignment once the study is completed, if you participated in a study that randomly assigned you to a treatment group.

________________________________________

Source 6: HIPPA FAQ 316—Revoked Consent

SUMMARY

Individuals in research studies can revoke the conditions they consented to at any time, however covered entities are still allowed to use any previously disclosed PHI that was obtained prior to the revocation.

________________________________________

Source 7: Protecting your privacy: Understanding confidentiality--Research

SUMMARY

Not that helpful, but confirms that the HIPPA Privacy Rule is a federal regulation “designed to be a minimum level of protection” and that states may have even stricter regulations on PHI. A concerned individual can find out specific laws and protection from their state’s board of psychology. Psychologists do not need to obtain their patient’s written consent when there is danger of self-harm or harm to another (also including abuse, neglect), or in court orders.

________________________________________

OVERALL CONCLUSIONS:

The current response could benefit from some updates.

In Paragraph 1, while it is true that states have their own additional laws regulating confidentiality, there are certainly minimum federal standards in the US for regulating confidentiality and privacy of patients under the care of general health, mental health, and for certain substance abuse programs (Sources 1, 3, 7). These are designed to protect and maintain a person’s trust in their healthcare provider and encourage them to seek care when needed, but additionally to outline circumstances and procedures in which health information may need to be shared. We can also help define PHI (as in Source 3) and the 5 aspects of informed consent, detailed in Source 4.

Specifically, for mental health, there is a distinction between what goes in a patient’s medical record and what goes in a provider’s psychotherapy notes and how those two can be shared. Psychotherapy notes are the personal notes of the caregiver separate from the patient’s medical record and are generally not intended to be shared.

However, there are certain situations when a provider may not need a patient’s consent to disclose information. This may include disclosing information to a patient’s family, friends, or others involved in the patient’s care, or law enforcement; and emergencies in which the patient is incapable of making decisions (ie unconscious or in other incapacitated or psychotic state) (See Sources 1, 2, 3, 4). In general, a concerned individual can find out specific laws and protection from their state’s board of psychology (Source 7).

The reader users both the terms ‘privacy’ and ‘confidentiality.’ While these are related and often used interchangeably, they are not always synonymous, depending on the context. Source 4 gives a good distinction between privacy and confidentiality—see the summary above.

Federal standards also apply to patient information accessed for clinical research (Sources 4, 5, 6). Permission is generally needed to access a person’s PHI if a researcher is not involved in the individual’s health care, except in certain situations and there are many rights involved (see the list from p. 11 of Source 5). However, patient consent is NOT needed for research when it does not include interventions and is more retrospective, based only on medical records, registries, or large-scale populations (Source 4). This consent waiver is only approved by an impartial committee (IRB) when the committee is sure that there is minimal risk to subjects, no adverse effect to the subjects’ rights and welfare, that obtaining consent would be impractical for the study to happen, and appropriate situations in which subjects and their providers are notified about information regarding the study. Note (see Source 6), if someone gives consent, they are allowed to revoke it later although any information that had already been disclosed does not have to be removed, just new information cannot be used. Source 5 covers the difference between seeing a provider and participating in research.

The take home message is the same as the original Alice response—it’s an opportunity to have a discussion with one’s counselor about understanding one’s rights as a healthcare recipient, how one’s information will be shared and when, and to establish a common ground regarding the individual and providers’ needs, expectations, trust, and intentions. We can reference the “How to find a therapist” article for other tips on finding the right match.

________________________________________

Notes on research: