NOTE: HIPAA is a complex law governing the exchange of health information among health care practitioners, health insurers, and other health care business entities. The following summary is intended solely for the purpose of providing a general overview of the most relevant issues that arise when considering who may access the medical records of a child or a parent as these may relate to a juvenile court case. Show Please refer to the statues and regulations for more information.
These can be found on the website for the Department of Health and Human Services. "Standards for Privacy of Individually Identifiable Health Information," effective April 14, 2003, promulgated by the Department of Health and Human Services under the authority of HIPAA, Pub. L. No. 104-191 (1996) (under Administrative Simplification provisions). 45 C.F.R. Parts 160 and 164. WHAT INFORMATION IS PROTECTED? HIPAA protects the confidentiality of individually identifiable health information.1 Health information means any information, whether oral or recorded in any form or medium, that:
Health care means care, services, or supplies related to the health of an individual. It includes, but is not limited to, the following:
Individually identifiable means that the information identifies the individual or might be used to identify the individual. It includes many common identifiers such as name, address, birth date, SSN, etc. NOTE: information may be de-identified by removing specified identifiers of the individual and of the individual's relatives, household members, and employers. De-identifed information is not protected. While there are exceptions to the above, it is a safe assumption that any information concerning the physical or mental health of a child and his or her parents that is held by a health care provider is protected by HIPAA. However, there are two significant exceptions to HIPAA protection. Schools:
Information protected by other laws: A common example of another law providing greater protection than HIPAA is the federal law that protects records of substance abuse treatment. See Substance Abuse Treatment Records. State laws that grant testimonial privileges to certain health care practitioners may also provide greater protection. See Privileged Communications. Additionally, if specific information falls within an exception to HIPAA protection, it may still be protected by another federal or state law, such as a privilege statute or laws protecting court records. HOW IS DISCLOSURE OF PROTECTED HEALTH INFORMATION AUTHORIZED BY THE INDIVIDUAL? The principle presumption of HIPAA's privacy provisions is that the individual has control over all information concerning his or her health. The individual, or his or her personal representative, has access to all personal health care information, and may give consent to disclose that information to others. Who qualifies as a personal
representative?3 For unemancipated minors, it is a parent or guardian or other person acting in loco parentis under relevant law. However, The minor may be solely responsible for providing consent when
If state law allows or prohibits the disclosure of information concerning an unemancipated minor to a parent, guardian or other person acting in loco parentis, then that law controls over HIPAA. See Medical Treatment of Minors. A covered entity may elect not to release information to a personal representative if the covered entity has a reasonable belief that:
What must the consent form contain? WHEN CAN INFORMATION BE DISCLOSED WITHOUT CONSENT? HIPAA has provisions for the disclosure of protected health information without the written consent of the individual when the public interest in sharing the information outweighs the individual's privacy interest. For these situations, disclosure is permitted, but not required. This section discusses the situations most likely to be relevant when a child is involved in a juvenile court proceeding. Note that psychotherapy notes generally may not be disclosed without authorization.5 A health care provider can disclose personal health information without consent of the individual under the following circumstances. By order of a court or administrative tribunal Non-court-ordered disclosures for judicial and administrative proceedings
A qualified protective order means an order of the court or an administrative tribunal or a stipulation by the parties to the litigation or administrative proceeding that 1) prohibits the parties from using or disclosing the protected health information for any purpose other than the litigation or proceeding for which such information was requested, and 2) requires the return to the health care provider or destruction of the protected health information (including all copies made) at the end of the litigation or proceeding. Disclosures about victims of abuse, neglect or
domestic violence to public agencies authorized by law to receive such reports If the individual cannot consent because of incapacity, disclosure may be made without consent. A law enforcement official or other public official must represent that the information is not intended to be used against the individual and an enforcement action that relies on the disclosure would be materially and adversely affected by delay. The entity disclosing such information must notify the individual of the disclosure unless it believes, in the exercise of professional judgment, that informing the individual would place the individual at risk of serious harm, or, if the notification would go to a personal representative, that the entity believes that the personal representative is responsible for the abuse, neglect or other injury, and that informing that person would not be in the best interests of the individual as deemed in the exercise of professional judgment. Reporting of certain types of injuries
Legal process issued by law enforcement agencies
In response to a law enforcement officer's request
When health care provider suspects
criminal activity If criminal conduct occurred on the premises of the entity and the provider believes in good faith that the health information constitutes evidence of the crime.14 While providing emergency medical care in response to a medical emergency, off the premises of the entity, the provider may disclose health information if necessary to alert law enforcement to the commission and nature of a crime, the location of the crime or the victim(s), the identity, description, and location of the perpetrator. If the provider believes that the crime was the result of abuse, neglect, or domestic violence, then those provisions apply.15 Consistent with law and standards of ethical conduct, health information may be disclosed if the provider believes in good faith that the disclosure is necessary for law enforcement authorities to identify or apprehend an individual, either because of a statement by the individual admitting participation in a violent crime that the provider believes may have caused serious physical harm to the victim, or where it appears from all the circumstances that the individual has escaped from a correctional institution or from lawful custody.16 To protect public health, safety and welfare What is considered an individual identifier?Patient names. Geographical elements (such as a street address, city, county, or zip code) Dates related to the health or identity of individuals (including birthdates, date of admission, date of discharge, date of death, or exact age of a patient older than 89) Telephone numbers.
What are identifiers for HIPAA?18 HIPAA Identifiers. Address (all geographic subdivisions smaller than state, including street address, city county, and zip code). All elements (except years) of dates related to an individual (including birthdate, admission date, discharge date, date of death, and exact age if over 89). Telephone numbers.. Fax number.. Which of the following types of data includes information that identifies an individual?Personal data is information that relates to an identified or identifiable individual. What identifies an individual could be as simple as a name or a number or could include other identifiers such as an IP address or a cookie identifier, or other factors.
Which of the following are examples of personally identifiable information?Personal identification numbers: social security number (SSN), passport number, driver's license number, taxpayer identification number, patient identification number, financial account number, or credit card number. Personal address information: street address, or email address. Personal telephone numbers.
|