In 1996, the Health Insurance Portability and Accountability Act (HIPAA) was enacted by Congress and signed into law. Since then, health care providers and insurers have had to ensure that collecting, storing, and sharing patient health is carefully and safely administered. The HIPAA privacy rule protects patients who receive care and issues related to and around their mental health. The preservation of a patient’s sensitive mental health records, including behavioral health records is essential in order to be HIPAA-compliant.
Mental Health Records vs Psychotherapy Notes
HIPAA also includes the right every patient has to review, inspect, correct, and receive a copy of their physical and mental health/behavioral health records. This information is extremely private, therefore, proper access measures are important. There is also a distinction between behavioral health records, which are part of a patient’s overall medical record, and psychotherapy notes, which are provided special consideration and considered to be separate pieces of information. Healthcare professionals should not consider the extra privacy protections afforded to psychotherapy notes as applicable to general mental health records, or the overall care and treatment of a patient could be impacted.
The Department of Health and Human Services’ (HHS) draws this distinction between mental health records, which includes behavioral health records, compared with psychotherapy notes. HHS states that psychotherapy notes are treated differently from other mental health information as they contain particularly sensitive information. HHS further states that the HIPAA Privacy Rule defines psychotherapy notes as “notes recorded by a healthcare provider who is a mental health professional documenting or analyzing the contents of a conversation during a private counseling session or a group, joint or family counseling session and that are separate from the rest of the patient’s medical record.”
However, mental health records fall within general protected health information (PHI) and are considered part of the general health records as they include medical prescriptions, session start and stop times, frequency of treatment, clinical tests, summaries of diagnosis, symptoms, and prognosis. Therefore, psychotherapy notes are the exception of the HIPAA Privacy Rule and receive special protections. This distinction means that organizations need to have protocols in place for how this information is stored and shared.
Implementing protocols for managing their medical records must consider how mental health records and psychotherapy notes differ not only in content but also in storage. Best practices state that mental health records be stored within the patient’s general medical chart, while psychotherapy notes should be stored separately from the patient’s general medical record. If an organization wishes to store the psychotherapy notes within their electronic health record (EHR) system, then special naming and filing standards should be documented and communicated.
Interoperable Solutions: Ensuring Safe and Accurate Access
Interoperability has become increasingly paramount to accommodate the fragmented silos through a simplified, integrated technological solution. Clients now have more control over their health data empowering them to access and manage their personal health care information. Clients will be able to ensure their medical history is accurate and up to date and have control over what information can be shared. Providers in turn will be able to quickly access and securely share a client’s medical history, and other pertinent health data with other clinicians across counties and providers, improving coordinated care and client outcomes.
A safe and fluid movement of accurate information and the use of its data is essential, but the process has its challenges given data has typically been siloed and exists in disparate EHRs and legacy systems that may not have Application Programming Interface (API) capabilities. Interoperability improves workflow and lowering costs through accurate and efficient billing while eliminating duplicative paperwork. Health care data that is streamlined will strengthen services from providers and ultimately allow for more personalized, coordinated, and accountable care.
eINSIGHT-CDR: Tools for Applying Solutions
As an independent contractor, eINSIGHT applies solutions with tools to overcome issues with multiple vendors through a master Clinical Data Repository that represents a ‘single source of truth’. HL7-FHIR standards are implemented so that health care providers can focus on effective coordinated care of clients. Payers can provide an agile and affordable solution for their network of providers, and EHR vendors can engage a reliable partner to leverage a best-in-class HIE solution for their clients.
eINSIGHT has the ability to label mental/behavioral records within their patients’ medical records. Therefore, the differentiation and safe storage of psychotherapy notes and mental health and medical records is ensured. Certain circumstances will occur in which state laws supersede the regulations set by federal law, so it is imperative health organizations understand their state’s laws. eINSIGHT’s documentation and processes will adjust to individual states when extra patient authorization is required for such information to be released.
Want to learn how the eINSIGHT Health Information Exchange enables fast, flexible and secure interoperability for healthcare providers, payers and EHR vendors?
Dr. Weatherbee has spent decades working in education, behavioral health, public health, and more. He has experienced the unique challenges that exist in this field from multiple disciplines. His work in program evaluation lead him to create eINSIGHT to empower behavioral health service providers to improve client outcomes.