Group Health Plans under HIPAA - Can They Get Your Mental Health Records to Pay for Your Treatment?

Description

HIPAA is designed to protect the privacy of individuals’ health information while allowing necessary uses and disclosures for treatment, payment, and health care operations.  Not here how important payment is because so many third-parties control the payment for health services.

The HIPAA Privacy Rule restricts the use and disclosure of PHI by covered entities, including group health plans, and generally requires individuals’ authorization before sharing sensitive information such as mental health records.  A group health plan, such as employer sponsored insurance, is a HIPAA covered entity.  These plans must comply with HIPAA’s privacy protections and can only disclose PHI, including mental health records, under specific conditions. 

One key question is whether a group health plan can disclose an enrollee’s mental health information to a plan sponsor (typically the employer) in order to process claims or determine benefits.  Under the Privacy Rule, such disclosures may occur without individual authorization only when it is necessary for plan administration functions and when the plan’s legal documents have been properly amended to permit this.  Moreover, even in these situations, disclosures must be limited to the minimum necessary information needed to perform the required task.

HIPAA also allows group health plans to share PHI with other covered entities for care coordination and continuity of care without individual authorization, provided certain criteria are met.  This can occur when one plan coordinates aspects of ongoing treatment or when enrollees transition between plans.  These disclosures are likewise subject to the minimum necessary standard.
 
Another important compliance obligation is that health plans must inform enrollees about how the plan uses and discloses PHI through a Notice of Privacy Practices (NPP).  Plans are required to provide periodic reminders about the NPP’s availability and explain individuals’ rights regarding their health information.  This includes the right to understand how mental health records are protected and under what circumstances they may be shared.

Understanding these rules is essential for both patients concerned about the privacy of their mental health information and administrators tasked with ensuring that disclosures for payment and administrative purposes comply with HIPAA’s protections.

Areas Covered in the Session

• What HIPAA allows Group Health Plans to Access

• Employer/Sponsor access and restrictions

• Conditions needed for PHI to be disclosed to sponsor

• Minimum necessary rule

Why should you Attend?

You should attend to gain a greater understanding of when and how a group health plan, a third-party insurance company, can obtain medical records – including mental health records – as a condition of payment for the patient.