Parents and Their Children’s Medical Records
Situations when parents can and cannot see
their children’s medical records
Does
the HIPAA Privacy Rule allow parents the right to see their children’s medical
records?
The answer is YES; the Privacy Rule generally
allows a parent to have access to the medical records about his or her child,
as his or her minor child’s personal representative when such access is not
inconsistent with State or other law.
Exceptions when the parent would not be the minor’s personal representative under the Privacy Rule.
1. When the minor is the one who consents to care, and the consent of the parent is not required under State or other applicable law;
2. When the minor obtains care at the direction of a court or a person appointed by the court and
3. When and to the extent that, the parent agrees that the minor and the health care provider may have a confidential relationship.
Four exceptions to the exceptions
Even in these exceptional situations, there are additional rules to follow:
1. The parent may have access to the medical records of the minor related to this treatment when State or other applicable law requires or permits such parental access.
2. Parental access would be denied when State or other law prohibits such access.
3. If State or other applicable law is silent on a parent’s right of access in these cases, the licensed health care provider may exercise his or her professional judgment to the extent allowed by law to grant or deny parental access to the minor’s medical information.
4. Finally, as is the case with respect to all personal representatives under the Privacy Rule, a provider may choose not to treat a parent as a personal representative when the provider reasonably believes, in his or her professional judgment, that the child has been or may be subjected to domestic violence, abuse, neglect or that treating the parent as the child’s personal representative could endanger the child.
Can a minor child’s doctor talk to the child’s
parent about the patient’s mental health status and needs?
Again
the answer is generally yes. With
respect to general treatment situations, a parent, guardian, or other person
acting in loco parentis usually is the personal representative of the minor
child and a health care provider is permitted to share patient information with
a patient’s personal representative under the Privacy Rule.
Here come the exceptions
However,
section 164.502(g) of the Privacy
Rule contains several important exceptions to this general rule. A parent is
not treated as a minor child’s personal representative when:
1. State or other law does not require the consent of a parent or other person before a minor can obtain a particular health care service, the minor consents to the health care service and the minor child has not requested the parent be treated as a personal representative;
2. Someone other than the parent is authorized by law to consent to the provision of a particular health service to a minor and provides such consent, or
3. A parent agrees to a confidential relationship between the minor and a health care provider with respect to the health care service. For example, if State law provides an adolescent the right to obtain mental health treatment without parental consent, and the adolescent consents to such treatment, the parent would not be the personal representative of the adolescent with respect to that mental health treatment information.
HIPAA defers to State Laws
Unlike
some HIPAA Rules, the Privacy Rule concedes to State or other applicable laws
in allowing or not allowing disclosure. Regardless of whether the parent is
otherwise considered a personal representative, the Privacy Rule defers to
State or other applicable laws that expressly address the ability of the parent
to obtain health information about the minor child. In doing so, the Privacy
Rule permits a covered entity to disclose to a parent, or provide the parent
with access to, a minor child’s protected health information when and to the
extent that it is permitted or required by State or other laws (including
relevant case law). Likewise, the Privacy Rule prohibits a covered entity from
disclosing a minor child’s protected health information to a parent when and to
the extent it is prohibited under State or other laws (including relevant case
law).
What if the State Laws are silent?
In
cases in which State or other applicable law is silent concerning disclosing a
minor’s protected health information to a parent, and the parent is not the
personal representative of the minor child based on one of the exceptional
circumstances described above, a covered entity has the discretion to provide
or deny a parent access to the minor’s health information, if doing so is
consistent with State or other applicable law, and the decision is made by a
licensed health care professional in the exercise of professional judgment.
Mental Health and Substance Abuse laws may be
stricter
In
situations where a minor patient is being treated for a mental health disorder
and a substance abuse disorder, additional laws may be applicable. The Federal
confidentiality statute and regulations that apply to federally-funded drug and
alcohol abuse treatment programs contain provisions that are more stringent
than HIPAA. In these cases, it is wise to know your State laws and HIPAA rules,
found here: https://www.hhs.gov/hipaa/for-professionals/special-topics/mental-health/index.html
Reminder:
A parent also may not be a personal representative if there are safety
concerns. A provider may decide not to treat the parent as the minor’s personal
representative if the provider believes that the minor has been or may be
subject to violence, abuse, or neglect by the parent or the minor may be
endangered by treating the parent as the personal representative; and the
provider determines, in the exercise of professional judgment, that it is not
in the best interests of the patient to treat the parent as the personal
representative.