Parents and Their Children’s Medical Records
Situations when parents can and cannot see their children’s medical records
Does the HIPAA Privacy Rule allow parents the right to see their children’s medical records?
The answer is YES; the Privacy Rule generally allows a parent to have access to the medical records about his or her child, as his or her minor child’s personal representative when such access is not inconsistent with State or other law.
Exceptions when the parent would not be the minor’s personal representative under the Privacy Rule.
1. When the minor is the one who consents to care, and the consent of the parent is not required under State or other applicable law;
2. When the minor obtains care at the direction of a court or a person appointed by the court and
3. When and to the extent that, the parent agrees that the minor and the health care provider may have a confidential relationship.
Four exceptions to the exceptions
Even in these exceptional situations, there are additional rules to follow:
1. The parent may have access to the medical records of the minor related to this treatment when State or other applicable law requires or permits such parental access.
2. Parental access would be denied when State or other law prohibits such access.
3. If State or other applicable law is silent on a parent’s right of access in these cases, the licensed health care provider may exercise his or her professional judgment to the extent allowed by law to grant or deny parental access to the minor’s medical information.
4. Finally, as is the case with respect to all personal representatives under the Privacy Rule, a provider may choose not to treat a parent as a personal representative when the provider reasonably believes, in his or her professional judgment, that the child has been or may be subjected to domestic violence, abuse, neglect or that treating the parent as the child’s personal representative could endanger the child.
Can a minor child’s doctor talk to the child’s parent about the patient’s mental health status and needs?
Again the answer is generally yes. With respect to general treatment situations, a parent, guardian, or other person acting in loco parentis usually is the personal representative of the minor child and a health care provider is permitted to share patient information with a patient’s personal representative under the Privacy Rule.
Here come the exceptions
However, section 164.502(g) of the Privacy Rule contains several important exceptions to this general rule. A parent is not treated as a minor child’s personal representative when:
1. State or other law does not require the consent of a parent or other person before a minor can obtain a particular health care service, the minor consents to the health care service and the minor child has not requested the parent be treated as a personal representative;
2. Someone other than the parent is authorized by law to consent to the provision of a particular health service to a minor and provides such consent, or
3. A parent agrees to a confidential relationship between the minor and a health care provider with respect to the health care service. For example, if State law provides an adolescent the right to obtain mental health treatment without parental consent, and the adolescent consents to such treatment, the parent would not be the personal representative of the adolescent with respect to that mental health treatment information.
HIPAA defers to State Laws
Unlike some HIPAA Rules, the Privacy Rule concedes to State or other applicable laws in allowing or not allowing disclosure. Regardless of whether the parent is otherwise considered a personal representative, the Privacy Rule defers to State or other applicable laws that expressly address the ability of the parent to obtain health information about the minor child. In doing so, the Privacy Rule permits a covered entity to disclose to a parent, or provide the parent with access to, a minor child’s protected health information when and to the extent that it is permitted or required by State or other laws (including relevant case law). Likewise, the Privacy Rule prohibits a covered entity from disclosing a minor child’s protected health information to a parent when and to the extent it is prohibited under State or other laws (including relevant case law).
What if the State Laws are silent?
In cases in which State or other applicable law is silent concerning disclosing a minor’s protected health information to a parent, and the parent is not the personal representative of the minor child based on one of the exceptional circumstances described above, a covered entity has the discretion to provide or deny a parent access to the minor’s health information, if doing so is consistent with State or other applicable law, and the decision is made by a licensed health care professional in the exercise of professional judgment.
Mental Health and Substance Abuse laws may be stricter
In situations where a minor patient is being treated for a mental health disorder and a substance abuse disorder, additional laws may be applicable. The Federal confidentiality statute and regulations that apply to federally-funded drug and alcohol abuse treatment programs contain provisions that are more stringent than HIPAA. In these cases, it is wise to know your State laws and HIPAA rules, found here: https://www.hhs.gov/hipaa/for-professionals/special-topics/mental-health/index.html
Reminder: A parent also may not be a personal representative if there are safety concerns. A provider may decide not to treat the parent as the minor’s personal representative if the provider believes that the minor has been or may be subject to violence, abuse, or neglect by the parent or the minor may be endangered by treating the parent as the personal representative; and the provider determines, in the exercise of professional judgment, that it is not in the best interests of the patient to treat the parent as the personal representative.