I. SUMMARY OF ISSUES

A. ISSUE:

Managed care companies usually require information beyond what is needed to make a decision about "medical necessity," such as HIV risk factors, ratings of functioning in all areas of the person's life, routine details about consumption of alcohol and drugs, family mental health history, Axis III diagnoses. Such information can be used for purposes contrary to the client's interest, such as future refusal of insurance, raises in premiums, and potential employer or school discrimination.

Note: The Ethical Principles of Psychologists and Code of Conduct allows psychologists to disclose information without the consent of the client "to obtain payment for services, in which instance disclosure is limited to the minimum that is necessary to achieve the purpose." (5.05)

The Principles for the Provision of Mental Health and Substance Abuse Treatment Services: A Bill of Rights, which was adopted last fall by most of the national mental health professional associations, states that "individuals shall not be required to disclose confidential, privileged or other information other than: diagnosis, prognosis, type of treatment, time and length of treatment, and cost."

B. ISSUE:

Provider contracts allow for inspections of full charts by managed care representatives, for National Committee for Quality Assurance certification and/or Knox Keene law requirements for state oversight of HMOs. The latter may involve random audits of full charts by the Commissioner of Corporations. Clients thus lose their ability to protect certain portions of their records from release.

C. ISSUE:

In requesting client information, managed care companies sometimes allude to Department of Corporation's requirements for complying with "professional standards of practice." In 1993, the American Psychological Association adopted Record-Keeping Guidelines which describe appropriate content of treatment records in GENERAL terms, not at all like the level of detail routinely requested by managed care companies. The Guidelines state, "Psychologists maintain records in sufficient detail for regulatory and administrative review." However, they do not state who determines "sufficiency of detail."

D. ISSUE:

Some contracts require that records be retained and made available for inspection even after the contract is terminated. Thus the provider cannot cancel his or her contract in order to protect existing records.

The interdisciplinary Bill of Rights states, "Any disclosure to another party will be time limited."

E. ISSUE:

Waivers signed by clients with the managed care company are usually general and vague. Yet the law requires that a valid release be specific concerning the purpose for which the information is being released and the person or persons who will receive it.

According to the interdisciplinary Bill of Rights, "Any disclosure to another party will be made with the full written, informed consent of the individuals."

F. ISSUE:

Managed care companies handle confidential information carelessly. Examples include: lost reports, noted by 59% of a 1993 survey sample of San Francisco Bay Area psychologists; authorizations mailed or faxed to the wrong person; charts accidentally switched; and information about clients exchanged between HMO and employer without client authorization.

G. ISSUE:

Companies may state on their client information forms, "Responses are confidential." However, the extent and limits of confidentiality are not explained; neither the client nor the provider knows what methods are in place to ensure confidentiality; and there are virtually no enforcement mechanisms in case of a breach.

Some unknowns include: How is information coded and stored within the managed care company? What protections does the company use to maintain confidentiality of the information? Does the company sell or pass along that information to a databank or other entity? What happens to the information if the company is bought out by another company? When and how is the information discarded?

The interdisciplinary Bill of Rights states, "Entities receiving information for the purposes of benefits determination, public agencies receiving information for health care planning, or any other organization with legitimate right to information will maintain clinical information in confidence with the same rigor and be subject to the same penalties for violation as is the direct provider of care."

H. ISSUE:

Clients are usually unaware of the vulnerability of their information to unknown outsiders, once it is passed along to managed care and governmental bureaucracies. The increased use of computerization and transmission of personal, individually identified data via modem, fax, phone or mail make accidental leaks of information more likely. In addition, intentional leaks, whether official, for example through private or governmental databanks, or unofficial, are increasingly being documented.

According to the interdisciplinary Bill of Rights, "Information technology will be used for transmission, storage, or data management only with methodologies that remove individual identifying information and assure the protection of the individual's privacy. Information should not be transferred, sold, or otherwise utilized."

The Ethical Principles of Psychologists and Code of Conduct requires informing clients of the limits of confidentiality (5.01).

I. ISSUE:

Some provider contracts with managed care companies require the provider to agree to obtain releases from clients who have already received treatment for records audits. The right of clients to refuse consent is not mentioned.

J. ISSUE:

Providers may be asked to volunteer to participate in outcome studies on their work, which includes that the provider obtains clients' cooperation to fill out questionnaires about their history and symptoms for the managed care company. In some cases, priority access to referrals is offered as an incentive to the provider to volunteer. However, the instructions the provider is told to give the client fail to mention this fact, and instead state that cooperation is an essential part of their treatment. The client's right to refuse to participate in this outcome research is minimized.

K. ISSUE:

Some managed care companies are now requiring providers to report to case managers within twenty-four hours any case that has a high risk potential for either the client, a second party, the client company (employer), or the managed care company. Examples include danger to self or others, suspected child abuse, potential threats to national security or the client organization, client's request for records, complaint about EAP services or threat of a lawsuit, and potential involvement in litigation including confession or knowledge of criminal activity. Nothing is said about the client's privacy or right to release information, or what will be done with the information that is shared.

The psychologist's duties to the managed care company are given priority over his/her obligation to avoid harming her/his clients (Ethical Principles, 1.15).

II. Federal bills addressing confidentiality:

Currently there are no federal laws concerning confidentiality of medical records.

Supreme Court decision in Jaffee v. Redmond:

On June 13, 1996, the Court ruled that there is a broad federal privilege protecting the confidentiality of communication between psychotherapists and their clients. The ruling applies to psychiatrists, psychologists and social workers. Writing for the 7-2 majority, Justice John Paul Stevens stated, "The mental health of our citizenry, no less than its physical health, is a public good of transcendent importance."

The Health Insurance Reform Act (Kennedy-Kassebaum bill) signed into law on August 21, 1996, establishes a medical databank within the Department of Health and Human Services. Rules about confidentiality of the information are left to be created by Congress, or if Congress fails to act within three years, by the Secretary of HHS. Operation of the data bank is set to predate the deadline for confidentiality standards!

Three relevant bills are currently under consideration in Congress. Each one states that it would not preempt more stringent state protections of mental health information. These bills are: Medical Records Confidentiality Act, S. 1360, Robert Bennett; Fair Health Information Practices Act, H.R. 52, Gary Condit; and Medical Privacy in the Age of New Technologies Act, H.R. 3482, James McDermott.

----------------------------------------------------------------------------

BIBLIOGRAPHY

Ruth Clifford and Glory Denkers, Managed care "quality control": Intrusions on independent practice. San Mateo County Psychological Association Newsletter, Winter, 1995, 1 ff.

Alice Dembner, Psychiatrist warns of easy access to patients' records. Boston Globe, May 5, 1997, B2.

Glory Denkers and Ruth Clifford, A survey of psychologists' experiences with managed care: Consumer issues. Unpublished report, June, 1993.

Christine Gorman, Who's looking at your files? Time, May 6, 1996.

Linda Greenhouse, Justices recognize confidential privilege between therapist and patient. New York Times, June 14, 1996.

Gina Kolata, When patients' records are commodities for sale. New York Times, November 15, 1995, A1 ff.

Leslie Laurence, Who's reading your mind? Managed care makes it easier to see a therapist; it also makes it easier for others to see your mental health files. Glamour, May, 1997, 84 ff.

Tamar Lewin, Questions of privacy roil arena of psychotherapy. New York Times, May 22, 1996, A1 ff.

Brigid McMenamin, It can't happen here. How would you like to live in a state that keeps your personal medical records in a big central database? Forbes, May 20, 1996, 252-ff.

John Riley, When you can't keep a secret: Insurers' cost-cutters demand your medical details. Newsday, April 1, 1996, A7 ff.

Rothfeder, Jeffrey, Privacy for Sale: How Computerization Has Made Everyone's Private Life an Open Secret. New York: Simon & Schuster, 1992. (includes substantial information about medical records privacy)

Ellen Schultz, Open secrets: Medical data gathered by firms can prove less than confidential. Wall Street Journal, May 18, 1994, A1 ff.

Lee Smith, It's not creepy, it's a wonder drug! Can Prozac cut health costs? Fortune, May 12, 1997.

(Author unspecified) Who's reading your medical records? Consumer Reports, October, 1994, 628-632.

May 13, 1997

My thanks to: Ruth Clifford, Ph.D.