Knowing when you can deny access to a teen patient’s medical records is tricky, especially when it’s a parent making the request. To get it right, you must comply with complex federal and state regulations (depending on your state). Teen records requests.
In general, there are 4 key situations (plus a new rule related to COVID-19 vaccines) when you can deny teen medical records requests and have confidence that you are in the right.
1. Reasonable Expectation of Harm Teen records requests
According to the HIPAA Privacy Rule, if you have a reasonable expectation that your patient or someone else will face real harm by granting them access to your teen patient’s records, then you are authorized to deny these requests.
For example, releasing a teen patient’s medical records to a parent or guardian with a history of aggressive or violent behavior, drinking, or drug use, could put the teen in danger. Or you could have a reasonable expectation that the teen will self-harm or commit suicide if their records are released. Either way, denying access in these situations may be the right response, but only your provider should make that call.
It’s important to note that “reasonable expectation” isn’t just a feeling that a teen MAY be the victim of violence or hurt themselves. You must have prior knowledge that releasing their medical information is reasonably likely to cause them harm or endanger their physical life or safety. This may include a documented history of the teen being physically abused or suicide attempts.
Denying a records request for reasonable expectation of harm is very narrow under HIPAA. For example, your anticipation of psychological or emotional harm to your teen patient is NOT enough to deny a parent’s request for their child’s medical records.
If you do deny a parent’s access to their teen’s medical records, get ready for some blow back. This refusal can easily lead to a formal HIPAA complaint, especially when the parents believe they have a right to the records. Accordingly, regardless of why you decide not to grant access to a teen’s medical records, it is essential that you clearly document your reasons. This will help you in the event of a HIPAA audit.
2. Confidential Treatment Teen records requests
Your teen patients may be legally allowed to receive medical care confidentially – without the involvement of their parents. State laws vary on this depending on the type of care and age of the child. This means that, even though parents may feel they have a right to access their teenager’s medical records, you are not always required to release the information.
Below are three situations when you should NOT release your teen patient’s records without clear consent:
a. No Parental Consent: As long as parental consent isn’t required under your state laws, confidentially treating a minor and choosing to deny access to their medical records is allowed. However, state laws contain a variety of stipulations you must master; these may include the type of care provided (reproductive health) and the age of your patient.
b. Court Access/Appointed Care: If your patient is involved in the court system, there may be instances when it formally denies a parent’s right to access to their teenager’s medical records. Again, this will depend on specific state laws. An example of this may occur if a teen wants an abortion but doesn’t want to notify their parents.
c. Parent Approved Care: Parents can consent, in writing, to allow their teen to receive care confidentially. When you have this formal written consent from parents for their teens to receive care without their involvement, you are not required to provide them access to their records if they are required at a later date.
Note: State laws can differ from federal HIPAA regulations regarding when you can and can’t release medical records for teens that receive confidential treatment. If your state law is less strict than HIPAA, or is silent on this issue, HIPAA’s guidance controls whether you can or can’t deny access. The Department of Health and Human Services (HHS) provides more guidance on when HIPAA may preempt state laws.
3. “Designated Records Set” Teen records requests
The federal Information Blocking Rule and HIPAA control what information in a patient’s chart you are allowed to exclude from the Right to Access. It is essential that you understand what information you must provide access to in a patient’s chart, otherwise you can be faced with audits and massive violation penalties.
These rules state that “individuals have a right to access” information within their medical records considered to be a part of a “designated record set” that you maintain.
There are three components to determine whether information in a patient’s records is considered part of a “designated records set,” and required to be released:
- Medical and billing information
- Health plan information (enrollment, payment, claims, denials, etc.)
- Information your practice uses to make decisions about the patient.
Your medical records also contain information that falls outside of a “designated record set.” When this occurs, you are NOT required to release it. Some of examples of this include:
- Appointment and surgery schedules
- Data that’s collected for peer review or risk management
- Information collected during or under the expectation of legal proceedings
- HIPAA breach investigation and compliance issue documentation
- Diagnostic or operative indexes or reports
- Data collected and maintained for research
- Requisitions for lab tests
- Adoption or guardianship papers
- Raw test data
In summary, if medical record information is NOT considered part of the “designated records set” (such as information collected during a lawsuit or a teen’s guardianship papers) is requested, your practice CAN deny the request.
For more information on what types of records are part of a “designated records set,” visit HHS’s HIPAA information page.
4. Psychotherapy Note Exception Teen records requests
If your practice provides psychotherapy care to teen patients, you face a unique challenge regarding access to medical record therapy notes.
Whether you are required to release therapy session documentation or not depends on very specific situations related to their format:
- Handwritten, non-electronic notes: When therapy records are handwritten and not electronic, you are NOT required to allow access to them. These notes fall under the umbrella of “protected information” in HIPAA because these notes don’t often directly relate to a patient’s care (such as medication or treatment), and instead are about life events and stressors. Accordingly, HIPAA does not consider them part of the “designated records set,” and you are NOT required to release them.
. - Electronic notes: If you typically scan your therapy notes into an Electronic Medical Records (EMR) system, or have your handwritten notes transcribed electronically and placed into a patient’s EMR, they lose their protection. In these situations, therapy notes can be released to parents or guardians when you receive a request for access to a minor’s medical records if you do not separate them from the rest of the EMR. However, if you sequester these notes from the rest of a patient’s records in the EMR, you do not have to release them.
Note: Some disclosures of psychotherapy notes are required based on state laws, such as for mandatory reporting of abuse or “duty to warn” situations, where a patient discloses a threat of imminent danger to themselves or someone else. FindLaw has a collection of state laws related to medical records you can check.
COVID-19 Vaccine Exception Teen records requests
Depending on where your practice is located, a teen patient may be allowed to receive a COVID-19 vaccine without a parent’s permission or involvement.
If you are in one of the jurisdictions that allows this (including Alabama, the District of Columbia, Oregon, Rhode Island, and South Carolina), or in one of the states where providers may waive parental consent (including Arkansas, Tennessee, and Washington), records related to a teen’s COVID-19 vaccination status cannot be released without the teen’s consent. This is true even for kids under 16 in some jurisdictions.
Knowing when you can and can’t release medical records for your teen patients is complicated, and the Information Blocking Rule and HIPAA don’t make things any easier. To learn more about fulfilling medical records requests for minor patients, check out Healthcare Training Leader’s online training, Head Off Costly HIPAA Violations for Minor Patients. In just 60-minutes, healthcare attorney Gina L. Campanella, Esq., FACHE, covers when to release minor patient records, what documents are required if a family member requests records, and so much more.
Also, to ensure your practice complies with the Information Blocking Rule, check out Healthcare Training Leader’s 60-minute online training, Head Off Information Blocking (Cures Act) Error Penalties. It will provide you with step-by-step guidance from expert Sarah Badahman, MPH, CHPSE, to help you comply with this complex and confusing rule. Access these trainings today! Teen records requests.
 |
Subscribe to Healthcare Practice Advisor |
| Get actionable advice to help improve your practice’s reimbursement, compliance, and success in this weekly eNewsletter. |
|
|
|