- New Jersey-based psychologist Dr. Barry Helfmann has been accused of failing to prevent patient mental health diagnoses and treatment details from being released. The alleged HIPAA violations reportedly occurred when Helfmann’s practice was sued for unpaid medical bills.
When Helfmann had clients who failed to pay their bills, the practice group billing manager referred the bills to a collections firm for a potential suit, according to case files procured by ProPublica.
“For at least the past 25 years, Respondent’s protocol authorized, directed, condoned or ratified the sending by his billing staff to the collections firm the ‘true bill,’ thus disclosing patient identification, dates of service, CPT codes, diagnosis, and creditor’s information,” the document reads.
“Respondent failed to consider whether the CPT and DSM/ICD codes, which his office provided to the collections firm, were protected by HIPAA or Board confidentiality requirements. Respondent did not review, personally or with the Group’s billing staff, whether the office should provide only the Transaction Ledger rather than the ‘true bill’ and whether any personal health information should be redacted before referral for collection.”
The complaint was filed by the New Jersey attorney general’s office on April 7, 2017. In response, Helfmann has said he would contest the complaint and has also filed a lawsuit against the New Jersey psychology board, claiming that his own rights were violated.
Helfmann also filed a legal malpractice case against Rothbard, Rothbard, Kohn & Kellar, which he claimed obtained a copy of a patient’s bill without authorization during a case when payment was being sought.
“We never authorized, we were never aware, nor would we have authorized the fact that they appended a copy of the bill to the lawsuit,” Helfmann told the New York Times, saying that he only learned of the incident when the patient sued over disclosure. “We were completely in the dark.”
Helfmann is president-elect of the American Group Psychotherapy Association, and was a long-time patient privacy advocate. He was a plaintiff in a 2010 case where the New Jersey Psychological Association accused insurance companies and a New Jersey state commission requiring psychologists to turn over their treatment notes in order to get paid.
“I’ve spent my entire career advocating for patient privacy in many, many endeavors,” Helfmann explained to The Times. “And to be accused of something I didn’t do around patient privacy, which is a sacred tenet of what a psychologist does, is terrible.”
Mental health data protections under HIPAA were at the center of a bill package that was passed at the end of 2016.
The Helping Families in Mental Health Crisis Act was signed into law as part of the 21st Century Cures Act in December 2016. Congressman Tim Murphy backed the bill, saying that there must be a focus on patient care and that the “stigma surrounding mental illness” needs to stop.
“Through congressional hearings and an in-depth investigation, we discovered the fatal disconnect between 112 federal agencies assigned to treat the mentally ill,” Murphy said in a statement. “We exposed a $130 billion dollar investment wasted on feel-good fads that have done little to treat the ill as the rates of homelessness, incarceration, suicide and drug overdose deaths soar.”
“We came together, across party lines, went to work, and while many doubted we would make it this far - here we are.”
There must be better clarification as to the permitted PHI uses and disclosures by healthcare professionals, according to the bill. Specifically, the legislation stated that “circumstances when a health care provider or covered entity may use or disclosure protected health information related to the treatment of an adult with a mental or substance use disorder” must be more straightforward.
A better development and dissemination of model training programs will also need to be created under the bill.
The Secretary must “identify or recognize private or public entities to develop model training and educational programs to educate health care providers, regulatory compliance staff, and others regarding the permitted use and disclosure of health information under HIPAA.”