Healthcare Information Security

Cybersecurity News

Will Patient Privacy Violations Occur With Mental Health Law?

By Elizabeth Snell

- Patient privacy violations are a popular topic recently, especially with healthcare providers working to meet Meaningful Use requirements and make the transition to EHRs. However, mental health records do not currently have the same requirements as standard medical records. This has providers and lawmakers torn, and both sides are working to find a solution that will benefit patients.


Maryland-based mental health counselor John Duggan told the Washington Post that he started using a cloud-based EHR platform five years ago to make his practice more efficient. However, Duggan has not received any federal incentive payments because mental-health clinics, psychologists and psychiatric hospitals are not considered “Eligible Professionals” under either the Medicaid EHR Incentive Program or the Medicare EHR Incentive Program.

Five bills were introduced last year to give assistance to mental health providers, the Post reported, yet none of them passed. Rep. Tim Murphy is one lawmaker working to change that, and hopes to re-introduce bipartisan legislation this month to improve mental-health services. This would include extending incentives for going digital to mental-health providers.

Called “Helping Families in Mental Health Crisis Act,” Murphy’s proposed bill will fix “the nation’s broken mental health system by focusing programs and resources on psychiatric care for patients and families most in need of services.”

In terms of the incentive program, the bill says that it will extend the program to include mental health providers. That way, primary care and behavioral care programs can work together, which will also benefit the patients.

“Integrating mental healthcare providers into electronic medical records systems will result in better coordinated care for patients as well as cost savings,” the bill states.

Currently, the Medicaid incentive program covers:

  • Physicians (primarily doctors of medicine and doctors of osteopathy)
  • Nurse practitioner
  • Certified nurse-midwife
  • Dentist
  • Physician assistant who furnishes services in a Federally Qualified Health Center or Rural Health Clinic that is led by a physician assistant.

The Medicare incentive program covers doctors of medicine, osteopathy, dental surgery, dental medicine, podiatrists, optometrists, and chiropractors.

However, opponents of mental-health inclusion are concerned over potential patient privacy violations. Burt Bertram, a mental-health counselor in Orlando, explained to the Post that mental health records could also include information on family members and former spouses.

“If a broad base of health professionals had access to mental-health records that include psychotherapy notes, I am concerned about the potential for privacy violations . . . not only for the patient, but also for the others who are involved in the patient’s life,” he told the news source.

Minnesota also recently discussed this issue. The state is currently debating its own patient privacy laws, as a statute passed in 2007 went into effect on Jan. 1, 2015. The statute requires medical records to be interoperable and kept in virtual electronic form. According to Minneapolis-based psychiatrist and psychotherapist Dr. Deborah Pollak Boughton, efficiency, cost savings and immediate access have taken a front seat to patient privacy.

“Most people are not aware that signing a federal Health Insurance Portability and Accountability Act (HIPAA) agreement does not ensure their privacy, but rather, in effect, notifies them that information may be shared by any concerned parties as deemed necessary,” Boughton wrote in a Star Tribune opinion piece. “That sacrifice of confidentiality is one of the costs of ‘using insurance.’”

Boughton added that if medical records – including mental health records – are placed onto online servers, there is a greater chance that patients might avoid seeking care out of fear that the collected data will be incomplete or inaccurate.

It remains to be seen how health reform will take shape this year, and if mental health records will be part of it. Either way, healthcare organizations need to ensure that they are current on all state and federal requirements for patient data and properly train employees in how that data is accessed, transported and stored.


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks