We use cookies to deliver our online services. Details of the cookies we use and instructions on how to disable them are set out in our Cookies Policy. By using this website you agree to our use of cookies. To close this message click close.

HHS Issues Guidance on Sharing Mental Health Information

Michael Epshteyn

21 February 2014
HHS has issued new guidance addressing when it is appropriate under the HIPAA Privacy Rule for a health care provider to share the protected health information of a patient who is being treated for a mental health condition.
HHS Issues Guidance on Sharing Mental Health Information




The guidance clarifies when a provider may:

  • Communicate with a patient’s family members, friends, or others involved in the patient’s care;
  • Communicate with family members when the patient is an adult;
  • Communicate with the parent of a patient who is a minor;
  • Consider the patient’s capacity to agree or object to the sharing of their information;
  • Involve a patient’s family members, friends, or others in dealing with patient failures to adhere to medication or other therapy;
  • Listen to family members about their loved ones receiving mental health treatment;
  • Communicate with family members, law enforcement, or others when the patient presents a serious and imminent threat of harm to self or others; and
  • Communicate to law enforcement about the release of a patient brought in for an emergency psychiatric hold.

The guidance also provides relevant reminders about related issues, including the treatment of psychotherapy notes under the Privacy Rule, the rights of parents to access the protected health information of minor children, the potential applicability of federal alcohol and drug abuse confidentiality regulations or state laws that may provide more stringent protections for the information than HIPAA, and the intersection of HIPAA and FERPA in a school setting.

The guidance does not impose new obligations, but rather is intended to clarify the application of existing HIPAA requirements to the disclosure of mental health information.  Covered entity providers that handle such information may find it helpful to review the guidance to ensure that their practices are consistent with regulatory expectations.

Michael Epshteyn

Cybersecurity in the Health Sector

The health sector is under siege with cybersecurity threats. Some of the largest announced cyber attacks in U.S. history have targeted organizations in the health industry. Regulators have...

02 May 2016
Loading data