Health Information Compliance Alert

Published on Fri May 07, 2021 PDF

Question: At our family practice, we have patients between the ages of 15 and 17 who have requested confidentiality. We understand that there are laws protecting them but are uncertain how we maintain the privacy of minors? Is this covered under HIPAA?

Georgia Subscriber

Answer: The legality of confidentiality for minor patients will depend on individual state law. If you are counseling a patient on substance abuse, mental health, contraceptives, or other issues, some states require parental consent before you treat the patient.

However in other states, minors can consent to treatment for these and other problems. So, as long as you are within the law, you can keep the records confidential.

For instance, if the law in your state specifies that at age 16, minor patients can maintain confidentiality when discussing contraceptives, then if the chart is requested by the parents, confidential information must be withheld — unless the child gives express permission at that time. Sometimes offices have a separate component in the record for confidential visits.

Keep in mind: If the child is endangering himself or others, document and report it to the necessary authorities as prescribed by your state laws or licensing regulations.

If the child is not a danger to himself or others and you are legally permitted to maintain confidentiality, you can document “DO NOT COPY OR RELEASE TO PARENTS” in the paper chart, EMR, and/or EHR. In addition, some physicians keep such documentation separate from the main chart in a confidential folder.

HIPAA: “The Privacy Rule generally allows a parent to have access to the medical records about his or her child, as his or her minor child’s personal representative when such access is not inconsistent with State or other law,” explains HHS Office for Civil Rights (OCR) guidance.

As mentioned above, state law is the top reason in determining a minor’s right to keep medical records confidential and from parents. OCR lists two other reasons why this might occur: First, a court order might decide a minor patient’s treatment or appoint another representative for the minor, and second, “the parent agrees that the minor and the healthcare provider may have a confidential relationship.”

HIPAA also allows the provider to be involved in the confidentiality decision when the state is “silent” on parental access. “The licensed healthcare provider may exercise his or her professional judgment to the extent allowed by law to grant or deny parental access to the minor’s medical information,” OCR says.

Important: The Privacy Rule also takes domestic violence, neglect, and abuse into account in these situations, too. If it’s a clinician’s professional opinion that sharing a minor’s information with the parent will endanger the child’s life, then the healthcare provider can choose not to regard the parent as the minor’s personal representative.