[Main Page of Report | Contents of Report]
In this chapter, we report on what the provider associations, clinicians, consumer advocates, and managed care plans we interviewed see as “minimum necessary” information. In addition, we identify which items of personal health information are especially controversial. We observed that in many cases, respondents’ views on privacy have been shaped by their experience with and views on managed care more generally.
The provider association representatives, clinicians, and consumer advocates we interviewed agreed that many MCOs request more personal health information than they need to manage care. There was less than full agreement, however, on just how much information MCOs do need. We begin by discussing the views that allow for the least information to be shared. Many of the consumer advocates we spoke with were not comfortable with being specific about what they believe would be acceptable to share with MCOs. The issue has not typically been a pivotal one for them, and they often said they did not hear about it much from their membership.
One view is that for routine cases requiring outpatient treatment, health plans should not need more than the basic administrative data that was required for fee-for-service medicine, such as patient identification information; clinician identification information; procedure code; charges; and dates, type, and location of service. Three of the provider association representatives support this view, as does a privacy expert who is a clinician. Some of the justification we heard for this view follows.
Effective treatment depends upon complete trust between the patient and provider, and strict confidentiality is essential to that trust. Therefore, “compromising,” whereby the provider gives up some personal health information to health plans, if not all that the health plans might wish for, is not in the best interest of the patient and therefore conflicts with the ethical standards of the professions. Since HHS intends HIPAA regulations to be consistent with professional standards, the idea of providing only administrative data is consistent with the “minimum necessary” information clause in the regulations. This view was expressed by a provider association representative who, among all of our provider association respondents, has been one of the most active in lobbying on privacy issues.
A second line of reasoning expressed by some provider respondents is that health plans would need extremely detailed clinical information, much more than is currently requested, in order to second-guess clinical judgment about a case. According to one clinician, “particularly in psychotherapy, there are always going to be differences of opinion regarding the necessity of treatment. MCOs may say they need hundreds of items of information on a patient to authorize treatment, but there is no scientific basis for their requests.” Such second-guessing is neither a realistic nor an appropriate goal for health plans on a routine basis, it is argued. Therefore, health plans should not routinely request more than the basic administrative information noted above.
Two provider association respondents that subscribe to the “administrative information only” view said that, in reality, managed care plans only or primarily use the information they collect to find ways to deny claims. Because the information is not therefore being collected in the patient’s interest, it should not be shared with health plans at all.
Also, several providers of addiction services stated that, given the nature of addiction, patients would not be seeking treatment unless they really needed it; therefore pre-authorization is wholly inappropriate. One such provider deals exclusively with Medicaid patients in a program that has no pre-authorization requirement for addiction services.
One advocate and one provider association representative raised the issue of giving only ID numbers, rather than patient names, to a plan. [1] This arrangement was negotiated between one plan and a group of concerned providers, and was facilitated by the state psychological association. We came across one instance (in a third interview) in which this no-name option might have been particularly useful, though it was not raised by the respondent. In this instance, some of the clinicians who would be reviewing case information for a university’s health plan are also faculty for the university, making them privy to the names of students or other faculty who were receiving treatment. The plan is small, and one employee acts as the central point for distributing case information for review. She stated that she knew who should not see which names and that she protected patients by sharing their names with clinical reviewers on a case-by-case basis. In our view, the no-name policy would be effective here and possibly a more reliable option in similar instances. Another option, exercised by some plans, is to request first name only.
Many respondents, including clinicians and consumer advocates in the mental health and substance abuse fields, believe that it is acceptable for managed care plans to routinely collect additional summary information specifically for outpatient care pre-authorization, that is, after the first set of sessions, which typically do not require review. The specific types of information mentioned by respondents as acceptable vary, as described below.
The Problem, Goals, Treatment Plan, and Progress. One consumer advocate simply stated that it is reasonable and appropriate for insurers to know about the patient’s diagnosis and progress before continuing to pay. “We think payers should be able to know more than a bunch of check-boxes about a case. Consumers generally make a distinction between confidentiality within the health care system and the rest of the world.” Another respondent believes it is reasonable to submit a summary of the presenting problem, goals, treatment plan, progress made towards the goals, and future expectations (provider association representative speaking off the record). Similarly, a clinician said that it is not unreasonable for an MCO to want to know what problem the clinician is trying to address and what the treatment plan and goals are. Another said that MCOs generally need to know the diagnosis, level of impairment, and level of treatment appropriate to the condition, and that the Maryland Uniform Treatment Plan Form (Appendix B) is an appropriate vehicle for providing this information.
Same Items Typically Required by Indemnity Insurance. One clinician said it is reasonable to share a summary of a few lines that describes a patient’s condition, history, and prognosis. The same respondent believes it is acceptable to be asked to indicate something about the initial contact with the patient, whether the provider previously treated the patient, whether the client is on medication, how often the provider sees the patient, and what the provider recommends (for example, continuing treatment twice a month for three months). She said that, in her experience, these items were typically required under indemnity insurance.
Information Similar to That Required for Approving Physical Health Services. One expert on privacy issues from the advocacy community would not comment on what information is acceptable but said the test should be whether MCOs require similar information to pre-approve physical health services.
Most of the respondents who believe that some sharing with MCOs beyond basic administrative information is acceptable nevertheless feel that many MCOs request more information than they need. Certain items in particular are viewed as troublesome.
Past Substance Abuse. Many of the plans studied request information on past substance abuse, a controversial topic for some providers. For instance, a few said that successful treatment for a substance abuse disorder in the past may have no bearing on a current treatment request for mental health treatment. One clinician gave an example of a patient who had a problem with alcoholism that was successfully treated 20 years before. Although the provider believes this history has no relationship with the patient’s current situation, the information could follow the patient with every treatment request. This provider stated that she usually leaves the question blank in a case like this.
Physical and Sexual Abuse. Three plans request information on physical and sexual abuse. Two plans simply ask the provider to check a box in the symptom checklist indicating whether the patient was a physical or sexual abuse victim or perpetrator. The third plan asks the clinician to provide information on current physical or sexual abuse or neglect. There is a space on the plan’s form for details of the abuse, including whether it had been reported to authorities.
Many providers we spoke are strongly concerned about responding to these questions, particularly for sexual abuse. These providers do not believe that such information is relevant to the approval of care. One clinician said that plans sometimes want detailed information, such as the extent of the abuse and who the perpetrator was. Others mentioned that patients will often not want to disclose information on sexual abuse to the MCO, so the provider tries to complete an authorization request by simply saying, for example, that the patient had a traumatic experience that causing him or her to develop post-traumatic stress disorder.
Medications. Providers also disagreed with MCO requests for medication history and for the specific names of medications that have been prescribed. One respondent said that some plans ask for the patient’s entire history of medication use, which is burdensome for the provider. This provider does not feel it is necessary for the MCO to have the entire history in order to approve treatment. Another provider, objecting to requests for specific names of medications, stated that doctors other than mental health and substance abuse professionals are never asked for this information. For example, if a primary care physician is treating a patient for pneumonia, the plan does not ask for the specific name of the antibiotic being prescribed as a condition of authorizing treatment. Another provider pointed out that clinicians come to their treatment decisions after interacting with the patient and after years of training, and that there is no way an MCO could be given enough information to override this clinical judgment. However, one MCO representative said that the names of medications are needed to properly evaluate quality of care. As he stated, “You’d be shocked at how often the wrong medicine is prescribed. A person with depression should be prescribed an anti-depressant, but I have seen patients on anti-anxiety medications and anti-manic medications.” He feels that simply asking whether or not the patient is on any medication with requiring the specific names of the medications and dosages, is not sufficient to ensure that patients are receiving quality care.
Risk of Suicide. The providers we spoke with were in agreement that MCOs will approve treatment if the patient has an active risk of suicide. However, there is some disagreement among the providers we spoke with as to whether information on a patient’s risk of suicide is appropriate. Some respondents see the question as essential and do not have a problem with it. One Medicaid managed care plan representative said that his firm has not encountered any resistance from providers regarding this issue because suicide is a serious concern for their patients. However, a few providers stated that they believe that occasional wishes to die are common to most people and that this information may have nothing to do with the treatment. If the risk of suicide is low, it may not be necessary to share the information with third parties. One provider suggested that plans might instead ask if the provider has assessed the risk of suicide as moderate or above, thereby informing insurers as to a patient’s active risk of suicide without stigmatizing persons with a low risk of suicide.
Diagnosis. All of the plans we studied asked for information on the diagnosis. Even under fee-for-service, most plans did not pay a claim until the provider submitted the diagnosis. Several clinicians believe that many patients who choose to self-pay would not consent even to sharing the diagnosis with an insurance company. People who commonly choose to self-pay are typically well known professionals (for example, teachers, lawyers, or doctors) in the community whose careers could be jeopardized if anyone knew they were seeking mental health or substance abuse treatment. If these patients would not consent to sharing the diagnosis to begin with, then they would probably choose to self-pay under any insurance system. Thus, only a system in which payment was made without any information at all would satisfy their concerns.
Providers and consumer advocates involved in intensive forms of treatment or representing the seriously mentally ill generally agreed that it is appropriate to share more personal health information to justify treatment that goes beyond routine outpatient care. In fact, this group of providers typically did not have specific views on what information is acceptable to share. Instead, they were more focused on other issues related to managed care, such as MCOs’ coverage of their services or unwillingness to authorize the treatment time that clinicians believe is appropriate. For example, a clinician for a methadone maintenance program questioned whether managed care is appropriate for such treatment, when the optimal level of treatment is three to five years and the success of the treatment depends on long-term retention.
Who Will Review Information? The position of the American Psychiatric Association (APA) is that, when an MCO wants to question the quality or appropriateness of care, one qualified, independent clinician should review the case. Several provider respondents support this idea and commented that, to support such a review, sharing the patient’s entire record with the reviewer is acceptable. This process is currently the law in New Jersey and the District of Columbia. However, in New Jersey there have been no such independent reviews in many years. [2]
Absent a review process involving only one, and some specified “independent” clinician, [3] many provider and advocate respondents object to requests for the full record in order to justify treatment, although they sometimes provide full records to MCOs because this is usually the only way to appeal a denial. In theory, all respondents, including the MCOs, agreed with the concept that sensitive, highly personal information (names of family members with drinking problems, names of perpetrators of abuse) does not need to be included in the record. However, such details are often included in practice because maintaining a set of records for this information that is separate from the patient’s medical record would add considerable administrative burden to the provider’s practice. A couple of providers simply do not record details that would be inappropriate to share, but they acknowledged that it is likely that many providers do record such information for the benefit of any future treating provider to whom the records may be transferred.
Patient’s Explicit Consent. One provider respondent explained that she does not mind sharing information with MCOs about the problem, goals, treatment plan, and progress as long as the patient consents to this. While our sense is that mental health treatment providers often rely on the patient’s general consent to share information with payers, this provider told us she has specific conversations with all her patients about what information their insurer needs. She also said this practice of discussing the shared information has neither interfered with her relationship with her patients nor discouraged patients from treatment. We suspect that both patient and provider factors may contribute to this success in her practice. That is, other providers told us that patients in certain occupations, such as law or teaching, or with a high profile in the community are extremely sensitive about sharing any information. So, this provider may have fewer “high-visibility” patients, and/or she may be particularly skilled at explaining the rationale for sharing the information. Also, this particular provider was not aware of any problems in the MCOs’ handling of the information that she sends and generally maintains good working relationships with the MCOs in her area.
The MCOs we spoke with believe they collect only the personal health information they need to manage care. Those who commented directly on the APA guidelines do not believe that the guidelines provide for the sharing of enough information. The MCOs do not want to manage every outpatient case, but they do value the ability to flag outlier cases that might be problematic. They use the information both at the individual case level—to avoid treatment that is either not minimally necessary or inappropriate—and in some cases at the provider practice level as a profiling device, noting that problems are typically concentrated among certain providers. [4]
One MCO explained that access to a considerable amount of clinical information is important to managing care in terms of both patient use and cost. That is, it is important to the plan to use medical necessity and quality criteria, but the plan also feels a need to protect itself against artificial cost increases. In the MCO’s words, “with the enactment of parity, we have seen ‘diagnosis drift,’ so someone with an adjustment disorder might be characterized as having depression or bipolar disorder [so the provider could obtain payment for the additional treatment expected for patients with bipolar disorder]. Clinicians tend to be influenced by their own financial needs as well as the patient’s needs.” The routine record audits described in Chapter II presumably help to protect against this tendency.
[1] The advocate directly suggested that only ID should need to be provided. The provider association representative said sharing name had been a concern for some providers, but later in the interview noted she believed it was acceptable to share with plans what was previously required under indemnity insurance, which included identifying information.
[2] In the District, there is no one responsible for tracking the frequency with which such reviews have taken place.
[3] Note that whether a clinician is independent or affiliated with the MCO is irrelevant from a privacy perspective, assuming that in each case there is only a single person reviewing the file.
[4] One MCO we spoke with currently uses provider profiling, while a second is working towards this ability.