This literature review is designed to document relevant information from the past five years on the ways in which managed care payers require personal health information from consumers of mental health and substance abuse services. In particular, we focused on gaining an understanding of why managed care firms collect personal health information, what types of information are collected, what problems or concerns have been raised by stakeholders, and what models and solutions have been proposed by experts in the field. In identifying relevant literature, we searched databases of technical and medical literature, as well as policy and management literature.
In preparing this review, we found a great deal of information on why managed care firms collect personal health information and the different ways in which they use this information. We also found a great deal of documentation of the problems that have been encountered, particularly from providers and patients who are reluctant to share information that was disclosed within a privileged therapist-patient relationship. We found relatively little information in the published literature about what specific information managed care firms typically require in order to authorize services. In searching for solutions and models, we found a few sources that made specific recommendations as to what information should be disclosed to the managed care firm, but, more commonly, experts stated recommendations for maintaining the confidentiality of sensitive information once it is in the possession of the managed care organization.
This literature review does not reflect recent changes that we believe are underway. Managed care firms are moving away from tightly managed systems to products that give consumers and providers more autonomy (Draper, et al., 2002). Managed care firms are finding that intensive case management is often not cost-effective, particularly for outpatient care, and are beginning to streamline their requests for personal health information. In addition, the privacy regulations issued by the Secretary of Health and Human Services will go into effect in 2003, and this may affect how managed care firms collect and use individually-identifiable information. However, because these changes are so recent, we have not found published literature that documents these changes. Therefore, this literature review focuses on presenting background on why managed care plans collect personal health information, federal and state laws which are designed to protect patient privacy, some of the problems that have been identified with the transfer of this information, and some proposals that have been put forward to limit the types of information disclosed to payers and measures for ensuring the security of this information once it is disclosed.
"MHPrivacy.pdf" (pdf, 768.25Kb)
"appen-b.pdf" (pdf, 224.4Kb)