Privacy Issues in Mental Health and Substance Abuse Treatment: Information Sharing Between Providers and Managed Care Organizations: Final Report. Other privacy issues

Many concerns were reviewed in the literature regarding privacy and confidentiality of mental health and substance abuse records. While these issues were beyond the scope of the study, we discuss them briefly below. The HIPAA privacy regulations may help to address some of these issues.

• A. Lack of Consumer Awareness

  • Despite the federal and state laws designed to protect patient confidentiality, there are numerous problems associated with the ways patient information is disclosed to managed care firms today. The first is that consumers are often unaware of the significance of the consent forms that they sign upon enrollment (Davidson and Davidson, 1995). Because insurers often require that consumers sign consent forms as a condition of enrolling in the plan, or of paying the claims, clients may feel that they have no choice but to sign them. If consent forms are linked to other forms, such as authorizations for treatment, clients may not read or comprehend the forms as clearly as they should. Finally, they may be unaware of the number of people who may have access to the medical and psychiatric records.

• B. Number of People With Access to Records

  • In a large managed care firm, more than one hundred people may have access to an individual's medical record. In the early 1980s, when most people were still enrolled in fee-for-service, one study found that up to 100 people had access to an individual's inpatient medical record (Siegler 1982). As payment and delivery systems have grown more complex, the number of personnel with access to the medical file is expected to be much higher. In addition, as managed behavioral health care firms merge and consolidate, they become responsible for maintaining records on more and more clients. Magellan Behavioral Health manages care for more than 62 million people, and Value Options manages care for more than 20 million people. Although these firms have implemented measures to ensure the security of their information systems, some experts have questioned whether any system that has so much sensitive data on so many people can adequately protect it (Pomerantz, 1999).

• C. Risks of Disclosure of Personal Health Information

  • Personal health information, in the wrong hands, could have disastrous consequences for an individual's future. As Jay Pomerantz points out, the wealth of information contained in the computer files of the major MBHO's could have significant value to private detectives, opposing parties in lawsuits, political opponents, and blackmailers, just to name a few (Pomerantz, 1999). For these reasons, the privacy of behavioral healthcare information is extremely important, yet many consumers are concerned that their medical records are not as secure as they should be. According to a 1993 survey conducted by Louis Harris and Associates, 27% of the public believe their personal health data (not specific to behavioral health) has been disclosed improperly, and of those, 31% said they were harmed or embarrassed by the disclosure; 15% said that the unauthorized disclosure was made by a health plan. Eleven percent said that they or a family member had paid for care out of pocket rather than submit a claim and risk having to disclose information about the condition (Louis Harris and Associates, 1993).

    Unauthorized disclosures can result in harm in a variety of ways. Many people with a history of mental health or substance abuse treatment find it difficult to obtain life insurance because insurance companies share client information with the Medical Information Bureau (MIB), a membership organization of over 600 insurance companies (California Health Care Foundation and Consumers Union, 1999). When insurers are underwriting policies, they can contact the MIB to find out if the applicant has a pre-existing condition or has ever been denied coverage (Rybowski, 1998). Although the MIB requires an individual's consent before releasing information, in practice, many people do not realize that their personal information is exchanged by insurance companies in this way. Additionally, more than one third of Fortune 500 companies report checking medical records before making decisions about who to hire and promote (NMHA, 1999). Inappropriate use of health care information can have serious adverse consequences for a person's life.

• D. Interference with Treatment

  • Concern over health care privacy can have adverse effects on the treatment process. It can create conflict-of-interest concerns for providers, who want to advocate for their patients, but know that if the patient does not authorize disclosure, the treatment may not be approved by the MCO, and the provider may not be paid. In one example, two psychiatrists in North Carolina refused to disclose medical records to Blue Cross Blue Shield when the patients had requested confidentiality. BCBSNC refused to compensate the providers for the care of these patients (Grinfeld, 2001). The conflict between provider and patient interests, and can harm the therapeutic relationship.

    Knowing that confidentiality is not guaranteed can make individuals less likely to seek mental health treatment. In a 1998 study, participants who were informed that treatment information might have to be provided to an insurer in order to receive reimbursement reported less willingness to seek psychotherapy (Kremer and Gesten, 1998). Once in treatment, patients may undertake a variety of activities to protect their privacy which can sabotage their treatment, including regularly changing doctors to avoid having a record of all of their care with one provider, withholding information from their provider, or lying about their circumstances or symptoms (Goldman, 1998). The Louis Harris and Associates study found that seven percent of respondents had chosen not to seek care for fear of jeopardizing their career or other life opportunities (Louis Harris and Associates, 1993). These activities can result in patients receiving poor quality care, with potentially serious medical conditions going undiagnosed or untreated (Goldman, 1998).

    Individuals who are especially concerned with the stigma of mental health treatment and the risks of disclosure may turn to other treatment methods that may have a different set of risks. Web sites offering counseling services online, in real time, are growing in popularity. The number of providers offering counseling through these sites is expected to grow from approximately 300 today to more than 5,000 by 2005 (Amig, 2001). Patients are attracted to receiving therapy in their own surroundings, with the anonymity that the Internet offers. However, the web sites can have their own security concerns. If a website does not accept health insurance, they may not be governed by the HHS privacy regulations, yet participants must provide their name, address and credit card number for billing purposes. Thus, the individuals, in an attempt to gain greater privacy, may be providing private companies with a great deal of personal information about themselves without considering that these firms may be more vulnerable to hackers or inappropriate disclosures than insurance companies governed by federal privacy regulations.

View full report

Download

"MHPrivacy.pdf" (pdf, 768.25Kb)

Note: Documents in PDF format require the Adobe Acrobat Reader®. If you experience problems with PDF documents, please download the latest version of the Reader®

View full report

Download

"appen-b.pdf" (pdf, 224.4Kb)

Note: Documents in PDF format require the Adobe Acrobat Reader®. If you experience problems with PDF documents, please download the latest version of the Reader®

View full report

Download

"appen-c.pdf" (pdf, 2.22Mb)

Note: Documents in PDF format require the Adobe Acrobat Reader®. If you experience problems with PDF documents, please download the latest version of the Reader®