Home » Resources » HIPAA – How to handle confidentiality of a loved one with a severe mental illness

HIPAA – How to handle confidentiality of a loved one with a severe mental illness

System Navigation
Legal Treatment
photo of a person wearing a surgical mask displaying a business card with 'HIPAA' written on it, symbolizing the barriers created by HIPAA for families trying to access confidential medical information of their loved ones with severe mental illness

Learn about HIPAA and how to approach the topic of patient confidentiality when trying to support a loved one with a severe mental illness. Included are examples of permitted disclosures from U.S. government sources and a letter template families might use to get around HIPAA barriers.

What is HIPAA? 

The Health Insurance Portability and Accountability Act (HIPAA) protects health information and patient records. Providers are required to keep medical information confidential unless they are sharing it with other providers for continuity of care. The patient can sign a release of information (ROI) for the information to be shared with others. Some providers treat HIPAA as a blanket nondisclosure policy, but families need to know that there are permitted disclosures. For example, information can be shared if it can prevent or lessen a serious threat to health or safety. Information can also be shared in situations where the person is given the option of information being shared with their caregivers and they do not object.  

Why does HIPAA keep getting in the way? 

HIPAA was enacted in 1996 as a response to the increasingly frequent need to transfer health information from provider to provider, often because people move or change jobs. In 2003, the privacy rule added protections for sensitive health information. HIPAA was intended to make health records more portable and more secure. 

HIPAA enforcement expanded in 2009, when the Office for Civil Rights took over responsibility to enforce the security rule. Adding legal complexities, some states have adopted their own confidentiality statutes or professional ethics standards with even tighter restrictions on the disclosure of personal health information. As a result, many providers are vigilantly afraid to violate patient confidentiality. 

The unfortunate outcome is that strict nondisclosure practices are common, even as they negatively impact the care and treatment of some individuals with severe mental illness (SMI). Those who fair the worst are people who lack self-awareness due to a common SMI symptom called anosognosia. During mental health emergencies, some people are unable to make reality-informed statements about their care preferences or whom they rely on for support. They may become so delusional or paranoid that they actively refuse to communicate with their most consistent helpers. 

All of this means that caregivers are frequently shut out when the person they care for loses touch with reality and enters the system through a crisis. Some caregivers call this “HIPAA handcuffs” or refer to clinicians as “hiding behind HIPAA.” If their loved one is admitted into a psychiatric hospital, for example, the facility might read a HIPAA statement and immediately hang up the phone or refuse to “confirm or deny” that the person has been admitted. 

This makes it critical for caregivers to have accurate information about HIPAA. 

Here are key points: 

  • HIPAA has always allowed some information sharing based on a clinician’s professional judgment.  
  • The law never barred families from sharing information with providers.  
  • HIPAA includes specific exceptions related to mental health, especially in cases where information sharing can prevent or lessen a serious threat to health or safety. 
  • Advocacy is needed for improved provider training about how to exchange information to improve patient outcomes.  

What information can I share with providers? 

HIPAA does not restrict “family” from sharing information with providers. Please note that family might mean anyone actively engaged in caregiving: parents, siblings, spouses, adult children, partners, significant others, close friends… 

Maintaining an up to date mental health history to share with providers is an excellent way to advocate for better care. If a provider says they cannot speak with you due to HIPAA, calmly explain that you aren’t asking for confidential medical information; you are offering to share information to help them provide good patient care. See below for further guidance and a sample template for faxing information to a facility. 

Sometimes family members are reluctant to share medical information with providers because they are afraid their loved one might be angry or feel betrayed. Federal rules have accounted for that concern by giving providers a right to withhold certain medical records from their clients when sharing might violate trusted relationships. According to HIPAA Privacy Rule and Sharing Information Related to Mental Health, information provided by someone who is not a health care provider may be withheld from the patient: 

“This exception to the patient’s right of access to protected health information gives family members the ability to disclose relevant safety information with health care providers without fear of disrupting the family’s relationship with the patient.”  

If you are sharing information with a provider and don’t want your loved one to know that the information came from you, be sure to explain to the provider that you are sharing this information confidentially. You may wish to cite this federal law: 45 CFR 164.524(a)(2)(v), which states: “An individual’s access [to protected health information] may be denied if the protected health information was obtained from someone other than a health care provider under a promise of confidentiality and the access requested would be reasonably likely to reveal the source of the information.” 

What can providers share with me? 

Under HIPAA, health providers and agencies are generally required to keep medical information confidential unless:  

  • They are sharing information with other providers to support continuity of care.  
  • The “adult” that the information is about signs an ROI for information to be shared with specific entities or people. Note that an “adult” is a person who has reached the age of majority in their state, which might be an age from 13 to 18.  
  • The individual is given the option of the information being shared with caregivers, and they do not object. 

Are there allowances specific to mental health? 

HIPAA’s privacy rule sets standards for how health care providers might properly protect private information while allowing the flow of health information needed to provide and promote high-quality health care. The privacy rule permits disclosure of some private health information when necessary to support the health and well-being of a patient. Permitted disclosures include, for example, the sharing of confidential information “to prevent or lessen a serious threat to health or safety.”  

In 2016, Congress passed the 21st Century Cures Act, which acknowledged provider misunderstandings about HIPAA and called for “compassionate communication.” In Title XI, the act states: 

“There is confusion in the health care community regarding permissible practices under the regulations promulgated under [HIPAA]. This confusion may hinder appropriate communication of health care information or treatment preferences with appropriate caregivers.” 

That same section of the Cures Act holds the U.S. Department of Health and Human Services responsible to create and share resources explaining how and when doctors can include families in medical discussions.  

As a result, HHS.gov provides information and fact sheets about HIPAA. One document, HIPAA Privacy Rule and Sharing Information Related to Mental Health, explains that:  

“In situations where the patient is given the opportunity and does not object, HIPAA allows the provider to share or discuss the patient’s mental health information with family members or other persons involved in the patient’s care or payment for care. For example, if the patient does not object:   

  • “A psychiatrist may discuss the drugs a patient needs to take with the patient’s sister who is present with the patient at a mental health care appointment.   
  • “A therapist may give information to a patient’s spouse about warning signs that may signal a developing emergency.   
  • “BUT: A nurse may not discuss a patient’s mental health condition with the patient’s brother after the patient has stated she does not want her family to know about her condition.”  

Within its guidance portal, HHS provides a Q&A document with information about permitted disclosures to support the engagement of natural supports when a loved one has a mental illness. For example, the guidance explains:  

“Where a patient is not present or is incapacitated, a health care provider may share the patient’s information with family, friends, or others involved in the patient’s care or payment for care, as long as the health care provider determines, based on professional judgment, that doing so is in the best interests of the patient.”  

There have been a number of advocacy initiatives aimed at clarifying that health care providers can and should share information more broadly under specific circumstances (as detailed above) to promote collaboration with caregivers and loved ones.  

What if I’m a legal guardian or have power of attorney? 

Providers are responsible to share information with any individual who has a specific legal contract making them a “personal representative,” such as someone with guardianship, conservatorship, or power of attorney. According to the U.S. Department of Health and Human Services (hhs.gov), the HIPAA Privacy Rule states that a “personal representative must be treated as the individual.”  

To clarify, this federal guidance document explains that a personal representative “stands in the shoes of the individual and has the ability to act for the individual and exercise the individual’s rights.” 

Those rights can be for medical decision-making as well as information sharing. When seeking guardianship, power of attorney, or a psychiatric advance directive, any person signing up to become a personal representative (sometimes called a “designated agent”) for the person with SMI will want to clarify exactly what rights are being granted through the contract. Be prepared to share that paperwork with anyone providing care.  

How can I get around HIPAA barriers? 

If your loved one’s providers are reluctant to speak with you, a short letter sent by fax can be a place to begin. See sample below. You may choose to send a concise mental health history with your note. TAC provides more information and a fillable form: mental health history. 

You might also research whether the agency has a HIPAA compliance office with staff you can contact. A conversation with someone in that office might go something like this: “I’m wondering if you can support staff to better understand what HIPAA allows. I’m deeply concerned that a lack of coordination with me, as my loved one’s primary caregiver, will have a negative impact on the outcomes of their treatment. Please understand that I’m not requesting access to protected medical records. I have important information to share with the staff caring for my loved one, in the interests of good patient care.”  

If you have power of attorney, guardianship, or conservatorship, be sure to mention it. You can ask how the HIPAA compliance office supports staff in understanding how to apply those conditions when engaging with family caregivers. Be prepared to share paperwork and explain how the contract specifies that you have a right to medical information.  

In some states, a psychiatric advance directive (PAD) might give power of attorney to a designated agent. Those documents also should be shared and explained: Do not assume that providers understand what to do with these, as they are newly emerging and not fully integrated into health care systems and training.   

Another idea is to ask for general information related to your loved one’s condition. Providers can answer educational questions even if they cannot answer specific questions about your loved one’s medical information. Here are some examples: 

  • “What would be good for us to know about this diagnosis or condition?”  
  • “What should we be watching out for if our loved one is on a new psychiatric medication?”  

If there isn’t anyone to speak with, you can attempt to open up communication by sending a fax. Faxing is more secure than an email, ensures delivery of the document, and is accepted as evidence of “receipt” in most courts and by most regulatory agencies. Providers are responsible to file written documents with information about a patient in their care. Once in a file, multiple people will see, read, and potentially use the information. 

Below is suggested language for a short starter letter, which can be adjusted as needed for your specific circumstances. Attach mental health history, documentation of power of attorney, etc., as appropriate. You can adjust the language to refer to your specific family member: For example, you might prefer to write “son” or “wife” instead of “loved one.” If you aren’t entirely sure that your loved one is in the facility, the first line could be written to say, “My loved one may be in your facility.”  

[Date] 

To the treatment team of [Name]: 

My loved one is in your facility. I understand that your facility is bound by confidentiality laws. As their family member, I have historical information that is pertinent to treatment. I would be happy to speak with you by phone and/or through email to support my loved one’s treatment.I have attached a concise medical history to support a deeper understanding of their illness and what has worked and not worked in the past.  

Regards, 

[Your Name] 

[Your phone, email] 

Resources 

A website begun by families for families, HIPAA for Caregivers, provides additional information specifically for people caring for someone with a mental illness. 

HHS.gov provides information and fact sheets about HIPAA, including one quoted in this article: HIPAA Privacy Rule and Sharing Information Related to Mental Health 

For those with guardianship, power of attorney, or another formal agreement making them a personal representative: Guidance: Personal Representatives | HHS.gov 

From the Office for Civil Rights: A Patient’s Guide to the HIPAA Privacy Rule: When Health Care Providers May Communicate About You with Your Family, Friends, or Others Involved In Your Care 

Save as PDF
Share

Related Resources

view of jail cell bars, symbolizing the impact of the criminal legal system on individuals with severer mental illness, underlining the necessity for support and guidance when loved ones face arrest or incarceration
Criminal Legal

Learn questions to ask and how to help when a loved one with severe mental illness is arrested, incarcerated, or facing criminal charges in court. Included is information about the competency—or “forensic” system—for ensuring that a person is mentally capable of acting in their own defense.
System Navigation
Read More
Close-up of a patient history form with a pen, representing the importance of collecting and organizing mental health histories for individuals with severe mental illness to improve care and outcomes
Mental Health History

This resource provides information about what facts to collect and how to organize and share medical history with providers to encourage better care and outcomes. A template is included. How […]
Community Playbook
Read More
Close-up image of a package containing Clozapine tablets, highlighting advocacy initiatives and resources dedicated to enhancing accessibility to this crucial treatment for individuals with treatment-resistant schizophrenia
Clozapine

Find resources and information about clozapine, the only FDA-approved medication for treatment-resistant schizophrenia. Read about various organizations that are advocating for federal policy changes to make clozapine more readily available. Included is a resource to help find a provider willing to prescribe clozapine.
Community Playbook
Read More
Violence and Safety Plans

Learn the basics about filing an order of protection in your local court if your loved one with severe mental illness becomes violent or threatening toward you. Statistics shared are a harsh reminder that family members must not take their own safety and well-being lightly.  
Family Care
Read More
a variety of colorful pills, including capsules and tablets, representing medications often linked with substance use disorders and dual diagnosis in individuals with severe mental illness
Substance Use Disorder

Find key terminology and resources related to dual diagnosis conditions that include both severe mental illness and substance use disorder. Although resources are far too few to properly treat these complex conditions, knowing what is possible and best-practice supports advocacy for individuals and system change.
System Navigation
Read More
image of various icons depicting health-related documents, representing resources and tools for creating psychiatric advance directives
Psychiatric Advance Directives (PADs)

Learn about the psychiatric advance directive (PAD) as a tool that gives a person with severe mental illness more voice and choice if the illness worsens and interferes with decision-making. These resources and tips about how to write and share a PAD can help you plan while the illness is well managed.
Community Playbook
Read More
three puzzle pieces on gray background: man, woman, and shaking hands. Represents complexities of guardianship for severe mental illness, with alternatives like supported decision-making
Guardianship and Conservatorship

Learn general information about guardianship and conservatorship, terms that may carry different meaning in different states. Learn also about alternatives to guardianship, such as supported decision-making, power of attorney, and assisted outpatient treatment.
System Navigation
Read More
image of a person standing under a red umbrella labeled 'insurance,' overlooking a city skyline with icons representing health and social institutions, symbolizing the complexities of navigating insurance coverage for mental health care under federal parity laws
Insurance

Federal parity laws require insurance companies to equalize the way they manage mental health care claims to match physical health claims, but enforcement of parity laws is inconsistent and there are loopholes. This resource includes a list of tips to help families navigate insurance denials for mental health care.

System Navigation
Read More
patient receives discharge plan from doctor. family support information included
Discharge Planning

Consider ways that you as a family member might support discharge planning for a loved one who is hospitalized for an acute episode of severe mental illness. The article provides honest considerations to help family members honor their own boundaries, safety, and well-being.
System Navigation
Read More