HIPAA/Privacy Violation?

[Guest jsmiddleton4]

I am not asking anyone to agree with me or make a statement regarding the truth or untruth of my question. I however need opinions and possible direction.

My wife and I are seeing a marriage counselor. We've had individual sessions and joint sessions.

During one of the joint sessions the counselor actually got annoyed with me. I actually was asking some questions and he didn't like it. It meant I was controlling the sessions, blah blah blah....

But to get me to shut up he pulled something out of a private session that he and I had and dumped it into the couple session.

I challenged him on it. And in our next "private" session he apologized and indicated it was inappropriate.

Okay fine. But this a serious privacy violoation and I was wondering if HIPAA covers such things too?

Jim

[Steve72]

Good question, and I don't think there is a hard-and-fast answer.

You state that this individual is a "marriage counselor". It is unclear whether he or she is providing "health care". Health care includes counseling services with respect to an individual's mental condition. However, if this individual's services are related solely to the relationship, and not to you as an individual, they may not be covered.

Does the counselor consider him (or her)self covered? I.e., did you receive a privacy notice before treatment started?

If the individual IS covered, then the question is whether the disclosure is permissible. PHI can always be disclosed for treatment purposes. However, it appears from your post that the disclosure was (by the counselor's own admission) not appropriate for treatment. Additionally, as discussed above, it's not clear that the jopint session would qualify as health care treatment. Therefore, if the counselor is covered, I think there is a decent argument that this was a disclosure in violation of HIPAA.

[Guest jsmiddleton4]

Thanks for taking the time to reply. And I want to be very careful and not create any sense that I am setting anyone up, etc.

The counselor is part of my health insurance and is seen as a provider. Would it be the case that any HIPAA regulations that cover United Health's mental health services applies to the counselor?

Jim

[Steve72]

Thanks for taking the time to reply. And I want to be very careful and not create any sense that I am setting anyone up, etc.

The counselor is part of my health insurance and is seen as a provider. Would it be the case that any HIPAA regulations that cover United Health's mental health services applies to the counselor?

Jim

Health Care Providers under HIPAA are covered entites separate from the health plan. They have their own obligations completely outside those of the health plan. It is not necessarily true that any provider covered by your health insurance is a HIPAA covered Health Care Provider, nor that policies that govern your health plan govern the provider.

[Guest jsmiddleton4]

Thanks. The problem is trying to answer the "so what" question. I mean what am I going to do about it if I find out it is a HIPAA violation?

I'm not a mean spiteful guy and I don't want to do something that appears to be only motivated as if by spite. It feels to me like I'd be doing something that could be "right" but it ends up being all wrong.

Jim

[GBurns]

I would have thought that in a joint session all items and info applicable to both individuals are open for discussion. Anything from your individual session is your info and there open for the joint session.

It is inconceivable that you agreed to a joint session and expected to not have your info, from wherever derived, open for discussion. What did you think was going to be used in a joint session? The other person's info only?

In any case an aplogy for inappropriateness means nothing. Inappropriate might have meant wrong time, causing embarassment etc, it does not necessarily mean illegal or unlawful or impermissable.

I doubt that there could be a HIPAA violation, and even if there was , I cannot see the DoL pursuing this. It is of no consequence and even if they do and find the counselor guilty there should only be a minimal penalty especially if the other person provides conflicting or exculpatory support. The purpose of the regulations is not to settle grudges or to spite.

But if you really want to find out if it is a violation, find a lawyer and pay him to tell you.

[Guest jsmiddleton4]

Well GB the information you discuss with a counselor in private sessions is private. The expecatation is that permission is granted to bring information from private sessions into community sessions. If I understand HIPAA correctly much of it refers to process. And the process that is followed is one that allows individuals to control and "own" if you will their information. Its not to control such things as what content would be discussed. HIPAA underscores the ownwership of information belongs to the individual.

Would you not want your wife to know your lab results at the medical doctor? You may or may not. Probably wouldn't object. But if your medical doctor shares your lab results with someone without your permission that is a violation of your privacy.

But again the main question is so what? I'm not looking to fine anyone. The counselor stepped up and it has been "moved past". I was just curious.

[GBurns]

Since that is your understanding of HIPAA, it just increases the need for your to seek a lawyer.

Under HIPAA while an indvidual might "own" their information, it also allows others to use it for treatment etc once it is given to them Once given for treatment HIPAA does not say when and how it is used as treatment or as part of the treatment.

What you seem to be thinking is similar to someone with Diabetes not wanting the same treating Dr to use that info to treat newly developed renal failure, because that info came from another course of treatment.

While you will say that both of the above related to the same individual, I will point out that the Dr then has to give your info to other people to use. The Nurse, the lab techs, the diabetes supply co, the pharmacist, the dialysis center etc etc. And there is usually a need to counsel family members so that they can render emergency assistance. In order for all this to be done you initially signed a General Release that covered the use and release of your info. Unless you were probably the only person in this world who would try to keep all this a secret from your family including your wife.

In signing up for this EAP treatment I am sure that you signed a similar release. Even if you did not you agreed verbally to BOTH individual and group sessions.

It is then the treating practitioners sole discretion as to what course of treatment is necessary. Do you tell your medical practitioner how to practice medicine, how to diagnose or what the treatment protocl should be? Of course you do not. So why in heavens name do you think that you can or should be the decider of what this EAP practitioner should do in the course of treatment? He found it necessary to use an example fron your individual session as an illustration of something that arose in the group session, that is all.

In retrospect he thinks that he might have been able to do it otherwise. That is all. I doubt that you can demonstrate any harm so no foul.

The fact that you were apparently trying to keep secrets from your wife and are now embarassed that he let your secret out, is immaterial. Next time do not let anyone know your secrets. Better yet, next time do not try to bully people who know your secrets. If you had not created a bad scenario this would not have happened. You caused it, now you live with it. Let it be.

You are curious as to how you can have him prosecuted. Here is the answer... Go pay a lawyer and if he does not want to tell you what you want to hear just create a scene..like you did in the group session. Simple.

[Steve72]

A couple comments:

(1) HHS (health and human services), not the DOL, would pursue action under HIPAA (if any). This is not necessarily an employee benefit plan issue. As stated above, providers have their own separate obligations under HIPAA.

(2) The question posed indicated that the physician had, essentially, admitted that the use of the individual information was inappropriate for the joint session. It can be inferred that the use was not for treatment. Providers do not have free reign to utilize PHI.

(3) The "general release" to which GBurns refers would not expand the right of the provider to utilize the information beyond that permitted by HIPAA, unless it constituted a HIPAA compliant authorization. I highly doubt that jsmiddleton was forced to sign a blanket authorization prior to treatment.

(4) This: I would have thought that in a joint session all items and info applicable to both individuals are open for discussion. Anything from your individual session is your info and there open for the joint session is essentially the question jsmiddleton is asking. I do not think the quoted statement is necessarily true, especially given the counselor's admission that the disclosure was inappropriate.

[GBurns]

What did the counselor mean by "inappropriate"?