Security in the Mental Health Sector - Release of Information  

Written By Alex Glaze

Do our actions meet our intent?

Your clients have come to you for help. You have answered the call, waded through insurance verification, and scheduled an intake. Maybe you’ve been working with your client for a week, or a decade; regardless they have opened up and shared details of their hardest days. You’ve documented the least amount of information necessary to get reimbursement from insurance companies and you think you’re good to go.

Then, a request for information comes in. It could have come from another providers office, a short term disability insurance company, or a law firm. The organization requesting information has included an ROI (release of information) signed by your client. You hastily fulfill the request believing the request was made in earnest; the client mentioned something about this, right?

Best practice is to have the client fill out an ROI at your organization, inform them of the risks associated with sending it, and confirm the intended recipient - their secure fax or encrypted portal.

Frequent or urgent requests are often filled by provider’s offices without following best practices. This can lead to breaches that damage relationships and the institution of Mental Health.

Here are a few questions to ask:

  1. What does the recipient want?

  2. Why do they want it?

  3. Can I fulfill the ‘why’ with less information than they are requesting?

  4. Is the client aware of the request?

  5. Does the client agree with the request?

  6. Does the client understand the request and what is in the documents?

  7. Have I reviewed the documents for extraneous information that should be redacted?

  8. Have I informed the client of the potential outcomes of sharing the information?

  9. Do I have a direct line of communication with the requestor that ensures continuous security of the information?

If you haven’t followed the above steps, overshared information, or shared information in a manner inconsistent with State and Federal Law, don’t panic. Follow the link and schedule a breach consultation with us and we can help you understand your risk and how to manage it!

Remember: slow is smooth and smooth is secure.

Alex Glaze