In the last section, we discussed three changes in ethical boundaries in regards to the disclosure of raw test data. These three test data boundary changes include: shift in standards; effects of HIPAA; and protecting test security.
On this section, we will discuss three controversies created by HIPAA and its possible breach of ethical boundaries. These three HIPAA privacy controversies include: governmentally accessed information; contradictory language; and employer access.
3 HIPAA Privacy Controversies
♦ Controversy #1 - Governmentally Accessed Information
The first HIPAA privacy controversy is governmentally accessed information. The branch of the government, Health and Human Services, otherwise known as HHS, in addition to taking on the responsibility of writing the legislation, also takes on the responsibility of monitoring it. However, to do this, the HHS demands unlimited access to clients’ records with or without consent of the client. Upon the inception of HIPAA, the HHS facilitated the federal government’s admittance to the records of millions of mental health clients.
For the first time in history, an act of legislation makes it legal for the United States government to retrieve medical information about its citizens, often without the knowledge of the citizens themselves. In addition, HHS has created what HIPAA expert Michael Freeny terms "a holy trinity of insurers, providers, and claims clearinghouses" who can exchange information freely between each other without the client’s knowledge.
Essentially, the information that the client only wanted and thought would be shared just between him or herself and the clinician becomes a free-for-all among these HIPAA approved entities. However, clients are never aware of these transactions and believe their information to be perfectly confidential because, as we discussed in section 3, the Notice of Privacy Policies are so convoluted and obscure that they cannot cipher through it all. Therefore the federal invasion of privacy remains undetected unless a client extensively researches HIPAA for him or herself.
I have found that many clients who have undertaken the laborious task of sifting through HIPAA legislation feel cheated and betrayed by the government and most significantly by their therapist. This puts an unnecessary strain on the client-therapist relationship so that is why I try and make the language of my NPP as clear as possible to my clients from the beginning so they are not surprised by newly discovered and interpreted legislation.
Think of your clients. Can you think of any clients who may be shocked by the extent to which the government has access to his or her records?
♦ Controversy #2 - Contradictory Language
The second HIPAA privacy controversy is contradictory language. Although the legislation presents all appearances of attempts to protect a client’s privacy, upon closer scrutiny, it becomes apparent that certain passages may contradict each other.
Most specifically, Michael Freeny points out a specific section within the legislation which guarantees consumers the right to see and copy their health records and request corrections of mistakes that may be contained in those records. However, providers are obligated by HIPAA to inform clients that they are not bound to fulfill such requests. Therefore, the client’s rights may not be recognized by the provider if the provider deems it unnecessary.
In addition, the guidelines stipulate that clients maintain the right to restrict the distribution and transmission of their medical information. However, Freeny points out, "It’s not true because the next sentence says that the provider is under no obligation to give you that information." Even further, although the client may retain the right to restrict the distribution of their information and the provider consents, there are certain entities to which the provider cannot deny access, specifically the federal government, police, and public health agencies.
So although HIPAA may appear to be more restrictive regarding the distribution of records, this restriction only applies to certain individuals not among the HIPAA approved agencies. Many clients and clinicians are not aware of these contradictions due to the convolution of the regulations themselves. Michael Freeny believes that many therapists prefer to do the bare minimum in regards to HIPAA compliance due to the time it would consume to actually understand the guidelines at a deeper level. Do you agree?
♦ Controversy #3 - Employer Access
In addition to governmentally accessed information and contradictory language, the third HIPAA privacy controversy is employer access. As we discussed in section 4, certain authorities may access information illegitimately and use it to the disadvantage of the client. However, certain employers who operate under the Employee Retirement Income Security Act as insurers for their employees have access to their employees' health records.
This information includes symptoms, medication, and even diagnoses. According to HHS, employers are not allowed to use this information in any business transaction. However, there are no consequences implemented to force the employer to take responsibility for his or her action.
Johnny, age 32, suffered from alcoholism. He had just obtained a job with a packing company who acted on the Employee Retirement Income Security Act and had access to his mental health records. After about a month at this company, he was fired, even after a positive evaluation. His employer stated that Johnny had been a part of a series of cutbacks, although no other employees, even those with less experience and worse evaluations, had been let go. Johnny believes that his supervisor had been told about Johnny’s drinking problems through this act, but there was no way to prove he had been the victim of this discrimination.
Think of your Johnny. Could he or she run the risk of losing his or her employment due to his or her disorder?
In this section, we discussed three controversies created by HIPAA and its possible breach of privacy boundaries. These three HIPAA privacy controversies included: governmentally accessed information; contradictory language; and employer access.
Peer-Reviewed Journal Article References:
Benefield, H., Ashkanazi, G., & Rozensky, R. H. (2006). Communication and records: Hippa issues when working in health care settings. Professional Psychology: Research and Practice, 37(3), 273–277.
Campbell, L. F., & Norcross, J. C. (2018). Do you see what we see? Psychology's response to technology in mental health. Clinical Psychology: Science and Practice, 25(2), Article e12237.
Douglas, S., Jensen-Doss, A., Ordorica, C., & Comer, J. S. (2020). Strategies to enhance communication with telemental health measurement-based care (tMBC). Practice Innovations, 5(2), 143–149.
Glueckauf, R. L., Maheu, M. M., Drude, K. P., Wells, B. A., Wang, Y., Gustafson, D. J., & Nelson, E.-L. (2018). Survey of psychologists’ telebehavioral health practices: Technology use, ethical issues, and training needs. Professional Psychology: Research and Practice, 49(3), 205–219.
Richards, M. M. (2009). Electronic medical records: Confidentiality issues in the time of HIPAA. Professional Psychology: Research and Practice, 40(6), 550–556.
Stiles, P. G., & Petrila, J. (2011). Research and confidentiality: Legal issues and risk management strategies. Psychology, Public Policy, and Law, 17(3), 333–356.
Ethics CEUs QUESTION 4
What are three controversies created by HIPAA and its possible breach of privacy boundaries? To select and enter your answer go to .