Chapter 5: Evidence of Continuity of Care

Confidentiality of Records

Questions sometimes come up in regards to access to records because of differences between state and federal laws. The Health Insurance Portability and Accountability Act of 1966 (HIPAA) laws are the primary federal laws in these differences. In California there are three main sources of law that may be involved:

• Confidentiality of Medical Information Act (CMIA) Civil Code (Sections 56, et seq.)
• Information Practices Act of 1977 (IPA) Civil Code (Sections 1798, et seq.)
• Patient Access to Health Records Act (PAHRA) at Health and Safety Code (Sections 123100 – 123149.5)

Patient Access to Records

An individual has a right to the confidentiality of her own mental health records. In most cases, this right of confidentiality stipulates that only the individual, her guardian, and her treatment providers may know the content of the record. However, whether or not an individual has the right to access her own records depends on what laws are applicable (M-POWER, n.d.).

HIPAA allows for psychotherapy notes to be withheld, although they encourage providers to give the information to the individual if they believe that is appropriate. HIPAA denies access to records when there is danger to either the individual directly involved or to another person (HIPAA, 2011c), whereas California law only looks at significant risk of "substantial detrimental or adverse consequences"to the individual (California Health and Safety Code, 2010).

[QN.No.#19. True or False: HIPAA allows psychotherapy notes to be withheld from the clients under certain circumstances.]

If this access to mental health records is denied, the client must be informed of the denial. Also, written records of both the request and the reasons for denial must be put in the client's file (California Health and Safety Code, 2010). If the individual affected directly by that disputes the decision, California's IPA law requires a state agency to re-examine its determination that that particular information is exempt from access (California Department of Health Care Services, 2007).

When there are differences between state and federal laws, the state laws preempt the federal laws. This statement is based on the Federal Register (Standards for Privacy….) statement, "…A state law may also not be preempted because it comes within section 1178(a)(2)(B), section 1178(b), or section 1178(c); in this situation, a contrary federal law would give way."

Inspection by Parents of Child’s Mental Health Records

Discretion to Refuse Access to Parents: In most cases, parents and guardians are allowed access to the health and mental health records of the child or youth. However, in California at least, in the instance of minors aged 12 and older, if the health care provider determines that such access would have a damaging effect on his professional relationship with the minor client or on the minor's psychological well-being or physical safety. Under Section 123115(a)(2), this decision of the availability of the minor's records for inspection shall not attach any liability to the provider, unless the decision is established to be in bad faith (California Health and Safety Code, 2010).

[QN.No.#20. Health providers may refuse to give parents access to their child's health and mental health records. Which of the following is NOT an acceptable requirement?]

Discretion to Not Inform Parents without a Minor's Consent: The California Family Code (2010) requires the health care provider to involve a parent or guardian in a minor's treatment unless the provider determines that this involvement would not be appropriate. This decision and any attempts to contact parents must be documented in the minor's record. There will be some necessary sharing of certain confidential information if parents are involved in treatment. Nonetheless, participation in treatment does not mean parents necessarily have a right to access the confidential records. To whatever extent possible, providers should try to regard the minor's right to confidentiality while still involving parents in treatment (California Family Code, 2010).

Discretion to Inform Providers without Authorization: Records kept in connection with treatment or prevention of drug abuse that is regulated, conducted, or assisted--whether directly or indirectly--by the California Department of Alcohol and Drug Programs cannot be shared with providers who are not working for the same treatment or prevention program except in an emergency (California Health and Safety Code, 2010). Health care providers working for programs that are not state assisted may share information for treatment or referral services with other providers. However, without written client authorization, they may not share psychotherapy notes (California Civil Code Section 56-56.07, 2010 and National Center for Youth Law, 2010).

Disclosure of Record Keeping Procedures

Disclosure of record keeping procedures is potentially a part of informed consent (American Psychological Association, 2007). As you recall, an Informed Consent document is a statement of what will be happening in therapy, its risks, benefits, and alternatives, and signed by the client before beginning therapy and giving consent for therapy. A notice of HIPAA privacy laws that has been signed as having been explained to the client is also a part of the informed consent process. Also discussed were informed consent forms for using e-mail, texting and other electronic communications between client and therapist.

Sometimes, the client might want to know how the records will be maintained, and this may include disclosure of record keeping procedures. This may be particularly important if the procedures will probably affect confidentiality or if the client articulates expectations about record keeping that are different from required procedures.

It's possible that the way in which records are maintained could potentially affect the client in ways that she might not anticipate. It's encouraged that you and your supervisees inform clients about such situations. For example, more and more often certain client records may become part of an electronic file that can be accessed by a wide range of institutional staff. In some educational settings, federal, state, and institutional regulations require record keeping procedures that could enlarge the range of people who have access to the records of a school psychologist.

When mental health client records are released with appropriate permission to do so, from that point it's possible that they might be distributed further without the therapist's or client's knowledge or consent. The client should be alerted of this possibility before the consent for release of information is signed. An example of this, records released in a context of litigation may be placed in the public domain and be accessible to anyone.

[QN.No.#21. Disclosure of record keeping procedures is potentially a part of informed consent. What information might be needed for a client to decided whether or not to sign the consent form?]

Organizational Methods

There are a variety of methods for organizing the records to aid in storage and retrieval. Logical and consistent methods will generally be most useful. For example, a logical file labeling system will assist in recovering records (American Psychological Association, 2007).

Dividing the files into several sections may be helpful:

• Psychotherapy notes
• Client information that is intended to be shared with others
• Material generated by the client, client's family members, prior treatment providers, or other third parties
  • Behavioral ratings or logs
  • Diaries
  • Journals
  • Letters
  • Pictures
  • Videos
  • Greeting cards

Because psychological test data may require especially careful consideration before being released, and therefore may best be clustered within the file to make that perusal easier. A specific, often overlooked, area of concern is the re-release of data from previous therapist's records as a part of the record that should be released. Should the therapist decided not to release that information, having that in a separate part of the file will make it easier to carry out that decision.

When asked for legitimate release of information for which a release form has been signed, the therapist must still consider several items:

• HIPAA regulations regarding psychotherapy notes
• Breadth of records requested
• Client's wishes
• Situational demands

For example, the therapist has received a court order of "any and all records" that were used when the therapist formed certain opinions. It would likely be necessary to re-release some third-party information that is in the record. However, the therapist can give advance notification to the client, allowing enough time for an objection to be raised before responding to such requests for records.

Psychotherapy Notes

For privacy reasons, HIPAA has given its own definition of psychotherapy notes. A discussion of progress notes follows the outline of the applicable HIPAA definition and rules.

HIPAA Definition of Psychotherapy Notes

Some items that have traditionally been included as parts of the psychotherapy notes have been defined by HIPAA as something separate. HIPAA's definition of psychotherapy notes is:

"Psychotherapy notes means notes recorded (in any medium) by a health care provider who is a mental health professional documenting or analyzing the contents of conversation during a private counseling session or a group, joint, or family counseling session and that are separated from the rest of the individual’s medical record. Psychotherapy notes excludes medication preblockedion and monitoring, counseling session start and stop times, the modalities and frequencies of treatment furnished, results of clinical tests, and any summary of the following items: diagnosis, functional status, the treatment plan, symptoms, prognosis, and progress to date" (HIPAA, 2003).

Note that items that this definition pretty much limits psychotherapy notes to anything relating to the contents of therapy session conversations and does NOT include:

• Medication preblockedion and monitoring
• Counseling start and stop times
• Modalities and frequencies of treatment furnished
• Results of clinical tests
• Summaries of:
  • Diagnosis
  • Functional status
  • Treatment plan
  • Symptoms
  • Prognosis
  • Progress

[QN.No.#24. According to the HIPAA definition of psychotherapy notes. Items NOT mentioned that these notes don't include are:]

HIPAA states that psychotherapy notes are to be kept separate from the rest of the record. Only the provider who took the notes (or others within the provider's agency) can access them, unless there is a HIPAA complaint authorization from the client (American Psychological Association, 2007).

Providers are exempt from forwarding or otherwise sharing psychotherapy notes with other entities without client authorization, except for legally defined exceptions. Physically integrating information included in the above list into the psychotherapy notes does not automatically mutate it into protected information.

If a provider has integrated information excluded from the definition of psychotherapy notes with a psychotherapy note (e.g., results of clinical tests, symptoms), the provider is responsible for extracting information that is required to reinforce the reasonableness and necessity of a Medicare claim, or other legal request for information (Provider Inquiry Assistance, 2005).

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is responsible for enforcing the privacy protections and access rights for consumers. The HIPAA privacy rule does not require or allow any new government access to medical information, with one exception: the rule does give OCR the authority to investigate complaints and to otherwise ensure that covered entities comply with the rule. In order to ensure covered entities protect patients' privacy as required, the rule provides that health plans, hospitals, and other covered entities cooperate with the Department's efforts to investigate complaints or otherwise ensure compliance (U.S. Department of Health and Human Services, 2001).

Progress Notes

Psychotherapy notes are sometimes called progress notes. Some of the information that HIPAA excludes in its definition of psychotherapy notes are summaries. However, the specifics that formed the basis for the summaries are included in the psychotherapy, or progress notes. The progress notes:

• Include date and duration of the session
  • Document cancellations and no shows
  • Document gaps in service (incarcerations, hospitalizations, vacations, etc.)
• Include type of intervention
• Refer back to objectives stated in the treatment plan
• Record what was said or done in the session
• In a form that will be most helpful to the therapist, record:
  • Hypotheses
  • Personal reactions
  • Doubts, expectations
  • Possible interpretations
  • Supervisory recommendations
• Financial arrangements for payment and associated information

Face-to-Face Therapy

Anyone acquainted with the field of therapy is familiar with face-to face therapy. The client and therapist meet and have a session. This most often takes place in the therapist's office, but can also occur in hospitals, jails, or similar settings. But because of the experience of the years for this kind of therapy, record keeping and process notes easily fall into the deblockedions above.

Electronic Therapy

Before the advent of the Internet, face-to-face therapy was the only type of therapy, except for crisis telephone services. In recent years, therapists have taken advantage of the Internet and the telephone to offer almost the whole gamut of therapeutic services. This kind of therapy not only has a number of names (e.g., TeleMental Health, Telehealth, E-Therapy, E-Counseling), it's also provided by a variety of means:

• Avatars
• Chats
• E-Mail
• Skype
• Telephone
• Texts
• Video-conferencing

A variety of client populations have eagerly sought these sorts of therapy, including those who:

• Don't want to be seen going into a therapist's office
• In rural areas that are some distance from a therapist's office
• Are incarcerated
• Are homebound
• Work better with frequent, intermittent conversation, rather than a block of time each week
• Are more comfortable with the anonymity of text formats than face-to-face formats

However, clinical, ethical, and legal facets of electronic therapy are in many respects still under construction. There is an ongoing discussion, for example, as to whether most of these formats conform to HIPAA privacy and confidentiality laws. Whole courses are available to train the "electronic therapist" in the ethical and legal considerations (including conducting therapy across state lines, HIPAA, reimbursement, etc.), as well as the delivery of electronic therapy with its practice, logistic, and technologic aspects (Zur, Ofur, 2011d).

Nonetheless, if your supervisees provide any kind of electronic therapy, records must be kept. The rules and regulations and other discussions above all apply.

Security

In light of confidentiality and privacy for every individual, there must be suitable protection against unauthorized access to or loss of the records. As a safeguard against electronic and physical breaches of confidential information, there needs to be limited access to the records. New challenges to preservation of security have appeared because of advances in technology. However, there must be a plan in place to protect the records (American Psychological Association, 2007).

Two basics to consider are:

• The medium on which the records are stored

Paper records must be kept in safe location where they may be protected not only from unauthorized access, but also from damage or destruction (water, mold, fire, insects). Condensed records, or a full copy of them, may be kept in separate locations to better protect them from disasters--natural or unnatural.

[QN.No.#25. Client records that are on paper, must be protected from:]

Electronic records may need protection from different kinds of damage--mechanical insult or electric fields; power outages or surges; attacks from viruses, worms, and other destructive programs. A plan for archiving files may include off-site storage of data or file and system backups.

[QN.No.#26. Client records that are in electronic form must be protected from:]


• Access to the records

Access to paper records may be controlled by storing files in locked cabinets or other such containers that are housed in locked offices or storage rooms.

Access to electronic records may be controlled via security procedures such as firewalls, passwords, authentication, and data encryption.

Retention of Records

There are numerous potential circumstances that might require a release of client records after termination of client contact (e.g., legal proceedings, requests from treatment providers or the clients themselves). They may also be needed at some time for the social worker or therapist to show the nature, quality, and rationale for services provided. It's also a possibility that the records might be requested to give light in resolving a legal dispute and administering justice when the nature of the treatment provided or the psychological condition of the client at the time of services would be needed (American Psychological Association, 2007).

This gives rise to the question of just how long you should keep the records. Perhaps the most practical answer is, "As long as necessary for the future care of the client, and as long as the record may be used in the defense of the therapist" (Cole, 2001). The APA states that, unless there is an overriding requirement, it would be good to keep records for seven years after the last service delivery date for adults or until three years after a minor reaches the age of majority, whichever is later. However, they also state that you may want to keep them longer. These suggestions are the law in California; each state has its own laws.

In deciding whether to keep the records for a longer period of time, you would want to weigh the potential benefits associated with keeping the records versus risks associated with potential privacy loss or having information that is outdated/obsolete. Possibilities that you may want to consider when making the decision to continue to keep or to eradicate files include:

• Earlier records of symptoms of a mental disorder might be helpful for the client in later diagnosis and treatment.
• Or, the client might be better served if later diagnosis and treatment was not influenced by something more than seven years in the past.
• The client might have engaged in behavior as a minor that, if disclosed later (when, for example, he decided to run for Congress) could prove demeaning or embarrassing.
• Keeping the record over an extra-long time might be expensive and/or logistically challenging.

One other item to consider: The client has the right to amend his medical records as long as you have the record (Pritts, 2005).

Preserving the Context of Records

There are times for which the information in a client's record is specific to a given time frame or a particular situational context during which the services were delivered. Over time, as the context changes, the meaning and relevance of the information may also change. The information in the record should be recorded in such as way as to preserve the context.

For example, if you or your supervisee assess or treat an individual who is under extreme external stress or who is in crisis, those stresses may affect the client's functioning in that setting, but the client's behavior in that situation may not be at all representative of the client's normal functional characteristics.

Or--a child who is being severely physically abused may show low scores in a cognitive assessment that may not be close to accurately predicting future functioning of the child. Or if you need to write a case summary of a client who had been violent, but only in the midst of one psychotic episode, you would want to carefully record the context in which the behavior took place. Always try to create and maintain a client's records in such as way as to show related information about the context in which the record is created (American Psychological Association, 2007).

[QN.No.#27. Preservation of the context of client records includes:]

Electronic Records

Issues pertinent to electronic records have already been discussed. But, because of the extreme importance and uniqueness of electronic records, it will be tied together here with some addition information.

Aspects of electronic record keeping that need to be kept in mind are:

• Limitations to their confidentiality
• Methods of keeping the records secure
• Measures needed to maintain the integrity of the records
• Unique challenges of disposing of the records

In many cases, those in the social work and mental health fields will be subject to the HIPAA Privacy Rules and Security Standards. This requires a detailed analysis of the risks associated with your electronic records. It would likely be helpful to conduct that risk analysis even if you're not technically subject to the HIPAA rule.

These HIPPA requirements are also a means to help you to closely examine certain office practices:

• Assuring that you handle personal health information in a manner that will protect clients' privacy
• Defining acceptable deidentification if needed for research or other purpose
• Clearly defining required elements in a release of information authorization

Whether the Security Regulations apply or not, the swift changes in the technologies for service delivery, media storage, and billing necessitate frequent consideration of how to use these methods and media in terms of record keeping standards (American Psychological Association, 2007). The ease of creating, transmitting, and sharing electronic records can expose you to risks of unintentional disclosure of confidential information.

Some precautionary actions include:

• Use case identification numbers, not clients' Social Security numbers to identify records
• Use passwords and/or encryption to protect confidential materials
• Become aware of special issues raised when using electronic methods and media; get training or consult with a specialist when necessary

[QN.No.#28. Precautionary actions that can be taken to protect unintentional electronic disclosure of confidential information include:]

Record Keeping in Organizational Settings

Organizational settings, often present unique record keeping challenges. Record keeping requirements for organizations may be substantially different from requirements in other settings. You may run into conflicts between the organizations' practices and establish professional guidelines, legal and regulatory requirements, or ethical standards. In addition, ownership of and responsibility for a record is not always clearly defined. A number of service providers may access and contribute to the record, potentially affecting the degree to which you may execute control of the record and its confidentiality.

This may be summarized as potential:

• Conflicts between organizational and other requirements
• Ownership of the records
• Access to the records

You, your colleagues, and your agency's management may need to consult with one another to define record keeping procedures that serve the needs of different disciplines, while at the same time meeting acceptable record keeping guidelines and requirements. In this consultation, you'll need to review local, state, and federal regulations and laws that pertain to the organization. If there is a conflict between an ethics code and the organization's policies, you'll need to clarify the nature of the conflict, make your (and others involved) ethical commitments known, and resolve the conflict in a way that is compatible with those ethical commitments.

The nature of your legal relationship with the organization may dictate record keeping practices. The physical record of your services may be owned by the organization and you may not take it with you. However, if the relationship is one of consultation, you may be the one who owns and is responsible for the record. It will be helpful to clarify these issues when you begin your relationship with an organization, minimizing the possibility of misunderstandings.

If a team of people from different disciplines is involved in service delivery, there may need to be wider access to records than usual. Because others (e.g., nurses, physicians, paraprofessionals, etc.) may have access to and may make entries into the client's record, you may have much less direct control over it. This is another call for you to help in developing and refining organizational record keeping policies.

Note that because multidisciplinary records may not have the highest level of confidentiality, you and your supervisees will want to record only information that matches organizational requirements and that is necessary to correctly picture the service provided. Other information may then be kept in a separate and confidential file (American Psychological Association, 2007).

Multiple Client Records

Record keeping issues may be more complex when you provide services to multiple clients, such as in a group therapy session. If the records include information about more than one specific client, legitimate disclosure of information regarding that client may put another client's confidentiality in jeopardy.

It's the responsibility of you and your supervisees to keep records in a fashion that assists authorized disclosures but at the same time protects privacy of other clients. When you provide services to several people who have a relationship (e.g., spouses or parents and children), you must define at the beginning:

• Which individuals are clients
• Your relationship with each person, including your role and the likely uses of the services you give or the information obtained.

If it looks like you may be asked to play potentially conflicting roles (e.g., family therapist and then witness for one part in divorce proceedings), you must take judicious steps to appropriately clarify, modify, or withdraw from a specific role or roles.

In a group therapy setting, you must describe at the beginning each party's role and responsibility, and the limits of confidentiality. If you're asked to provide services to someone who is already receiving similar services elsewhere, you must consider carefully any treatment issues and potential welfare of the client(s). Discuss these issues with the client (or the client's guardian or other legal representative) to diminish risks of conflict and confusion. Also, when appropriate, consult with the other service providers, always being cautious and sensitive to therapeutic issues (American Psychological Association, 2010).

Other precautionary steps you can take include:

• In the informed consent form, include whether information is kept jointly or separately and who can authorize its release.
• In couples, family or group therapy, clarify the identified clients, then create and maintain completely separate records for all identified clients.
• If the family itself is the identified client, you may need to keep a single record, dependent upon practical concerns, ethical guidelines, and third-party reporting requirements.

To successfully "pull all of this off," you'll need to be familiar with regulatory and legal requirements concerning the release of a record that contains information about more than one client (American Psychological Association, 2007).

Financial Records

Financial records are considered by HIPAA to be part of the protected psychotherapy notes; at least they're not on the list of unprotected information. As a rule, a fee agreement or policy will be part of the record, and is the foundation for documenting reimbursement for services. Precise financial records aid payers to evaluate the nature of the payment obligation, and also aid in knowing which services have been billed and paid. Records that are up-to-date can forewarn both the provider and the client of accruing balances that, if not addressed, could adversely affect the professional relationship.

Financial records include (American Psychological Association, 2007), as appropriate:

• Type and duration of the service given
• Client's name
• Fees paid for the service
• Agreements concerning fees
  • Fee agreements or policies identify the amount to be charged for service and the terms of any payment agreement. It will identify how missed appointments will be handles, acknowledge third-part payer preauthorization requirements, copayment agreements, payment schedule, interest that an unpaid balance will accumulate, suspension of confidentiality when collection procedures must be used, and methods that may be used to solve financial disputes.
• Barter agreements
  • An accurate recording of bartering agreements and transactions ensures that the record clearly shows how the provider was compensated. Reporting the source, nature, and date of each barter transaction gives clear indication when needed about the exchange of goods for services. Because the provider could potentially have more power in negotiating a bartering agreement, painstaking documentation protects both parties. The documentation may include the provider's basis for initially concluding that the arrangement is neither clinically contraindicated nor exploitive.
• Balance adjustment issues
  • The rationale for, deblockedion of, and date of any balance adjustment made with either the client or a third-party payer should be part of the record. This can decrease the potential for misunderstandings or perceived obligations that might affect the relationship.
• Copayment issues
• Date, amount, and source of payment received
• Concerns about collection
  • Often also useful is documentation of collection efforts, including notification of the intention of using a collection service.

Disposition of Records

Certain events require collection, storage, transfer, or disposal of client records. These events are:

• Unexpected events (disability, death, or involuntary termination of practice)
• Planned events (retirement, closing a practice, voluntarily leaving employment)

Disposition of client records must be handled in such a way that confidentiality is maintained and client welfare safeguarded (American Psychological Association, 2007). This refers to all private information--written or unwritten--such as communications during the time of providing service, computer files, e-mail or fax communications, written records, and video-tapes. This means that the therapist needs to have suitable plans in place from the beginning of her job. Also to be planned for, in case of unexpected changes, are contingencies for continuation of services (Barnett and Zur, 2011).

In the circumstance of unexpected events, the plans might include control and management of closed records by an agency or trained individual. In the circumstance of planned events, depending on who the employer is, the provider may wish to retain custody and control of the closed records.

It may be helpful to have a method for notifying clients regarding any changes in the custody of their records, especially recently terminated services or open cases. You'll want to check legal and regulatory requirements to see if you should post a public notice about changes in this custody, such as a notice in the newspaper.

If records are to be disposed of permanently, they must be disposed of in such a way that they cannot be recovered, such as shredding. You must to provide for confidentiality in transportation to the shredding facility, as well as in that facility. This might require accompanying the records through the disposal process or having a confidentiality agreement with those responsible for the disposal.

Disposal of electronic records have unique challenges, because you may not have the technical expertise to fully erase or otherwise delete records before, as an example, disposing of an external back-up storage device or a computer hard drive or other electronic record repository. Even though efforts may be made to erase or delete records, they may still be accessible for some "geeks" with specialized knowledge. You'll possibly need to work with a technical consultant to find a satisfactory method for destruction of electronic records. These could include physical destruction of the entire medium or demagnetizing the storage device.