HIPAA rules may be eased to allow physicians to report some mental health information to a background check database.

Way clearing for mental health information reporting under HIPAA

Stephen Perkins

At a time when healthcare providers are working to make sure that they are in compliance with the Health Insurance Portability and Accountability Act's data storage rules, a proposed change could give physicians the ability to contribute patient mental health information to the National Instant Criminal Background Check System.

The background check data management system is used by gun dealers to prevent firearms purchases by felons, people with serious mental illnesses and those who have been convicted of domestic abuse, according to Health​ Data Management. The rule change comes following a 2012 report by the Government Accountability Office found that 17 states submitted 10 or fewer reports to the online database. The proposed rule change has been sent to the Office of Management and Budget for review.

"Through the public comment process, we will use the data and information provided by states, health providers, patient advocates and others to determine how best to remove unnecessary barriers to NICS reporting while protecting patient privacy," U.S. Department of Health and Human Services Office for Civil Rights Director Leon Rodriguez said in a press release.

Mental health records are considered protected by HIPAA and are supposed to remain confidential and safely stored in a cloud backup system, making it problematic for that data to be collected. Rodriguez offered assurances that medical and mental health records will not be stored in the background check database, and that gun sellers would only see whether a person had been approved, denied or if a more extensive investigation would be needed.

The changes to HIPAA that are already set to take effect on Sept. 23 lower the threshold for a breach of patient confidentiality regarding medical records and require that all patient information be stored in an online data backup system. Penalties for a breach of patient confidentiality regarding medical records can result in fines of up to $1.5 million. Without the proposed rule changes, the transmission of patient mental health records could be considered a breach.

Categories: Data Management, Data Protection