40% OFF Sale through January 23: COVID Clinical Best Practices. Use "CLINICAL40" coupon code in your shopping cart.

HIPAA Release Forms for Behavioral Health Professionals

HIPAA release formUnder HIPAA regulation health care professionals across all industries are responsible for obtaining HIPAA release forms from their patients.
HIPAA release forms are documents that must be signed by patients before any of their sensitive health care data may be shared with another entity. There are of course rules and exceptions that govern how and when protected health information (PHI) may be shared, even with a HIPAA release form in place. Below, we take a look at some of the rules surrounding HIPAA release forms, with special attention to how it relates to behavioral health professionals in particular.

Understanding HIPAA Release Forms

HIPAA regulation states that providers may disclose PHI (any demographic information that can be used to identify a patient) without a HIPAA release form in place for matters of payment, treatment, or healthcare operations. That means that for activities that keep your practice running on a day-to-day basis, such as sharing PHI with insurance companies, billing companies, or providers sharing PHI with another provider, you do not need to obtain patient authorization.
However, for all other purposes when PHI will be shared with third parties or other entities, behavioral health professionals must obtain express written consent from their patients in a HIPAA release form. Authorizations and disclosures are covered by the HIPAA Privacy Rule, which sets standards for what a HIPAA release form should contain, and when and how they must be executed.
However, when it comes to behavioral health professionals, there is one major exception to the payment, treatment, and operations exclusions that must be prioritized in order to protect patient privacy and avoid major HIPAA violations.

HIPAA Release Forms for Behavioral Health Professionals

Behavioral health professionals are not permitted to share psychotherapy notes of any kind under the payment, treatment, or operations exclusions. That is because of the particularly sensitive nature of the information that is being collected.
Behavioral health professionals may bill or perform general operational work using minimum information that the patient has provided, such as name, address, etc. However, no notes that have been collected in a psychotherapeutic context may be disclosed under HIPAA regulation.
This is an important distinction that applies only to behavioral health professionals, and should be first and foremost among your priorities when it comes to maintaining your patients’ privacy and confidence.
Keep this in mind when formulating your behavioral health HIPAA release forms!

HIPAA Resources

If you need assistance with HIPAA compliance, consider working with our TBHI affiliate, the HIPAA Compliancy Group. (When you purchase services from them, TBHI will be paid a small commission.) They can help you support your HIPAA compliance with The Guard®. The Guard is a web-based HIPAA compliance solution, built by former auditors to help simplify compliance. The Guard is built to address the HIPAA regulations, including guided walkthroughs of HIPAA Risk Assessments. With The Guard, you can focus on running your practice while keeping your patients’ data protected and secure. Compliancy Group’s team of expert Compliance Coaches® can also field questions and guide you through the implementation process, taking the stress out of managing compliance. Find out more about how Compliancy Group and the HIPAA Seal of Compliance® can help simplify your HIPAA compliance today!

HIPAA Webinars:

Cyber Security: Top 5 Things You Can Do Tomorrow Morning to Protect Your Practice and Your Clients/Patients
Ransomware hackers attack smaller healthcare practices daily, creating serious data breaches and HIPAA violations. Are you and your clients/patients vulnerable, too?


Social Media and HIPAA Compliance
Social Media and HIPAA Compliance: Protecting Your Practice in the Digital Age
Managing social media use and HIPAA compliance can lead to some of the most common misunderstandings faced by healthcare providers. Improperly trained employees can expose your organization to HIPAA violations and costly fines!


Disclaimer: The views and opinions expressed in the article and on this blog post are those of the authors. These do not necessarily reflect the views, opinions, and position of the Telebehavioral Health Institute (TBHI). Any content written by the authors are their opinion and are not intended to malign any organization, company or individuals.