Kristi Pikiewicz Ph.D.

Meaningful You

How Much Privacy is Enough Privacy for Mental Health Patients?

Insurance, information, mental health and your (lack of) privacy

Posted Jun 22, 2012


Many people are not aware that their insurance company may be coercing their therapists into compromising their privacy.  When it is time for your therapist to request authorizations for additional sessions, the insurance company often asks for details about you that probably goes beyond what you might expect and think is necessary.  Let me explain how this works, and what can be done about it.

Every time you go to a doctor of any kind, they give you an information sheet about their office privacy policy.  Most people don’t actually read through those sheets (probably the same people who read the Terms and Conditions to enter many websites, or to install software!), but we all pretty much assume that the doctor will protect our privacy.  After all, there are laws about that, aren’t there

Indeed there are laws about that.  And yet, some information needs to be available for sharing.  The most common instance of your medical records being shared is when you file insurance claims.  Another form your doctor usually asks you to sign, is one that grants permission to give the insurance company information in order to process your claim.  And of course we all pretty much assume that the insurance company will likewise protect our privacy.  After all, there are laws about that, aren’t there?

Yup.  Here, too, there are laws governing how the insurance company protects your privacy.

But then there’s reality.  According to the government, since September 2009, there have been security breaches of healthcare private data affecting more than 20 million people (see the official government report).  And that doesn’t include recent breaches not yet on the list, which put medical data describing another 578,000 people at risk.

Obviously this is a concern.  You want to protect your privacy.  You don’t want information about your latest blood test, sexually transmitted disease, or gynecological exam posted to the web, right?  But in order to process insurance claims, some of that information needs to be shared with the insurance company.

What about mental health records? These are, after all, also part of insurance company files.You tell your therapist lots of things.  Pretty personal stuff.  About as personal as it gets, really - experiences that you haven’t told anyone else.  In fact, one of the reasons you feel safe talking freely to your therapist is that you assume “what’s said in the room, stays in the room.”  And there is ample research that shows that the privacy of the therapy relationship is one of the bedrock foundations that underlie the effectiveness of therapy.  If you had to wonder whether things you told your therapist might “leak” out, you might think twice about what you say in that room.  And if you limit what you say in therapy, you are limiting how much the therapist can help you: your therapist certainly needs the whole story, not just the pretty parts.

The privacy factor is so important that the U.S. Surgeon General cited it in his 1999 Report on Mental Health, saying, “Strong confidentiality laws are critical in creating assurances for individuals seeking mental health treatment and their willingness to participate in treatment to the degree necessary to achieve successful outcomes.”And we’ve got a pretty strong confidentiality law in the U.S., the 1996 Health Insurance Portability and Accountability Act, better known as HIPAA.  In it, there is a strong standard set for the information to which the insurance companies are entitled: only the minimum necessary information to process the claim.  This standard applies to mental health claims, too.

Minimum Necessary Information.”  Sounds pretty good, right?  But in practice, insurance companies routinely exploit this requirement, especially regarding mental health benefits, with tactics that seriously threaten your confidentiality with your therapist.  And these tactics put your therapist in a terrible ethical bind.  I know.  I face this dilemma frequently.

When we apply for authorization for additional sessions to continue your therapy, the insurance company wants more and more information about you and about the work you are doing with your therapist.  In fact, recently in Florida, an insurance company demanded the patient’s entire record be turned over to them before they would process a claim.  The choice is quite clear: give the information and violate ethics and your privacy in order to get the sessions covered, or protect your privacy but lose a benefit to which you are entitled. Whenever insurance companies want to limit their payouts, they can increase the intrusiveness of their questions and some patients will drop out of therapy, saving them money in the short term.  But of course the patient does not get the needed treatment and, in the long term, other medical costs are likely to increase.

So what does comprise the “minimum necessary” information?  How much privacy is enough privacy for mental health patients? 

In New Jersey, we think we have the answer.  The New Jersey Psychological Association (NJPA) has sued Horizon Healthcare Services and Magellan Health Services to ask the court to declare that these companies go beyond the information that is necessary to process your claims, and to force them to stop coercing therapists to violate your privacy.  This is because the psychology licensing law in NJ limits the information to be given to an insurance company, and some insurance plans have been using this standard since 1985 to process claims.  The information allowed by the NJ law is limited to identifying data (name, address, etc.), diagnosis, level of impairment and level of distress (none, mild, moderate, severe or extreme), and estimated time therapy should continue.  There is no reason that any insurance company needs to be asking more about your life than this basic data to process claims.  And we think a court will agree.  And when the court rules in our favor, it will provide a model for the rest of the country regarding the standard for minimum necessary information.

For more information on this issue, the NJPA lawsuit, and a video that explains why this is so important, please visit