Confidentiality in Health Information Technology

Approved by Council, November 27, 2012

Our healthcare system is rapidly moving towards universal adoption of computerized health information technology. This technology offers enormous opportunities for improving the quality and efficiency of patient care. As a part of the healthcare system, child and adolescent psychiatrists are increasingly utilizing this technology for documentation of care and sharing of information with other healthcare providers involved in the care of our patients. AACAP encourages its members to consider the substantial benefits of health information technology in the practice of child psychiatry.

Confidentiality is a foundational principle of mental health treatment and mental health information is uniquely sensitive. The degree to which communication and sharing of information is facilitated or automated within computerized health information systems carries increased risk of unauthorized transmission of protected health information. While this risk is recognized in existing state and federal standards and regulations, AACAP supports the following recommendations when using health information technology in child and adolescent psychiatry evaluations and treatments:

  • There should be disclosure to patients and families regarding the use of computerized health information systems in their care and the extent to which information is transmitted to or shared with other healthcare providers.

  • Information transmitted or shared with other healthcare providers should be limited to that which is necessary for patient centered integrated healthcare and done so with appropriate authorization from patients and/or their legal guardian as indicated by state and federal regulations. Examples of such information include history, mental status examination, diagnosis formulation, and treatment plans and progress.

  • Systems should have the capability to exert control of access privileges for specific elements of the mental health record in order to restrict access to sensitive information, which is not deemed to be necessary for patient centered integrated healthcare.

  • Systems should restrict parents from automatically accessing mental health information of their adolescents via patient portals without careful compliance with legal and ethical guidelines. Adolescents should be fully informed of the extent to which parents may have access to their mental health information through a patient portal.

  • While CCHIT1-certified electronic medical record systems and patient portals are designed to ensure the security and integrity of health information, patients and families should be warned that using personal technology resources (such as unencrypted email) to communicate with their provider via the internet can permanently compromise the confidentiality of their mental health information.

Please note that the above recommendations pertain specifically to health information technology and do not constitute a comprehensive statement about confidentiality in child and adolescent psychiatry.