“Don’t Tell My Mom”: A Guide to HIPAA Compliance for Minor Patients
As a healthcare provider, when a minor patient approaches you and pleads, “Don’t tell my mom,” abiding by your patient’s wishes is anything but simple. In fact, HIPAA offers no protection to minors and requires healthcare providers to release a minor patient’s medical records to the child’s parent or guardian when requested. This guide to HIPAA compliance for minor patients will help you better understand your obligations as a healthcare provider, but it should not be used in lieu of advice from a legal professional. It does not address individual professions’ ethical or legal obligations, nor does it discuss heightened privacy requirements to which minors are sometimes entitled under Illinois or Wisconsin law.
If you are seeking help with your HIPAA compliance, schedule a free consultation with one of Jackson LLP’s attorneys.
What is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 to achieve the following goals:
- Protect patients’ confidential health information
- Allow American workers and their families to continue or transfer their health insurance coverage when they change jobs
- Reduce healthcare fraud and abuse
- Create an industry-wide standard for healthcare billing and other processes
How Does HIPAA Apply to Minors?
In Illinois, anyone under the age of 18 is considered a minor and cannot legally exercise his or her rights under HIPAA. However, there is of course still an interest in protecting minor patients’ confidential health information, and thus minor patients’ private information is typically kept safe with the minor’s parent or guardian (there are certain exceptions). HIPAA grants parents and guardians access to their minor children’s sensitive information, and thus turning over a minor’s confidential health information to his or her parent or guardian is generally not a violation of HIPAA laws.
Since parents and guardians of minors typically have the same rights as the minor patient, the parent or guardian not only has access to the minor’s medical records, but is also authorized to receive notices regarding the release of the minor patient’s personal health information (PHI), can authorize disclosures of PHI, and make other decisions on behalf of the patient. Essentially, the parent or guardian steps into the patient’s shoes for the purpose of exercising a patient’s considerable rights under HIPAA.
When Should Providers Not Treat a Minor as a Minor?
Generally speaking, parents and guardians of minors have the same rights as the minor patient. However, this is not always the case. There are certain circumstances in which release of the minor patient’s medical records to a parent or guardian would constitute a violation under HIPAA. Below are a few circumstances when this holds true:
- Parental consent is not required under Illinois Consent & Confidentiality Laws, such as when a minor child has been emancipated
- The parent or guardian consents to a confidential relationship between the minor patient and the healthcare provider
- The court appoints another individual to care for the minor patient
- The healthcare provider suspects that the parent or guardian is neglecting or abusing the minor patient
- The minor patient is receiving certain types of mental health services
These are just a few of the situations in which a healthcare provider may not release a minor patient’s medical records to the parent or guardian. Doing so would constitute a HIPAA violation and consequently subject the provider to penalties for legal noncompliance.
What are the Penalties for Noncompliance?
Sometimes minors, especially older minors, may beg and plead with their healthcare providers to keep their medical information confidential from their parents. However, as long as your healthcare attorney has determined that a legal exception doesn’t apply to the situation, healthcare providers are required to release medical records to parents and guardians of minors when requested.
As a health care provider, when you are asked by a minor patient to ignore the law and abide by their wishes, set aside your goodwill and stick with the law because penalties for HIPAA noncompliance can be hefty. Depending on the type and severity of violation, fines can range from $100 to $50,000 per incident, with a maximum fine of $1.5 million per year. In addition to fines, noncompliance can also result in criminal charges that require jail time. And remember: breaches of PHI aren’t the only way to violate HIPAA; a failure to produce records to which the minor patient’s parent or guardian is entitled will also constitute a HIPAA violation.
Consult an Illinois HIPAA Compliance Attorney
HIPAA compliance laws are numerous and complex, yet extremely important. Not only is HIPAA compliance important to protect patients’ personal information, but it is also important to avoid hefty fines. If you are looking for help with HIPAA compliance, call Jackson LLP at (312) 985-6484 or click below to schedule your free consultation.