Â
Although clients have the right to review and obtain information from their records, they do not have the right to all of the material contained in them. For example, clients would ordinarily not have the right to see your informal notes about them or information transmitted in confidence to you by another person.Â
a. Ethical Standards: The Code of Ethics says the following with regard to clients’ access to their records: • You should provide your clients with reasonable access to records concerning them.Â
• If you are concerned that such access will result in misunderstanding or serious harm to the client, you should
(a) provide the client with help in interpreting the records, andÂ
(b) consult with the client about the records.Â
• You should limit a client’s access to his/her records, or part of the records, only in exceptional circumstances, as when there is compelling evidence that seeing certain information in the record would result in serious harm to the client.Â
• If you limit a client’s access to all or part of his/her records, you should document in the client’s fileÂ
(a) the client’s request for the records, andÂ
(b) the reasons why you withheld all or part of the records from the client.Â
• When providing clients with access to their records, you should take steps to protect the confidentiality of other people identified or discussed in the records.Â
b. Legal Guidelines: Because HIPAA provides patients with greater access to their own protected health information (PHI) than does California law, HIPAA sets the legal standard for determining when a patient may be denied access to that information (California Office of HIPAA Implementation, 2005). In terms of your legal obligations, HIPAA’s Privacy Rule stipulates that patients must be permitted to review and amend their medical records. Under HIPAA you may deny a client access to his/her records only if access is reasonably likely to endanger the life or physical safety of the client or another person or if the information in the record makes reference to another person (unless that person is a health-care provider) and access is likely to cause substantial harm to the other person. Finally, Health and Safety Code (H&SC) Section 123110 specifies requirements regarding the timeframe for responding to the request of a client or client representative for access to the client’s records:Â
• Section 123110(a) states that a health-care provider, including mental health professionals, must permit a client or client representative to inspect the client’s records during normal business hours within five working days following receipt of written request.Â
• Section 123110(b) states a health-care provider must ensure that a copy of the client’s record is transmitted to the client or client representative within 15 days after receipt of a written request for the copy.Â
Although H&SC Section 123130(a) allows a health-care provider to prepare a summary of the record for inspection or copying, HIPAA permits this only if the client agrees in advance to receiving a summary. (As noted above, when HIPAA grants clients greater right of access, it preempts California law.) For clients who request a summary, Section 123130(a) specifies the time allowed for responding to the request: It states that the health-care provider must make the summary available to the client within 10 working days from the date of the client’s request. If more time is needed because the record is of extraordinary length or because the client was discharged from a licensed health facility within the last 10 days, the health-care provider must notify the client of this fact and the date that the summary will be completed, but in no case shall more than 30 days elapse between the request by the client and the delivery of the summary.Â