PT Mobile Logo

Search form


New Risks to Confidentiality in the Modern Era: Page 3 of 4

New Risks to Confidentiality in the Modern Era: Page 3 of 4

Notably, adolescents often have a strong interest in maintaining some degree of privacy in the relationship with their psychiatrist. In other words, they may not wish to disclose some treatment issues to their parents. To support this interest, systems should have provisions to comply with legal requirements regarding confidentiality for adolescents. This is especially important in the implementation of patient portals. It is also another example of the utility of granular controls that allow providers to apply more stringent access rules for certain types of notes or specific fields within notes.


Sally and Tom are currently going through a divorce and a custody battle. The court temporarily gives Sally sole legal custody of their son, Jim, and orders that he remain with her. Jim is being treated by a psychiatrist, and Tom’s attorney sends a record request with signed consent to the psychiatrist requesting release of the records. Absent court order or Sally’s consent, as the parent with legal authority, the psychiatrist incorrectly complies with the request and releases the complete record, including information about Sally. Tom’s attorney then uses this information in court against Sally.

This is an example of an unauthorized transmission of psychiatric information. As with paper records, any transmission of EMR information is subject to federal and state legal guidelines. The efficiency of the process of transmitting EMRs may allow providers to do so too quickly without additional staff involvement, thus creating a potential breach of confidentiality.

HIPAA regulations require that information release without patient consent be limited to the “minimum necessary” for coordination of care, payment, or health care operations but leaves the interpretation of that to the physician or the institution that designs or adapts the EMR for their purposes. However, in an emergency department admission of an unconscious patient, how much is “minimum necessary?” There, the adolescent’s dalliance with drugs or alcohol that he wanted to keep from his parents may be the critical piece of information to assist treatment. Unfortunately, because EMRs are computer systems, they cannot make judgments about what information to release in what situation.

The use of mobile devices

Mobile devices may be extremely helpful to physicians, because they are frequently used for communication with patients and colleagues outside of regular business hours. Some devices allow full access to EMRs. The following vignette illustrates security vulnerabilities inherent in mobile devices.


A psychiatrist has been treating Beth who has been married to Mark for 5 years. Mark will not allow Beth to have friends or to interact regularly with her extended family or coworkers. Beth maintains some outside contact through text and e-mail without Mark’s knowledge. Because Mark often becomes jealous and confrontational, Beth keeps her smart phone in her purse so that Mark does not have access to it. The psychiatrist has encouraged Beth’s decision to leave her husband. Responding to one of Beth’s calls, the psychiatrist leaves her a text message with the contact information for the local battered women’s shelter. When Beth returns from a run, she discovers that Mark has accessed her cell phone along with her e-mails and text messages. He becomes agitated and assaults her.

This example illustrates the potential of unauthorized access to treatment information when communicating with mobile devices. Psychiatrists must consider that when using mobile devices, information can be accessed by unintended parties. Moreover, psychiatrists should be attuned to their specific patient’s clinical needs and that use of certain technology may not be appropriate in all clinical situations.


Loading comments...

By clicking Accept, you agree to become a member of the UBM Medica Community.