Beyond HIPAA: Patient Medical Records and Client Confidentiality in Mental Health

    /Mark  /R. Brengelmanspeaker of Training Doyens
    Speaker: Mark R. Brengelman
    Duration: 60 Minutes
    Product Code: 50099
    Level: Advanced
    Refer to Friends Share this page


This HIPAA & Privacy Act Training covers confidentiality beyond the privacy and other protections required by HIPAA.  An in-depth overview of medical records keeping starts this webinar examining the state law sources and even contractual requirements of medical record keeping.

The webinar proceeds to review exceptions to confidentiality that is most frequently encountered by mental health professionals who practice in a high-risk setting where the consequences of a misstep can be very high.

For many years now, HIPAA has provided a federal right to privacy for patient medical records, including mental health records.   However, fearing issues not with federal mandates but with state laws, the mental health care practitioner must know and comply with individual state laws and ethics governing the confidentiality of client information in the context of a doctor-patient relationship.  This is apart and beyond the technical components of HIPAA.

HIPAA has standardized office medical record keeping, releases, and professional communications with third parties.  But how is client confidentiality addressed beyond mere record keeping?  Competing interests and privacy mandates create tension with these differing mandates.

Mere compliance with HIPAA allows risk the practitioner is HIPAA-compliant but liable to other confidentiality issues.  Not only do state laws and codes of ethics mandate confidentiality, but there are many state law exceptions recognized by HIPAA.  The exceptions sometimes allow and sometimes mandate what would otherwise be a confidentiality breach.

The sanctity of the doctor-patient relationship then moves to uncertain territory where client confidentiality meets a duty to act, such as, a duty to warn of impending harm or a duty to report suspected child abuse or neglect.  Such duties to act do not require the permission of the client, or even the notification to the client, that information about them is being disclosed and reported.  This uncertainty exists at a time when the practitioner is most vulnerable - when the practitioner must decide whether and how to act.

Doubtful conduct by practitioners will be examined to their detriment by patients suing for malpractice and licensure boards investigating breaches of confidentiality.  This seminar will first review the standardized HIPAA requirements for patient medical records.  From that perspective, the seminar will answer the issues presented by expanding to review state laws on patient confidentiality, evidentiary privileges, and exceptions mandated by law.

Erase the uncertainty of situations where multiple sources of client confidentiality conflicts that govern the secrets held in confidence by mental health practitioners – beyond HIPAA.


In the complex environment of a medical office or health care facility, with many different health care practitioners, individual practitioners and directors at those offices and facilities may be confused on how long to retain and whether to dispose of medical records.  Practitioners fear not complying with different, but similar, medical records keeping requirements.

Does having digital records require records to be kept indefinitely, or does it simply allow it?  Uncertain state laws apply unique requirements to digital records and communications.

Differing and even conflicting sources of requirements exist for the retention and disposition of medical records, which may vary based upon the specific health care practitioner.  With much of medical records moving to an electronic format, special rules now exist regarding the confidentiality, security, retention, and disposition of electronic medical records.

Once information has been recorded in the patient medical record, what rules apply to prevent release of private information beyond what is mandated by HIPAA?  Take a tour of the most common legal rules requiring patient confidentiality as an evidentiary privilege under state law.

Erases uncertainty and doubt by knowing state law exceptions to maintaining this confidentiality where state laws may merely allow a breach of confidentiality or may indeed mandate it.


Learn to identify and apply differing and conflicting rules with respect to the specific health care practitioner, the specific health care facility practice, and the emerging rules and regulations for electronic medical records confidentiality, security, and disposition.

In addition to these clinical requirements of a specific profession, additional state laws set forth the content and retention of other types of records, other than clinical records of a patient, that are also kept by the professional, such as supervisory agreements with other professionals subordinate to them as well as their own unique record content requirements.

One area covered specifically about electronic record recognizes that while psychotherapy and mental health services are ideal treatments to offer over the internet, that is, by simultaneous audio-visual transmission between the doctor and the patient, the risks of breaches of confidentiality also vastly increase.  And when the successful doctor-patient relationship is over, how does the health care practitioner providing a mental health service dispose of these electronic records?

In addition to state law requirements for the specific retention and disposition of clinical medical records, how long should the health care practitioner retain records for the possible, future defense of a malpractice claim for negligent treatment?  Or to retain such medical records when the patient is a minor?  Or to defend a possible complaint and disciplinary action by a state regulatory agency which could revoke the professional license of the practitioner?

Finally, while HIPAA provides for broad protections of privacy, state laws govern the confidentiality of the information provided in the context of a doctor-patient relationship.  Tour the applicable evidentiary rules that cover confidentiality under state law.

Know the most common exceptions to confidentiality where a law may allow a practitioner to breach confidentiality or may mandate the specific breach of confidentiality.


  • Sources of legal and contractual requirements for medical records retention;
  • What information is mandated to be in a specific health care practitioner’s medical record;
  • Electronic records confidentiality, retention, and disposition;
  • State laws creating evidentiary privileges covering the doctor-patient relationship under applicable rules of evidence
  • Exceptions to confidentiality that may merely allow a breach of confidentiality or my indeed mandate a breach.


Individual health care practitioners; health care attorneys; teachers and educators in graduate-level medical education across the many health care professions; corporate counsel in health care.


Mark worked as the assigned counsel to numerous health professions licensure boards as an Assistant Attorney General for the Commonwealth of Kentucky.  Moving to private practice, he now helps private clients in a wide variety of contexts who are professionally licensed.

Mark became interested in the law when he graduated with both Bachelor's and Master's degrees in Philosophy from Emory University in Atlanta. He then earned a Juris Doctorate from the University of Kentucky College of Law.  In 1995, Mark became an Assistant Attorney General and focused in the area of administrative and professional law where he represented multiple boards as General Counsel and Prosecuting Attorney.

Mark is a frequent participant in continuing education and has been a presenter for over thirty national and state organizations and private companies, including webinars and in-person seminars.  National and state organizations include the Kentucky Bar Association, the Kentucky Office of the Attorney General, and the National Attorneys General Training and Research Institute.

View all trainings by this speaker

Purchase Options

Recorded Session

Get unlimited access to the link for six months. Login information will be shared 24 hours after the completion of Live webinar.


Training DVD or USB Flash Drive

Free shipment within 72 Hours, from the date of webinar completion


View Similar Trainings

In Healthcare

  Gregory J. Simms Time: 01:00 PM EST | 10:00 AM PST
  Debra Phairas Time: 01:00 PM EST | 10:00 AM PST