Confidentiality refers to protection of privileged and private information shared during a health care encounter and in medical records about the encounter (1). Confidentiality concerns are heightened during adolescence and these concerns can be a critical barrier to adolescents in receiving appropriate health care (2, 3). Adolescents face considerable potential harms to their health from mental health disorders, violence, and risky behavior, including substance use and unprotected sexual activity. Maintaining confidentiality is critical to address these sensitive and potentially stigmatizing issues and optimize care of adolescents. The maintenance of patient confidentiality with the use of electronic health records (EHRs) presents a particular challenge for providers of adolescent health care.
Confidentiality and Consent in Adolescent Health Care
To address confidentiality concerns that might pose a barrier to care, all states and the District of Columbia have created minor consent laws giving minor adolescents the right to receive health care without parental consent or notification for certain services. These services may include substance abuse treatment, screening and treatment for sexually transmitted infections (STIs), pregnancy prevention and care, and sometimes abortion, mental health care, and emergency care (4, 5).
Adolescents also have rights to receive health care independently under legal principles such as mature minor and emancipated minor rulings. A mature minor is defined as an adolescent younger than the age of majority who, even if living at home as a dependent, demonstrates the cognitive maturity to give informed consent (1). The capacity of an adolescent to consent for health care as a mature minor is influenced by the minor’s developmental maturity, prior experience with illness, the gravity of the current illness, and the risks of proposed therapy (1). The right of a mature minor to consent to medical care without prior parental consent has been recognized in many states (4). Emancipation is a legal procedure whereby minors become legally responsible for themselves and their parents are no longer responsible (financially or otherwise); hence the minor can consent to medical, dental, or psychiatric care. Statutes vary by state, but a minor may become emancipated when she marries, serves in active duty in the U.S military, or obtains a declaration from the court. Care under mature minor and emancipated rulings is provided without parental consent or notification, although the physician will frequently work with the adolescent to involve parents in decision making, risk reduction, and ongoing health care.
Minor adolescents’ right to confidentiality generally is assumed when there is a right to consent. However, there are some situations, like obtaining an abortion, when it may not be assumed. Many associations of health professionals caring for minors, including the American College of Obstetricians and Gynecologists (the College), the Society for Adolescent Health and Medicine, the American Academy of Pediatrics, and the American Academy of Family Physicians, recognize the importance of confidentiality in providing health care for adolescents (1, 6–8). In particular, the College has published Guidelines for Adolescent Health Care, which includes a chapter on “Confidentiality in Adolescent Health Care” (6). This chapter provides guidance for health care providers in addressing financial and legal obstacles to confidential health services and discusses the aforementioned laws regarding minor consent that have been developed in response to the growing independence of adolescents and the seriousness of their health care needs.
Confidentiality and Electronic Health Records
The United States continues to move toward a Nationwide Health Information Network that will allow health care providers to obtain quick access to patient medical information through EHRs whenever and wherever patients present for care. An EHR is an electronic medical record with interoperability that allows the data to be shared across organizations. Although there are multiple benefits of EHRs, these benefits may conflict with the protection of confidentiality. In 2002, a federal rule was enacted that protects the privacy of individuals’ health records. The privacy rule, which is based on requirements contained in the Health Insurance Portability and Accountability Act (HIPAA) of 1996 provides protection against parents’ access to protected health information for adolescents aged 18 years and older; emancipated minors, minors who can legally consent to services or receive services without parental consent or notification according to state or other applicable law; or when a parent assents to an agreement of confidentiality between the minor adolescent and health care provider. The HIPAA privacy rule, however, defers to state and other applicable laws (such as legislation governing Title X and Medicaid or precedent case law) about disclosure of protected health information for unemancipated minors, which may allow health care providers’ discretion regarding parental access to a minor’s protected health information (9).
The compromise struck in the HIPAA privacy rule on minors’ rights is complex and leaves health care providers with questions regarding the relationship between the HIPAA rule and state and other applicable laws (10, 11). In particular, there is a lack of standards 1) when state and other applicable laws pertaining to minor consent for services do not contain explicit provisions regarding disclosure of protected health information to parents and 2) when health services are provided in a setting governed by federal laws, such as the Federal Educational Rights and Privacy Act, that is exempt from the HIPAA definition of protected health information. In practice, the major issue facing health care providers and patients is the health care provider’s ability to provide confidential care using EHRs, such as when parents have rights to access some of their adolescent’s health information when comprehensive health services are provided and billing systems generate statements detailing confidential services (eg, laboratory tests or prescriptions).
Conclusion and Recommendations
Health care providers caring for minors should be aware of federal and state laws that affect confidentiality. State statutes on the rights of minors to consent to health care services vary by state, and health care providers should be familiar with the regulations that apply to their practice. Useful sources of information on state laws are the Guttmacher Institute (www.guttmacher.org/statecenter/adolescents.html) and the Center for Adolescent Health & the Law (www.cahl.org/state-minor-consent-lawsa-summary-third-edition/). When feasible, health care providers should work with governmental agencies and legislative bodies to eliminate or mitigate the effect of laws that unduly restrict confidential health services for minor adolescents.
Health care providers should be active in educating their staff and patients regarding the confidentiality of services. Generally, parents and adolescents should be informed, both separately and together, that the information each of them shares with the health care provider will be treated as confidential. Additionally, they should be informed of any restrictions to the confidential nature of the relationship (6). Limiting parental access to information about certain personal issues such as sexuality, substance abuse, and mental health concerns allows the adolescent patient to be more comfortable talking with her health care provider about these issues.
Security measures should be put in place at the systems level to prevent breaches of patient confidentiality. With appropriate safeguards, EHRs may actually offer more security than traditional paper-record systems. However, there may be significant cost to these safeguards, and constant reevaluation of protection is imperative.
Health care providers and institutions establishing an EHR system should consider systems with adolescent-specific modules that can be customized to accommodate the confidentiality needs related to minor adolescents and comply with the requirements of state and federal laws (12). If systems of EHRs have already been established, procedures to maintain adolescent confidentiality should be implemented where appropriate.
It is important to note that the EHR for general health care visits may contain information pertaining to care, such as a social history or sexual behavior history, that was provided under minor consent or mature minor provisions. In such circumstances, it may be appropriate to restrict access to such sensitive information obtained during portions of the visit while allowing other portions to be viewable by parents. The optimal standard of practice should ensure that medical record information, including EHR information, for care provided under minor consent or mature minor provisions, is considered confidential and should not be disclosed to parents without adolescent consent. Statutes and regulations regarding medical record information should be updated to ensure this standard is achieved. Similar recommendations are supported by the American Academy of Pediatrics and the Society for Adolescent Health and Medicine (13). If the EHR system does not allow for procedures to maintain adolescent confidentiality, the health care provider or staff should inform the patient that parents will have access to the records, and the patient should be given the option for referral to a health care provider who is required to provide confidential care, such as one who participates in the Title X family planning program.
1. Ford C, English A, Sigman G. Confidential health care for adolescents: position paper for the Society for Adolescent Medicine. J Adolesc Health 2004;35:160–7.
2. Lehrer JA, Pantell R, Tebb K, Shafer MA. Forgone health care among U.S. adolescents: associations between risk characteristics and confidentiality concern. J Adolesc Health 2007;40:218–26.
3. Klein JD, Wilson KM, McNulty M, Kapphahn C, Collins KS. Access to medical care for adolescents: results from the 1997 Commonwealth Fund Survey of the Health of Adolescent Girls [published erratum appears in J Adolesc Health 1999;25:312]. J Adolesc Health 1999;25:120–30.
5. English A, Bass L, Boyle AD, Eshragh F. State minor consent laws: a summary. 3rd ed. Chapel Hill (NC): Center for Adolescent Health and the Law; 2010.
6. American College of Obstetricians and Gynecologists. Confidentiality in adolescent health care. In: Guidelines for adolescent health care. 2nd ed. Washington, DC: American College of Obstetricians and Gynecologists; 2011. p. 9–17.
7. American Academy of Pediatrics. Bright futures: guidelines for health supervision of infants, children, and adolescents. 3rd ed. Elk Grove Village (IL): AAP; 2008.
9. National Institute for Health Care Management. Protecting confidential health services for adolescents and young adults: strategies and considerations for health plans. NIHCM Foundation Issue Brief. Washington, DC: NIHCM; 2011. Available at: http://www.nihcm.org/images/stories/NIHCM-Confidentiality-Final.pdf
. Retrieved December 11, 2013.
10. Health information technology standards, implementation specifications, and certification criteria and certification programs for health information technology. 45 CFR Pt. 170 (2013).
11. Temporary certification program for HIT, 45 CFR Pt. 170(D) (2013).
12. Anoshiravani A, Gaskin GL, Groshek MR, Kuelbs C, Longhurst CA. Special requirements for electronic medical records in adolescent medicine. J Adolesc Health 2012;51:409–14.
13. Standards for health information technology to ensure adolescent privacy. American Academy of Pediatrics. Pediatrics 2012;130:987–90.