There is an interesting article about mental health issues in the recent issue of the Military Law Review: Major Cara-Ann M. Hamaguchi, A Precarious Balance: Managing Stigma, Confidentiality, and Command Awareness in the Mental Health Arena, 222 Mil. L. Rev. 156 (Winter 2015) (available here).
examines the conflict between privacy and the military mission, and advocates for a better balance between the two by centralizing information for commanders and establishing specific administrative consequences for commanders and leaders who fail to respect established privacy standards. This article also examines the current uses of mental-health information for mission and readiness requirements, and calls for more transparency for Soldiers. While parts of this article apply to the entire spectrum of mental conditions and disorders, this article focuses specifically on combat-stress and Post Traumatic Stress Disorder (PTSD).
Hamaguchi, supra, at 161. The article’s main focus is on Army regulations and application, but its themes have broad application. For instance:
Confidentiality is critical to overcoming barriers to care associated with stigma. Soldiers who are otherwise too embarrassed or scared to seek treatment are more likely to do so with strict assurances of privacy. Many of them seek out mental-health providers and chaplains “off the record,” and they are often wary of even being seen talking to these professionals.
Hamaguchi, supra, at 175. And the article also identifies (but does not discuss in detail) what I consider to be a significant flaw in the military exception to HIPAA:
The default rule under HIPAA and DoD policy is that PHI cannot be released unless the patient authorizes release or an exception to HIPAA applies. Nevertheless, there is a HIPAA exception that accounts for the unique nature of the military mission. This “Military Command Authority” exception allows military and civilian treatment facilities to provide appropriate command authorities with access to a Soldier’s PHI to facilitate decisions pertaining to medical fitness and readiness. . . .
Notably, the exception to HIPAA does not provide commanders with unlimited access to a Soldier’s PHI. Rather, the information released must be the minimum amount of information necessary for mission accomplishment. Nevertheless, out of deference to commanders and for the sake of mission completion, this exception can be quite broad in practice.
Hamaguchi, supra, at 186-188 (emphasis added). I think it better to say that this exception often swallows the rule. This begs the question of why, if “confidentiality is critical,” HIPAA’s privacy rules are not more strictly enforced in the military. The article provides something of an answer in the form of a proposed regulation to address commanders who fail to respect protected health information:
AR 600-20 could establish a specific penalty for commanders who intentionally disregard privacy or who promote or tolerate stigma in their formations. As discussed previously in section VII, the penalties associated with HIPAA do not apply to commanders because commanders are not “covered entities” under HIPAA. In addition, although commanders are subject to criminal penalties under the Privacy Act, the likelihood and feasibility of a criminal prosecution is minimal. There are also no specific enumerated penalties for leaders or commanders who promote or tolerate stigma. While there are various policies that caution against promoting stigma, none of them are explicitly punitive in nature. To fill the gap, the addition of a Soldier Fitness chapter into AR 600-20 should include a penalty modeled after the penalties for EO and sexual-harassment policy violations.
Hamaguchi, supra, at 196.