There is an interesting article about mental health issues in the recent issue of the Military Law Review: Major Cara-Ann M. Hamaguchi, A Precarious Balance: Managing Stigma, Confidentiality, and Command Awareness in the Mental Health Arena, 222 Mil. L. Rev. 156 (Winter 2015) (available here).

The article:

examines the conflict between privacy and the military mission, and advocates for a better balance between the two by centralizing information for commanders and establishing specific administrative consequences for commanders and leaders who fail to respect established privacy standards. This article also examines the current uses of mental-health information for mission and readiness requirements, and calls for more transparency for Soldiers. While parts of this article apply to the entire spectrum of mental conditions and disorders, this article focuses specifically on combat-stress and Post Traumatic Stress Disorder (PTSD).

Hamaguchi, supra, at 161. The article’s main focus is on Army regulations and application, but its themes have broad application. For instance:

Confidentiality is critical to overcoming barriers to care associated with stigma. Soldiers who are otherwise too embarrassed or scared to seek treatment are more likely to do so with strict assurances of privacy. Many of them seek out mental-health providers and chaplains “off the record,” and they are often wary of even being seen talking to these professionals.

Hamaguchi, supra, at 175. And the article also identifies (but does not discuss in detail) what I consider to be a significant flaw in the military exception to HIPAA:

The default rule under HIPAA and DoD policy is that PHI cannot be released unless the patient authorizes release or an exception to HIPAA applies. Nevertheless, there is a HIPAA exception that accounts for the unique nature of the military mission. This “Military Command Authority” exception allows military and civilian treatment facilities to provide appropriate command authorities with access to a Soldier’s PHI to facilitate decisions pertaining to medical fitness and readiness. . . .

Notably, the exception to HIPAA does not provide commanders with unlimited access to a Soldier’s PHI. Rather, the information released must be the minimum amount of information necessary for mission accomplishment. Nevertheless, out of deference to commanders and for the sake of mission completion, this exception can be quite broad in practice.

Hamaguchi, supra, at 186-188 (emphasis added). I think it better to say that this exception often swallows the rule. This begs the question of why, if “confidentiality is critical,” HIPAA’s privacy rules are not more strictly enforced in the military. The article provides something of an answer in the form of a proposed regulation to address commanders who fail to respect protected health information:

AR 600-20 could establish a specific penalty for commanders who intentionally disregard privacy or who promote or tolerate stigma in their formations. As discussed previously in section VII, the penalties associated with HIPAA do not apply to commanders because commanders are not “covered entities” under HIPAA. In addition, although commanders are subject to criminal penalties under the Privacy Act, the likelihood and feasibility of a criminal prosecution is minimal. There are also no specific enumerated penalties for leaders or commanders who promote or tolerate stigma. While there are various policies that caution against promoting stigma, none of them are explicitly punitive in nature. To fill the gap, the addition of a Soldier Fitness chapter into AR 600-20 should include a penalty modeled after the penalties for EO and sexual-harassment policy violations.

Hamaguchi, supra, at 196.

13 Responses to “Scholarship Saturday: The “precarious balance” of medical privacy and command curiosity”

  1. Dew_Process says:

    See also,
    MAJ Kristy Radio, Why You Can’t Always Have It All: A Trial Counsel’s Guide to HIPAA and Accessing Protected Health Information, Army Lawyer available HERE.

  2. Dew_Process says:

    Whoops – hit “post” too soon . . . .
    And this, MAJ T. Anderson, Navigating HIPAA’s Hidden Minefields: A Leader’s Guide to Using HIPAA Correctly to Decrease Suicide and Homicide in the Military, Army Lawyer available HERE.

  3. stewie says:

    Looks like HIPAA is the…ahem…hip topic to get yourself published in the Army Lawyer!
    (I’ll see myself out).

  4. rob klant says:

    I’ve wondered about the interplay between the military’s medical privacy regulations (both DoD 6025.18-R and DoD 6490.08) and Military Rule of Evidence 513 (the military psychotherapist privilege). 
    Does the authority of a patient’s commander (and, under C7.6 of DoD 6025.18-R, law enforcement) to access general medical and mental health treatment records affect the “confidentiality” of any communications made so as to vitiate any privilege which might otherwise exist under MRE 513? (i.e. how can any active-duty patient claim a resaonable expectation that records will not be released to third parties not involved in her treatment)?
    Or, do the military’s medical privacy regulations simply provide an alternate means to MRE 513 when attempting to access the records, while MRE 513 could still limit admission at trial of any records obtained by an authorized alternative means?

  5. Zachary D Spilman says:

    Great question rob klant.

    But, as was thinly-veiled in my post, I think the DoD does a miserable job of addressing medical privacy. A pathetically miserable job.

    A few years ago I noted the view of the Marine Corps’ Executive Force Preservation Board, in this post:


    It’s exactly that attitude that causes Marines (and Soldiers, Sailors, Airmen, and members of the Coast Guard) to keep secrets instead of asking for help.

    My view is that a commander is permitted to ask a medical officer if a particular service member is fit for duty, and the medical officer is permitted to answer yes or no. And no more.

  6. ResIpsaLoquitur says:

    I would hope Marine Corps chaplains and JAGs would have something to say about that Marine Corps policy.

  7. Phil Cave says:

    RiL, The Navy supplies chaplains to the Marine Corps, as it supplies the medical personnel as well.
    As the CO’s question, can I — I wonder how many times the answer is Oorah Sir!  And I wonder if it’s limited to the Marine Corps?

  8. Javert says:

    Here’s the thing:  as long as Commanders get sharp-shot every time one of their  troops does something wrong, every Commander will want to know everything in the mental health history he can get his hands on. HIPAA will not be a deterrent when no Commander gets in trouble for getting the paperwork.  Failure to get the information is far riskier.

  9. Mark Hardman says:

    Balance is the key word here. The legal community can help maintain the balance by educating doctors, especially young doctors on the nuances of HIPPA and his/her disclosure obligations to command. Remember that many 03/04 doctors have little time in service are may feel more pressured by a Bn commander demanding info. Education!

  10. rob klant says:

    Agreed, Javert:  failure to get the information is perceived as a failure in leadership (of the “intrusive” sort).  
    The Marine example cited above is notable only for its clarity.
    Another example I ran across recently was the “Case Management Group” (CMG) provided for under DoD 6495.02 to oversee the handling of sexual assault victims.  
    Required membership consists of the installation commander, the victim’s commander, all SARCs assigned to the installation, SAPR VA, VWAP, MCIO, law enforcement, the victim’s health and mental health providers, a chaplain, and a legal/SJA representative.
    Each of these assorted members are expected to participate by sharing and receiving PII/PHI of the victim.   How, exactly?   No clue provided by the instruction, although there is a general reference to DoD 6025.18-R (but none to 6490.08).

  11. Defense Wizard says:

    I’ve received discovery that included my client’s mental health records, knowing full well that CID and the TC had thoroughly reviewed everyting my client said to the docs post-incident/allegation. Most hospital counsel I have spoken to have a “minimal necessary” rule, but what ends up happening is the bulk-dump of records once the authorization is signed.

  12. rob klant says:

    Defense Wizard,
    While application of the “minimum necessary” rule is subject to wide discretion for most C7.11 (“military command authorities”)disclosures, I believe it’s more narrow when it comes to disclosures of mental health records.
    Current DHA Privacy Office guidance appears to read DoD 6490.08 as providing additional restrictions on releases of mental health records to command authorities under C7.11 of DoD 6025.18-R.  Namely, “[a]ccording to DoDI 6490.08, disclosure to a commander about a Service member’s mental health and/or substance misuse treatment is either strictly prohibited or absolutely required (based on specific criteria).” (Emphasis in the original; see here:
    Personally, I think this special standard would make it easier to prove a violation of the “minimum necessary” rule in cases involving mental health records where the disclosure literally consists, in your words, of a “bulk-dump of records.”
    What would proving a HIPAA violation get the accused?  Probably not much I think, let alone exclusion of the records, given the military courts’ treatment of violations of similar federal privacy statutes such as ECPA.  
    But, if the release also resulted in the disclosure of privileged material to the convening authority or the trial counsel — at their own request and without taking reasonable precautions to avoid the reasonable likelihood of receiving such material — then perhaps the defense could obtain much more, especially if the violation arose to the level of prosecutorial misconduct.

  13. Defense Counsel says:

    Rob Klant – I think in cases of willful violation of the rules (and not just the MTF carelessly dumping records), I might move for disqualification of at least the TC.