Are psychotherapy notes PHI?

Psychotherapy notes are considered protected health information (PHI) under HIPAA and therefore are subject to HIPAA’s Privacy, Security, and Breach Notification Rules. However, for these notes to be termed as psychotherapy records according to §164.501 of the Privacy Rule guidelines; they must not contain any details already included in a patient's medical record.

What can be included in psychotherapy notes under HIPAA?

Under HIPAA, psychotherapy notes can include:

• Session content: Detailed notes or transcripts of conversations during therapy sessions.
• Therapist's observations: Personal impressions, interpretations, or analyses of the patient's statements or behaviors made by the therapist.
• Personal notes: The therapist's private thoughts or reminders related to the therapy sessions.

HIPAA requires that psychotherapy notes are restricted to the documentation of private counseling sessions or joint, group, or family therapy interactions and that the notes be recorded by a licensed mental health practitioner affiliated with either an employing covered entity, as a business associate representing one such entity; or serving within the said organization itself.

See also: 

• Covered entities and its business associates
• HIPAA Compliant Email: The Definitive Guide

Regulations around psychotherapy notes

Psychotherapy notes are subject to more stringent conditions for usage and disclosure compared to other PHI. This is because they are typically not necessary for treatment, payment, or healthcare operations besides the professional who made them. Unless certain circumstances arise, patient authorization is usually mandatory before information contained in psychotherapy records can be revealed. Generally, psychotherapy notes can only be disclosed with a patient’s authorization other than in a limited number of circumstances:

• During HIPAA training, mental health trainees receive supervised learning opportunities to enhance their counseling skills.
• If employed by the mental health practitioner or Covered Entity to protect against legal action initiated by the individual mentioned in the psychotherapy notes.
• In situations where it is mandatory by law.
• The psychotherapy notes are intended for use solely by the healthcare professional who created them as part of the treatment provided to the subject.
• When the creator of psychotherapy notes is the subject being overseen for healthcare reasons.

Go deeper: 

• Psychotherapy notes and HIPAA
• Sharing patient information with authorization

FAQs

Can patients access their own psychotherapy notes?

Yes, patients generally have the right to access their own psychotherapy notes upon request, although there are some exceptions, such as when the notes may endanger the patient's safety or the safety of others.

Learn more: What are HIPAA Right of Access provisions?

What is the difference between psychotherapy notes and clinical records?

Psychotherapy notes are personal notes of the therapist and contain the therapist's impressions and analyses. Clinical records include diagnosis, treatment plans, medications prescribed, and other healthcare-related information shared with other healthcare providers for treatment, payment, and healthcare operations.