According to Health Care Risk Management standards supported by ASHRM and the American Hospital Association Certification Center, a 22-year-old patient is a legal adult and retains full rights to privacy and control over disclosure of protected health information under HIPAA and applicable state confidentiality laws. Psychiatric records are subject to heightened confidentiality protections in many jurisdictions.
Absent a court order or legal guardianship determination, a parent does not have automatic access to an adult child’s medical records. Therefore, before releasing any information, the organization must verify that the patient has executed a valid, specific authorization for release of information that complies with HIPAA requirements. The authorization must clearly identify the recipient, the information to be disclosed, and be properly signed and dated.
Consulting legal counsel or a treating psychiatrist does not substitute for proper authorization. Similarly, requesting guardianship documentation would only be appropriate if the mother asserts legal guardianship status; however, in the absence of such documentation, release cannot occur.
Legal and regulatory objectives emphasize strict adherence to privacy laws, protection of psychiatric records, and proper authorization procedures. Therefore, verification of a signed release of information from the patient is required before disclosure.
