American society has long recognized the importance of mental health and has encouraged those in need of mental health care to seek it. Effective provision of mental health services depends in important part upon open and honest communications between a patient and a psychotherapist. To encourage patient candor in the psychotherapist-patient relationships, federal and state law generally affords confidentiality to patient communications within those relationships for purposes of obtaining medical or mental health care. Contrary to the generally accepted view of Americans that medical and mental health records merit privacy protection, the Schumer-Toomey-Manchin (STM) gun control legislation reduces existing privacy protection for mental health records relevant to background checks through the National Instant Criminal Background Check System (NICS).
Role of Confidentiality in Mental Health Care. The Supreme Court of the United States emphasized in 1996 in Jaffree v. Redmond the importance of protecting confidentiality in mental health care:
The psychotherapist privilege serves the public interest by facilitating the provision of appropriate treatment for individuals suffering the effects of a mental or emotional problem. The mental health of our citizenry, no less than its physical health, is a public good of transcendent importance.
The Supreme Court explained in detail the crucial role confidentiality plays in providing mental health services:
Effective psychotherapy . . . depends upon an atmosphere of confidence and trust in which the patient is willing to make a frank and complete disclosure of facts, emotions, memories, and fears. Because of the sensitive nature of the problems for which individuals consult psychotherapists, disclosure of confidential communications made during counseling sessions may cause embarrassment or disgrace. For this reason, the mere possibility of disclosure may impede development of the confidential relationship necessary for successful treatment.
Congress has similarly recognized the importance of maintaining privacy with respect to medical, and especially mental health care, records.
Existing Law on Illegal Possession of Firearms by Persons Adjudicated “Mental Defective” or Committed to Mental Institution. Section 922 (g)(4) of title 18 of the U.S. Code provides that “[i]t shall be unlawful for any person . . . who has been adjudicated as a mental defective or who has been committed to a mental institution . . . to . . . possess in or affecting commerce, any firearm or ammunition . . . .” Section 924 of title 18 imposes imprisonment, fines, or both, for knowing or willful violation of section 922(g)(4). To help enforce that prohibition on firearms possession, section 102(c)(3) of the NICS Improvement Amendments Act of 2007 (18 U.S.C. 922 note) provides:
The State shall make available to the Attorney General, for use by the National Instant Criminal Background Check System, the name and other relevant identifying information of persons adjudicated as a mental defective or those committed to mental institutions to assist the Attorney General in enforcing section 922 (g)(4) of title 18, United States Code.
Recognizing the importance of protecting mental health record privacy, section 102(d) of the NICS Improvement Amendments Act provides:
(d) PRIVACY PROTECTIONS.–For any information provided to the Attorney General for use by the National Instant Criminal Background Check System, relating to persons prohibited from possessing or receiving a firearm under section 922(g)(4) of title 18, United States Code, the Attorney General shall work with States and local law enforcement and the mental health community to establish regulations and protocols for protecting the privacy of information provided to the system. . . .
Thus, under current law, states, as a condition of receiving NICS-related federal funding, must submit to the Attorney General identifying information on mental defectives (an unappealing term used only because it appears in the statute) and people committed to mental institutions. The Attorney General then uses that information in NICS in conducting background checks for firearms transfers, with the aim of enforcing the prohibition on firearms possession by mental defectives and people committed to mental institutions. However, the Attorney General must establish regulations and protocols designed to protect the privacy of the information. The Attorney General’s regulations (28 CFR Part 25) appear to provide little in the way of privacy protection specifically for mental health records, other than the general system safeguards and a prohibition on unauthorized access to information in the NICS, which apply to all information in the NICS.
Another federal statute, administered by the Secretary of Health and Human Services (HHS) rather than the Attorney General, affects the privacy of mental health records. Section 264(c)(1) of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 authorizes the Secretary of HHS, in specified circumstances, to issue regulations containing standards with respect to the privacy of health information, associated with an identified individual, transmitted in connection with certain transactions, such as those involving health claims, plan enrollment, premium payment, and status, first report of injury, referral certification, and electronic funds transfers. The Secretary’s HIPAA privacy rules (45 CFR Parts 160 and 164) apply to, among other entities, health care providers who transmit any health information in electronic form concerning a covered transaction, which can be construed as including state mental institutions. Section 264(c)(2) provides that the Secretary’s regulations do not preempt state laws that are more “stringent” than the Secretary’s regulations. To the extent the Secretary’s regulations apply in a given situation, the HIPAA privacy rules appear to provide stronger privacy protection for mental health identifying information than the general privacy rules that the Attorney General has specified for NICS would provide for the same information.
When a state considers submitting to the Attorney General for NICS state records with identifying information on mental defectives and people committed to mental institutions, states currently must think about whether they have potential duties under: (1) section 102(c)(3) of the NICS Improvement Amendments Act to submit the records to the Attorney General, consistent with the Attorney General’s sparse NICS privacy regulations, (2) HIPAA privacy rules that limit disclosure of certain mental health records, and (3) state privacy laws more stringent than HIPAA, if any, that limit disclosure of certain mental health records.
STM Reduces Privacy Protection for Mental Health Information. Although the Department of Justice often refers to NICS as if its sole purpose is to conduct background checks to determine whether proposed firearms recipients may lawfully possess firearms, the Department of Justice maintains that it can share the information with law enforcement agencies for other purposes, too. The Office of Legal Counsel of the Department of Justice ruled in February 1996 that “[w]e believe that disclosure of NICS information to law enforcement agencies to further their criminal investigations should be held to be compatible with the law enforcement purpose for which the information was collected.” Thus, it appears that the Department of Justice takes a pro-dissemination approach, rather than a privacy approach, to handling NICS data, at least when it comes to other federal and state law enforcement agencies.
Those concerned with privacy of mental health information — patients, psychotherapists, professional associations, and all Americans concerned about mental health — should stand guard against attempts to weaken existing privacy protection for the mental health information of individuals. The Department of HHS has the role under HIPAA of issuing regulations to protect medical privacy in part because it is institutionally attuned to protecting the interests in mental health care about which the U.S. Supreme Court spoke in Jaffree and can adjust those regulations as appropriate.
The STM gun control legislation eliminates any HIPAA privacy protection for mental health records in connection with the NICS system, leaving only what privacy protection the Attorney General cares to provide. The STM legislation says that information collected under the law by Attorney General Eric Holder to help him enforce the prohibition on firearms possession by mental defectives or people committed to mental institutions “shall not be subject to the regulations promulgated under section 264(c) of the Health Insurance Portability and Accountability Act of 1996 (42 U.S.C. 1320d-2 note).”
Perhaps some will claim that rendering the HIPAA privacy rules inapplicable to state and federal records submitted for NICS has no effect on legal protection for the privacy of mental health records. But if the STM wipe-out of HIPAA does not have an effect, then there is no need for Congress to do it. And if the STM wipe-out of HIPAA does, in fact, decrease privacy protection for the mentally ill, then Congress should not do it, and should preserve existing privacy protection. Either way, Congress should not displace the HIPAA regulations completely with respect to the NICS.