Pearson Assessments HIPAA Regulations Frequently Asked Questions*
NOTE: For those interested, here are some related resources on this website:
- Update on Malingering Research
- Deposition and Cross-examination Questions on Psychological Tests & Psychometrics
- Fallacies & Pitfalls in Psychological Assessment: 7 Common Mistakes
- Forensic Assessment Checklist
- Sample Agreement Between Expert Witness & Attorney
- Harcourt Assessment's HIPAA Position Statement
- Responsibilities in Providing Psychological Test Feedback to Clients
- Practice Guidelines & Ethics Codes for Assessment, Forensics, Counseling, & Therapy
- The MMPI, MMPI-2, and MMPI-A In Court: A Practical Guide for Expert Witnesses and Attorneys (3rd Edition
*Note that the information and answers provided below are Pearson Assessments' opinion, and are not given or intended as legal advice. For legal advice, contact your HIPAA compliance officer or attorney.
The Health Insurance Portability and Accountability Act ("HIPAA") privacy regulations [footnote 1] that went into effect on April 14, 2003 have raised many questions about the use of tests. Generally speaking, the questions relate to either 1) Buying and scoring of Pearson Assessments' tests; or 2) Patient access to and right to copy test materials under HIPAA. Below, we address these questions to the best of our ability at this time. Note that words printed in italics below are defined in the HIPAA regulations. If you have additional questions related to HIPAA and Pearson Assessments, please call Pearson Assessments' client relations representatives at 1-800-627-7271.
Buying and Scoring Pearson Assessments Tests
Q: Is Pearson Assessments a covered entity [footnote 2] under HIPAA?
Q: Is Pearson Assessments a business associate [footnote 3] to customers who use Pearson Assessments' MICROTEST Q™ software or scoring services? Should these customers enter into a business associate agreement with Pearson Assessments?
A: No. Business associates must receive, create or use individually identifiable health information [footnote 4] for or on behalf of a covered entity. Our customers may be covered entities, but they do not disclose individually identifiable health information to us. For that reason, Pearson Assessments is not a business associate to its customers.
- Purchasing test materials or administrations from Pearson Assessments:
No individually identifiable health information health information
is disclosed by the customer to Pearson Assessments in the course of
tests or MICROTEST Q test administrations.
- Scoring tests using MICROTEST Q software: Because MIGROTEST
Q software resides entirely on our customer's computer system, there
is no disclosure
of individually identifiable health information to Pearson Assessments
in the course of scoring tests using MICROTPST Q software.
- Scoring tests using Pearson Assessments' scoring services: Pearson Assessments does not require individually identifiable health information in order to score answer sheets sent by mail or fax. Over the past year, we have removed name grids and spaces for other identifying information from most of our forms, leaving the forms identified only by a (non-social security number) ID number that is selected by the customer. We have no way of linking the ID number with an individual. Therefore, the information contained in the answer sheets is not individually identifiable health information when it arrives at Pearson Assessments for scoring.
Q: What if the customer has answer sheets that include name grids and other such identifiable information? Can these still be scored by Pearson Assessments?
A: Yes, with a little modification. The HIPAA regulations allow individually identifiable health information to be de-identified prior to disclosure by the covered entity. [footnote 5] Because we do not need the answer sheet to be individually identifiable in order to score the test and return it to their customer, we ask you to de-identify the answer sheet before sending. In simple terms, that means that the customer will omit or use a marker to completely conceal the name and other individually identifiable information prior to sending the form. If you have questions about what information to omit or conceal, our client relations representatives will he happy to provide test-specific guidance.
Patient Access To and Right To Copy Test Information and Results Under HIPAA
As you know, most Pearson Assessments' test materials and output reports were never intended to be handed to the patient. They are sold for use only by qualified professionals. Testing material is protected by intellectual property law including copyright and trade secret law. The disclosure of test material could damage the test's integrity and usefulness in evaluation, diagnosis and treatment. Therefore, Pearson Assessments recommends that its customers do not provide access to or copies of test materials and/or reports unless disclosure is clearly required. Under the HIPAA statute [footnote 6], covered entities are not required to provide a patient with access to and or the right to copy any test materials or reports to the extent that doing so would result in the disclosure of trade secrets.
Your organization, as a covered entity, may have generated HIPAA disclosure guidelines for your use. In creating those guidelines, your organization may or not have given assessments any specific attention. The following information may be helpful to both you and your organization. Please read this entire section and share it with your HIPAA compliance officer and/or legal counsel.
Q: If a patient makes a HIPAA request for access to or copies of test materials and/or reports, what kind of disclosure is required?
A: Under HIPAA, covered entities are not required to provide a patient with access to and/or the right to copy any test materials or reports that do not contain Protected Health Information or PHI.
Q: What is Protected Health Information or PHI?
A: Under HIPAA, protected health information or PHI [footnote 7] is individually identifiable health information that is used to make decisions about an individual and is maintained in the designated record set.
The following portions of our test materials are NOT PHI because they do not contain individually identifiable health information. Therefore, PATIENTS SHOULD BE DENIED ACCESS TO AND COPIES OF THE FOLLOWING under a HIPAA request:
- Test booklets (when answers are entered on a separate form)
- Test questions (by themselves)
- Test manuals
- Test user guides
- Wall charts
- Scoring templates
- Scoring keys
- Computer scoring programs such as MICROTEST Q or Q Local software.
- PROfile and Interpretive Reports are addressed in the next question. PLEASE READ ON.
Q: Are covered entities required to provide access to and copies of Profile and Interpretive reports?
A: No, there is an explicit exception in the HIPAA [footnote 8] statute that exempts trade secrets from disclosure. Because Pearson Assessments protects MICROTESTQ software and Q Local software and the computerized output reports generated using MICROTEST Q and Q Local as trade secrets, PATIENTS SHOULD BE ALSO DENIED ACCESS TO THE FOLLOWING (Note that this denial applies to requests under H/PM or any other data disclosure law that exempts trade secrets from disclosure):
1. MICROTEST Q or Q Local Software containing patient files,
2. Profile or Interpretive Reports generated using MICROTEST Q OR Q Local profile reports software, and
3. Profile or Interpretive Reports obtained by mailing or faxing answer sheets to Pearson Assessments mail-in scoring service.
Q. What might the patient expect to be provided access to and copies of?
A: Unless there is an explicit exception in the HIPAA regulation, an individual has the right to inspect and obtain a copy of protected health information or PHI about the individual in a designated record set, for so long as the PHT is maintained in the designated record set.
For Pearson Assessments' tests, if the request is not subject to denial (read further to learn about exceptions in the HIPAA regulations that permit denial of access), the patient may expect disclosure of:
- Answer sheets stored
by the covered entity that are identified by the patient's ID number,
and on which the patient has marked the bubbles or
filled in the blanks.
- Profile or Interpretive reports stored by the covered entity that are identified by the patient's ID number and which contain information that the covered entity uses to make decisions about the individual.
Q: May a covered entity provide a patient with summary information rather than access to or copies of test answer sheets and reports?
A: Yes. The HIPAA regulations allow a covered entity to provide an individual with summary information rather than underlying file documents but only if the patient agrees in advance to receive such a summary. Note, however, an individual who earlier agrees to receive summary information does not relinquish the right to later request and obtain access to the underlying documents. Access to and copies of MICROTEST Q or Q Local Software or Profile and Interpretive Reports should be denied under such a later request.
Q: Under what circumstances may a covered entity deny access to or copies of the individually identifiable answer sheet and output reports?
A: Denials can be based on the application of professional judgment on the part of the covered entity. HIPAA regulations state that a covered entity may deny an individual access, provided that the individual is given a right to have such denials reviewed ... in the following circumstances:
(i) A licensed health care professional has determined, in the exercise of professional judgment, that the access requested is reasonably likely to endanger the life or physical safety of the individual or another person;
(ii) The protected health information makes reference to another person (unless such other person is a health care provider) and a licensed health care professional has determined, in the exercise of professional judgment, that the access requested is reasonably likely to cause substantial harm to such other person; or
(iii) The request for access is made by the individual's personal representative and a licensed health care professional has determined, in the exercise of professional judgment, that the provision of access to such personal representative is reasonably likely to cause substantial harm to the individual or another person.
Denials by correctional facilities or those covered entities supporting correctional facilities, in response to requests by inmates are specifically addressed in the regulations. Covered entities providing services to inmates should be familiar with those provisions of the privacy regulations.
Access to protected health information, such as a Pearson Assessments' test, may be denied if the PHI was compiled "in reasonable anticipation of, or for use in, a civil, criminal, or administrative action or proceeding." [footnote 9] Pearson Assessments believes this provision of the privacy regulation should apply as follows:
Covered entities may deny access to and the right to copy if the test was administered in reasonable anticipation of or for use in:
- Child custody disputes
- Commitment Hearings (mental health institutions
- Conservator/Guardianship/Competency hearings
- Competency to stand trial/commitment hearings
—Getting back Driver's license after DUI
- Insanity defense Personal injury lawsuits/neurological evaluations
Determine malingering, lying, acting
—Work hardening programs
—Social Security Disability evaluations
—Personal injury evaluations
CIVIL, CRIMiNAL TRIALS
- To support or impeach expert testimony
CORRECTIONAL: To support classification, treatment, and management decisions at intake and throughout incarceration in criminal justice and correctional settings. (Housing placement) (security level), Parole, Pre-sentence investigation, Probation)
- Readiness to be released
- Assess behaviors
- Security risks
- Rehabilitation potential
- Assess substance abuse, sexual predation, or mental instability (for placement in certain programs)
MARRIAGE AND FAMILY COUNSELING
(in legal proceedings)
- Parental fitness
- Adoption Evaluations
Q: Are there any other issues that customers should be aware of related to Pearson Assessments' tests and HIPAA regulations?
A: You should check with your HIPAA compliance officer for legal advice and information specific to your covered entity. As you know, all Pearson Assessments' tests and output reports are protected by copyright and other intellectual property rights. As the HIPAA regulations are clarified, the information in these pages is subject to change. The issue of whether copyrighted material may be disclosed under HIPAA remains an open legal question. Even though MICROTEST Q software, Q Local Software, and Profile and Interpretive reports are exempt from disclosure as trade secrets and test booklets, manuals, user guides, wall charts, scoring keys and templates are exempt from disclosure because they are not PHI, nevertheless, some patients may be entitled to inspect and/or copy portions of P1-/I such as their bubble answer sheet (without question text) and the Item Responses page (only) generated by MICROTEST Q or Q Local software.
The covered entity's HIPAA compliance officer or legal counsel should advise you regarding changes and modifications to the regulations, and the outcome of HIPAA-related litigation. If you have additional questions specifically related to H/PM and Pearson Assessments, please call our client relations representatives at 1-800-627-7271.
If you have additional questions specifically related to HIPAA and Pearson Assessments, please call our client relations representatives at 1-800-627-7271.
Footnote 1: We have footnoted the HIPAA rule sections for your reference. Text of the HIPAA privacy rule can be found online at http://www.hhs.gov/ocr/hipaa/finalreg.html
Footnote 2: See 45
Footnote 3: See 45 CFR 160.103.
Footnote 4: See 45 CFR 160.103.
Footnote 5: See 45 CFR 164.514(a) and (b).
Footnote 6: Social Security Act 1172(e) (codified at 42 U.S.C. 1320d-1(e)
Footnote 7: See 45 CFR 164.501.
Footnote 8: Social Security Act 1172(e) (codified at 42 U.S.C. 1320d-1(e)
Footnote 9: 45 C.F.R. 164.524(a)(1)(ii).