The HIPAA Privacy Rule generally allows a parent to have access to the medical records about his or her child, as his or her minor child’s personal representative when such access is not inconsistent with State or other law. However, the exceptions to this when the parent would not be the minor’s personal representative under the Privacy Rule are:
When the minor is the one who consents to care and the consent of the parent is not required under State or other applicable law;
When the minor obtains care at the direction of a court or a person appointed by the court; and
When, and to the extent that, the parent agrees that the minor and the health care provider may have a confidential relationship.
However, even in these exceptional situations, if the State or other applicable law requires or permits parental access, the parent may have access to the medical records of the minor related to this treatment. All the same if the State or any other law denies such access, parental access would be denied. If State or other applicable law is silent on a parent’s right of access in these cases, the licensed health care provider may exercise his or her professional judgment to the extent allowed by law to grant or deny parental access to the minor’s medical information.
Finally, as is the case with respect to all personal representatives under the Privacy Rule, a provider may choose not to treat a parent as a personal representative when the provider reasonably believes, in his or her professional judgment, that the child has been or may be subjected to domestic violence, abuse or neglect, or that treating the parent as the child’s personal representative could endanger the child.