Psychological Assessment: Clinical & Forensic

home  »  assessment »  Pearson Assessments HIPAA Regulations F.A.Q.

Pearson Assessments HIPAA Regulations Frequently Asked Questions*

Pearson Assessments (formerly NCS Assessments) holds the copyright to the material on this web page. This material may not be reprinted or reproduced without permission from Pearson Assessments. I (Ken Pope) would like to thank Pearson Assessments for kindly granting permission for me to reprint this material on this web site.
© 2005 NCS Pearson, Inc.

NOTE: For those interested, here are some related resources on this website:

*Note that the information and answers provided below are Pearson Assessments' opinion, and are not given or intended as legal advice. For legal advice, contact your HIPAA compliance officer or attorney.

The Health Insurance Portability and Accountability Act ("HIPAA") privacy regulations [footnote 1] that went into effect on April 14, 2003 have raised many questions about the use of tests. Generally speaking, the questions relate to either 1) Buying and scoring of Pearson Assessments' tests; or 2) Patient access to and right to copy test materials under HIPAA. Below, we address these questions to the best of our ability at this time. Note that words printed in italics below are defined in the HIPAA regulations. If you have additional questions related to HIPAA and Pearson Assessments, please call Pearson Assessments' client relations representatives at 1-800-627-7271.

Buying and Scoring Pearson Assessments Tests

Q: Is Pearson Assessments a covered entity [footnote 2] under HIPAA?

A: No.

Q: Is Pearson Assessments a business associate [footnote 3] to customers who use Pearson Assessments' MICROTEST Q™ software or scoring services? Should these customers enter into a business associate agreement with Pearson Assessments?

A: No. Business associates must receive, create or use individually identifiable health information [footnote 4] for or on behalf of a covered entity. Our customers may be covered entities, but they do not disclose individually identifiable health information to us. For that reason, Pearson Assessments is not a business associate to its customers.

Q: What if the customer has answer sheets that include name grids and other such identifiable information? Can these still be scored by Pearson Assessments?

A: Yes, with a little modification. The HIPAA regulations allow individually identifiable health information to be de-identified prior to disclosure by the covered entity. [footnote 5] Because we do not need the answer sheet to be individually identifiable in order to score the test and return it to their customer, we ask you to de-identify the answer sheet before sending. In simple terms, that means that the customer will omit or use a marker to completely conceal the name and other individually identifiable information prior to sending the form. If you have questions about what information to omit or conceal, our client relations representatives will he happy to provide test-specific guidance.

Patient Access To and Right To Copy Test Information and Results Under HIPAA

As you know, most Pearson Assessments' test materials and output reports were never intended to be handed to the patient. They are sold for use only by qualified professionals. Testing material is protected by intellectual property law including copyright and trade secret law. The disclosure of test material could damage the test's integrity and usefulness in evaluation, diagnosis and treatment. Therefore, Pearson Assessments recommends that its customers do not provide access to or copies of test materials and/or reports unless disclosure is clearly required. Under the HIPAA statute [footnote 6], covered entities are not required to provide a patient with access to and or the right to copy any test materials or reports to the extent that doing so would result in the disclosure of trade secrets.

Your organization, as a covered entity, may have generated HIPAA disclosure guidelines for your use. In creating those guidelines, your organization may or not have given assessments any specific attention. The following information may be helpful to both you and your organization. Please read this entire section and share it with your HIPAA compliance officer and/or legal counsel.

Q: If a patient makes a HIPAA request for access to or copies of test materials and/or reports, what kind of disclosure is required?

A: Under HIPAA, covered entities are not required to provide a patient with access to and/or the right to copy any test materials or reports that do not contain Protected Health Information or PHI.

Q: What is Protected Health Information or PHI?

A: Under HIPAA, protected health information or PHI [footnote 7] is individually identifiable health information that is used to make decisions about an individual and is maintained in the designated record set.

The following portions of our test materials are NOT PHI because they do not contain individually identifiable health information. Therefore, PATIENTS SHOULD BE DENIED ACCESS TO AND COPIES OF THE FOLLOWING under a HIPAA request:

  1. Test booklets (when answers are entered on a separate form)
  2. Test questions (by themselves)
  3. Test manuals
  4. Test user guides
  5. Wall charts
  6. Scoring templates
  7. Scoring keys
  8. Computer scoring programs such as MICROTEST Q or Q Local software.
  9. PROfile and Interpretive Reports are addressed in the next question. PLEASE READ ON.

Q: Are covered entities required to provide access to and copies of Profile and Interpretive reports?

A: No, there is an explicit exception in the HIPAA [footnote 8] statute that exempts trade secrets from disclosure. Because Pearson Assessments protects MICROTESTQ software and Q Local software and the computerized output reports generated using MICROTEST Q and Q Local as trade secrets, PATIENTS SHOULD BE ALSO DENIED ACCESS TO THE FOLLOWING (Note that this denial applies to requests under H/PM or any other data disclosure law that exempts trade secrets from disclosure):

1. MICROTEST Q or Q Local Software containing patient files,

2. Profile or Interpretive Reports generated using MICROTEST Q OR Q Local profile reports software, and

3. Profile or Interpretive Reports obtained by mailing or faxing answer sheets to Pearson Assessments mail-in scoring service.

Q. What might the patient expect to be provided access to and copies of?

A: Unless there is an explicit exception in the HIPAA regulation, an individual has the right to inspect and obtain a copy of protected health information or PHI about the individual in a designated record set, for so long as the PHT is maintained in the designated record set.

For Pearson Assessments' tests, if the request is not subject to denial (read further to learn about exceptions in the HIPAA regulations that permit denial of access), the patient may expect disclosure of:

  1. Answer sheets stored by the covered entity that are identified by the patient's ID number, and on which the patient has marked the bubbles or filled in the blanks.
  2. Profile or Interpretive reports stored by the covered entity that are identified by the patient's ID number and which contain information that the covered entity uses to make decisions about the individual.

 

Q: May a covered entity provide a patient with summary information rather than access to or copies of test answer sheets and reports?

A: Yes. The HIPAA regulations allow a covered entity to provide an individual with summary information rather than underlying file documents but only if the patient agrees in advance to receive such a summary. Note, however, an individual who earlier agrees to receive summary information does not relinquish the right to later request and obtain access to the underlying documents. Access to and copies of MICROTEST Q or Q Local Software or Profile and Interpretive Reports should be denied under such a later request.

Q: Under what circumstances may a covered entity deny access to or copies of the individually identifiable answer sheet and output reports?

A: Denials can be based on the application of professional judgment on the part of the covered entity. HIPAA regulations state that a covered entity may deny an individual access, provided that the individual is given a right to have such denials reviewed ... in the following circumstances:

(i) A licensed health care professional has determined, in the exercise of professional judgment, that the access requested is reasonably likely to endanger the life or physical safety of the individual or another person;

(ii) The protected health information makes reference to another person (unless such other person is a health care provider) and a licensed health care professional has determined, in the exercise of professional judgment, that the access requested is reasonably likely to cause substantial harm to such other person; or

(iii) The request for access is made by the individual's personal representative and a licensed health care professional has determined, in the exercise of professional judgment, that the provision of access to such personal representative is reasonably likely to cause substantial harm to the individual or another person.

Denials by correctional facilities or those covered entities supporting correctional facilities, in response to requests by inmates are specifically addressed in the regulations. Covered entities providing services to inmates should be familiar with those provisions of the privacy regulations.

Access to protected health information, such as a Pearson Assessments' test, may be denied if the PHI was compiled "in reasonable anticipation of, or for use in, a civil, criminal, or administrative action or proceeding." [footnote 9] Pearson Assessments believes this provision of the privacy regulation should apply as follows:

Covered entities may deny access to and the right to copy if the test was administered in reasonable anticipation of or for use in:

FORENSIC

CIVIL, CRIMiNAL TRIALS

CORRECTIONAL: To support classification, treatment, and management decisions at intake and throughout incarceration in criminal justice and correctional settings. (Housing placement) (security level), Parole, Pre-sentence investigation, Probation)

MARRIAGE AND FAMILY COUNSELING
(in legal proceedings)

Q: Are there any other issues that customers should be aware of related to Pearson Assessments' tests and HIPAA regulations?

A: You should check with your HIPAA compliance officer for legal advice and information specific to your covered entity. As you know, all Pearson Assessments' tests and output reports are protected by copyright and other intellectual property rights. As the HIPAA regulations are clarified, the information in these pages is subject to change. The issue of whether copyrighted material may be disclosed under HIPAA remains an open legal question. Even though MICROTEST Q software, Q Local Software, and Profile and Interpretive reports are exempt from disclosure as trade secrets and test booklets, manuals, user guides, wall charts, scoring keys and templates are exempt from disclosure because they are not PHI, nevertheless, some patients may be entitled to inspect and/or copy portions of P1-/I such as their bubble answer sheet (without question text) and the Item Responses page (only) generated by MICROTEST Q or Q Local software.

The covered entity's HIPAA compliance officer or legal counsel should advise you regarding changes and modifications to the regulations, and the outcome of HIPAA-related litigation. If you have additional questions specifically related to H/PM and Pearson Assessments, please call our client relations representatives at 1-800-627-7271.

If you have additional questions specifically related to HIPAA and Pearson Assessments, please call our client relations representatives at 1-800-627-7271.

Footnote 1: We have footnoted the HIPAA rule sections for your reference. Text of the HIPAA privacy rule can be found online at http://www.hhs.gov/ocr/hipaa/finalreg.html

Footnote 2: See 45 CFR 160.103.
Footnote 3: See 45 CFR 160.103.
Footnote 4: See 45 CFR 160.103.
Footnote 5: See 45 CFR 164.514(a) and (b).
Footnote 6: Social Security Act 1172(e) (codified at 42 U.S.C. 1320d-1(e)
Footnote 7: See 45 CFR 164.501.
Footnote 8: Social Security Act 1172(e) (codified at 42 U.S.C. 1320d-1(e)
Footnote 9: 45 C.F.R. 164.524(a)(1)(ii).

 

[Back to Top]