Whoever has the right to consent to a given health care service is also the only individual who can view the records related to that care and is also the only one authorized to control the disclosure of that information. So, for example, a parent can access his child’s primary care medical and dental records, and permit disclosure of these records to outside parties; however, he may not view or release records related to birth control or pregnancy testing without his minor daughter’s explicit consent. 


State law does provide for certain exceptions to these confidentiality rules in the following circumstances: 

  • if the provider knows or reasonably suspects that a minor is the victim of child abuse or neglect 

  • if the patient expresses or indicates a threat of serious harm to self or other(s) 

  • if the minor is engaged in sexual activity with a minor which is coerced or exploitative • If a minor under age 16 is involved in sexual activity with an adult age 21 or over

  •  if a minor under age 14 is involved in sexual activity with a minor age 14 or over 

  • it the patient tests positive for certain infectious or communicable diseases such as syphilis, Chlamydia, gonorrhea or HIV12 


In general, mental health providers must involve a parent or guardian in the treatment of minors unless, in the opinion of the treating professional, it would be inappropriate and this is documented in the minor’s record. It should also be noted that health care providers may refuse to provide parents or guardians access to a minor’s medical records when they determine that this access would have a detrimental effect on the minor or the provider’s professional relationship with the minor. 


The rights of clients are made very explicit during the registration process and early clinic visits. 


HIPAA – In 1996, Congress enacted the Health Insurance Portability and Accountability Act (HIPAA) to address the problem of health insurance confidentiality in the era of electronic information. Federal HIPAA regulations generally restate California law regarding confidentiality and information-sharing. HIPAA permits health care providers to share health information, without written release, to other health care providers, health plans or contractors for purposes of diagnosis, treatment or payment. In other cases, authorization must be obtained from parents or minors using a HIPAA-compliant release of information form. Overall, the minimum amount of information needed should be disclosed. 


HIPAA regulations are detailed and carry both financial as well as criminal penalties for non-compliance. The BVROP Wellness Center is subject to HIPAA regulations and staff follow procedures established by the sponsoring agency or community-based agency (CBO). For more information on HIPAA, see 


FERPA The Family Educational Rights and Privacy Act (FERPA) was passed in 1974. FERPA requires that schools receiving federal funding must hold the information in a student’s education records confidential, making it available only to parents or students over the age of 18 years or to those within the school who have a “need to know” in order to provide adequate education. FERPA is administered and enforced by the U.S. Department of Education’s Office for Civil Rights. School districts have been operating under FERPA for many years and all school districts have standards in place to comply with the requirements of this law. 


Generally schools must have written permission from the parent or eligible student in order to release any information from the student’s record. This includes health information documented by school personnel such as nurses, psychologists and physical therapists. Schools, on the other hand, are specifically exempted from HIPAA. For more information on FERPA, see