Skip To Main Content



Whoever has the right to consent to a given health care service is also the only individual who can view the records related to that care and is also the only one authorized to control the disclosure of that information.


State law does provide for certain exceptions to these confidentiality rules in the following circumstances: 

  • if the provider knows or reasonably suspects that a minor is the victim of child abuse or neglect 

  • if the patient expresses or indicates a threat of serious harm to self or other(s)


In general, mental health providers must involve a parent or guardian in the treatment of minors unless, in the opinion of the treating professional, it would be inappropriate and this is documented in the minor’s record. It should also be noted that health care providers may refuse to provide parents or guardians access to a minor’s medical records when they determine that this access would have a detrimental effect on the minor or the provider’s professional relationship with the minor. 


HIPAA – In 1996, Congress enacted the Health Insurance Portability and Accountability Act (HIPAA) to address the problem of health insurance confidentiality in the era of electronic information. Federal HIPAA regulations generally restate California law regarding confidentiality and information-sharing. HIPAA permits health care providers to share health information, without written release, to other health care providers, health plans or contractors for purposes of diagnosis, treatment or payment. In other cases, authorization must be obtained from parents or minors using a HIPAA-compliant release of information form. Overall, the minimum amount of information needed should be disclosed. 


HIPAA regulations are detailed and carry both financial as well as criminal penalties for non-compliance. The BVROP Wellness Center is subject to HIPAA regulations and staff follow procedures established by the sponsoring agency or community-based agency (CBO). For more information on HIPAA, see 


FERPA The Family Educational Rights and Privacy Act (FERPA) was passed in 1974. FERPA requires that schools receiving federal funding must hold the information in a student’s education records confidential, making it available only to parents or students over the age of 18 years or to those within the school who have a “need to know” in order to provide adequate education. FERPA is administered and enforced by the U.S. Department of Education’s Office for Civil Rights. School districts have been operating under FERPA for many years and all school districts have standards in place to comply with the requirements of this law. 


Generally schools must have written permission from the parent or eligible student in order to release any information from the student’s record. This includes health information documented by school personnel such as nurses, psychologists and physical therapists. Schools, on the other hand, are specifically exempted from HIPAA. For more information on FERPA, see