How HIPAA Protects You

What is HIPAA and How Am I Protected?

            HIPAA is the Health Insurance Portability and Accountability Act of 1996, a piece of federal legislation that created standards to protect patient/client health information. Among other goals, it seeks to increase the protection of patient confidentiality and ensure that healthcare providers protect patient health information (PHI) better. Here are some of the provisions that protect clients:

·       HIPAA limits sharing PHI to anybody who is not privileged. For instance, I would not be able to tell my friends your name, date of birth, address, or any healthcare information. Some exclusions apply, including when somebody is in danger (see below) or sharing your information with my supervisor—also bound by HIPAA—to increase the quality of care I provide.

·       HIPAA increases safeguards of PHI stored in physical and electronic settings. This includes requiring HIPAA-compliant software for electronic health records—I use Simple Practice, which is HIPAA-compliant and secure—and requires safeguarding of physical copies.

·        HIPAA requires notifications of any breaches of PHI to ensure that clients can take appropriate steps to protect themselves.

·       HIPAA establishes organizations and disciplinary actions for violating patient confidentiality, including fines and incarceration in severe cases.

Other ways I protect client data include:

·       Not discussing client cases in public places (e.g., on the phone with my supervisor in public places).

·       Using secure client codes in written documentation to protect client identity—e.g., Aaron Henson might become A23.

·       Ensuring no client information is on my personal laptop. All client information, including access to Simple Practice is secured in my work computer, which is either with me or locked in my office at all times.

·       Implementing a double-lock or more rule of client records. For digital records, this looks like: one lock of the office building, a second lock of my office door, a third lock of my filing cabinet, a fourth lock on my laptop (which requires facial recognition), a fifth lock on Simple Practice (which also requires facial recognition). For physical records (i.e., psychotherapy notes), this includes the locked office building, office door, and filing cabinet.

·       Using a secure VPN to increase internet safety for Simple Practice access. Additionally, limiting non-clinical-based activity on my work laptop.

·       Not accessing Simple Practice from my personal laptop.

·       Limiting the printing of secure client information.

·       Shredding any secure client information in a HIPAA-compliant manner when it must be printed.

·       Requiring a signed two-way release of information compliant with HIPAA standards prior to disclosing any health information to a third party (e.g., your nurse, psychiatrist, or previous therapists).

·       Disallowing a non-HIPAA-bound person from using my work computer.

·       Utilizing encryption on my work laptop to further protect client information.

·       Regularly changing my password for Simple Practice to increase client safety.

·       Utilizing a HIPAA-compliant email system.

·       Not contacting clients through insecure channels, such as text or non-HIPAA-compliant email.

Exceptions to confidentiality protections include:

·       Any situation which requires I enact mandated reporter responsibilities, including the neglect, abuse, or abandonment of children, elderly populations, or disabled populations.

·       When a client is in danger of harming themselves (i.e., is experiencing suicidal ideation with intent and a plan)

·       When a client is in danger of harming another person (i.e., is experiencing homicidal ideation with intent and a plan)

·       Disclosures made to my supervisor—who is also bound by HIPAA—to ensure quality care.

·       When a client has made provisions for information to be legally released by signing a HIPAA-compliant release of information.

Protecting my clients’ confidentiality is of utmost importance to me as a legal and ethical mandate, and I seek to do everything in my power to ensure client safety. If you have any questions about how I will protect your confidentiality, please ask! This information will also be covered in the initial session.