HIPAA is a Federal Law establishing rules about health information and must be followed by health plans, certain businesses, doctors, hospitals, and other healthcare providers. HIPAA is intended to eventually streamline healthcare by mandating consistent standards for storing and transmitting health records and claims. In this process, Congress wisely realized the importance of establishing a patients right to privacy, adopting standards for protecting the confidentiality of patient information, referred to as Protected Health Information (PHI).
Relevance to You
Whether or not you are technically required to follow HIPAA depends on details about your practice, described below. But regardless of whether your practice meets specific criteria for HIPAA-compliance, all counselors should recognize that HIPAA is becoming the industry standard and establishes best practices regarding patient confidentiality.
HIPAA takes precedent over other laws on the subject, except when state laws offer even more stringent patient protections (and on consent and confidentiality practices, most states do!). Therefore, you also need to be well versed in your states confidentiality laws regarding mental health information.
The following HIPAA elements may have direct relevance to your practice:
Patients now have greater access to, and control over, their own records. Think of it this way: You may own the paper, but the patient owns the content.
HIPAA identifies when PHI disclosure is allowedto coordinate treatment, payment, and operationsas well as when an Authorization is required to disclose PHI, except in certain governmental functions and/or emergencies.
You must verify the identity and authority of anyone seeking PHI from you.
Even when allowed to disclose PHI, you must limit it to the minimum necessary to accomplish the task.
Civil and criminal penalties for HIPAA violations that could land you in jail with thousands of dollars or more in fines for each offense.
Biblical Considerations on HIPAA
Prison is a strong deterrent, but Christian counselors are clearly motivated by something greater, and accountable to a higher authority. HIPAA is the law, and with very few exceptions Gods Word is clear that we need to obey the law and authorities He has put in place (Romans 13:1-3; Hebrews 13:17). While scripture may not mention HIPAA, it clearly directs us to conduct ourselves with the highest legal, ethical, and moral standards. The Bible has plenty to say on principles related to confidentialityprotecting others, keeping confidences, confession, trust, and gossipthat may help us better understand why we need laws like HIPAA in the first place.
HIPAA is about consent and confidentiality, and confidentiality is about protecting clients and preserving therapeutic relationships. Professional counselors are not to discuss with othersexcept when allowed or required by lawwhat was disclosed in counseling sessions. This creates a safe environment for clients by protecting them from harm and protecting their dignity. HIPAA, then, is a legal structure making it safe for people to confess problems to professionals without fear that honest talk will be used to harm them.
The Bible tells us to confess our sins to others (Ezra 10:11; James 5:16; and 1 John 1:9), but not randomly or indiscriminately. Those who confess to you do so under the assumption that you will prove faithful and not violate their trust (1 Corinthians 4:1-2). Scriptural principles on trust and confession to others are supported by teachings on avoiding gossip (Proverbs 11:13; 16:28; 20:19). Gossip damages your Christian ministry by harming you and others in the fallout. Therefore, breaking client confidence for any reason except to protect them or others violates Biblical principles, professional ethics, and state and federal laws.
Does HIPAA Apply to Me?
Those required to comply with HIPAA are called Covered Entities. Christian counselors are considered Health Care Providers and may qualify as Covered Entities without even knowing it! If your practice engages in certain electronic transactions involving PHI, then HIPAA applies to you. It is important to understand that HIPAAs œAdministrative Simplification regulations come in an all-or-nothing package. In other words, if the Privacy Rule is activated for your practice by any of the electronic transactions listed below, then the Security Rule and Standard Transactions Rule apply as well. On the other hand, if you do not transmit PHI electronically, then HIPAA does not technically apply to you. HIPAA may apply to you under the following circumstances:
If you transmit PHI electronically in any of the following transactions: healthcare claims, healthcare payment/ remittance advice, coordination of benefits, healthcare claim status, enrollment/disenrollment in health plans, eligibility for a health plan, health plan premium payments, referral certification/authentication, first report of injury, and health claims attachments.
Someone else acting on your behalf transmits PHI electronically, such as a clearinghouse or billing service. This means that Christian counselors who directly or indirectly accept third-party reimbursement must comply with HIPAA. _That includes most counselors_!
If you qualify as a Covered Entity and are not already applying HIPAA, you need to become compliant immediately. HIPAAs Privacy Regulations went into effect in April 2003, with additional Security Regulations in April 2005. Even if you operate an entirely self-pay practice and do not use or transmit electronic PHI, it is still recommended that you become HIPAA compliant. If you make any future changes to your practice accepting third-party reimbursement, electronic record keeping, employing a billing serviceyou will need to be compliant the moment you make that change. No grace period will be given.
HIPAA compliance entails:
Developing policies, procedures, training, and business agreements to control access and disclosure of PHI in any form, including verbal, paper, video, and electronic
Developing administrative and security protocols to protect confidentiality of PHI stored or transmitted in a computer in electronic form ( EPHI).
Implementing standardized formats for EPHI.
The important steps are to appreciate the need for legal privacy of health information and to understand the laws/ ethics surrounding confidentiality. You must also determine whether or not you qualify as a Covered Entity. If your counseling practice utilizes computers, fax machines, copiers, or email, for example, you may want to take a close look at the requirements. And finally, recognize that HIPPA is the accepted practice in health care regarding patient confidentiality, and make any necessary changes in your practice to conform to the law. You may not be technically required to comply with HIPAA, but it is still a good idea nonetheless.Take help from telephone therapist .
_Darren Schwartz, M.C., is a Licensed Professional Counselor and a Licensed Minister. He is currently the Compliance Manager for Remuda Ranch Center for Anorexia and Bulimia, Inc., Wickenburg, Arizona._
