Rules! Where do I start? What rules do I follow?
When you’re doing Teletherapy, you have to follow certain rules to ensure that you are using online services that keep your client’s personal information private. You also have to make sure that you are transferring information in secure ways. Furthermore, there has to be a way for your clients to access their information easily and electronically. One of the rules you have to follow is HIPAA. You’ve probably seen HIPPA disclosures at the doctor’s office or at your child’s school. Read below for a summary of HIPAA.
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
is a set of national standards that were developed by the Department of Health and Human Services (HHS) to ensure that personal information is handled with care and privacy.
HIPAA protects healthcare recipients by giving them control over how their PHI is used and who it may be disclosed to. Under HIPAA rules, healthcare professionals have to make sure they access, use and disclose protected health information (PHI) only when necessary to provide care. Storing information must also be done using a HIPAA compliant method. Storing PHI electronically is allowed as long as you are using HIPAA compliant software or methods. Furthermore, HIPAA also expects that you dispose of protected, physical or electronic health information in secure ways. They expect that you have policies and procedures set in place to dispose of PHI appropriately. There is no required time period for you to keep records set by HIPAA. You should check with your state laws for information on retaining medical records after discharging a client.
When working as a teletherapist much of the information we obtain, use and provide is through electronic methods. HIPAA allows you to obtain electronic consents or authorizations as long as you are using software that has valid electronic signatures. There is a difference between “consent” and “authorization.” Obtaining consent for the purpose of disclosing information to your client, providing treatment, obtaining payment and providing everyday health operations is optional as these are allowed under HIPAA. However, you must obtain authorization when disclosing PHI this is not for the use of treatment or payment to the individual or for everyday health operations. For example, if you are providing PHI to another health care professional, written authorization must be obtained.
Authorizations must have easy to understand language and contain specific information such as:
- person disclosing information
- person receiving information
- the information being disclosed
- the purpose of disclosing such information
- the expiration date for authorization
- right to revoke the authorization
To learn more about other privacy rules such as HITECH and COPPA click here. You’ll find brief explanations and links for additional resources.
Photo on Visual Hunt