HIPAA stands for Health Insurance Portability and Accountability Act. This rule offers Federal protections for a person’s personal health information whether it’s physical or mental. HIPAA gives the patient rights over their own health information and ensures that all health information is safe and secure. All covered entities must follow this law including: health plans, health care providers (including mental health), and health care clearing houses. Some administrations may have health information about a person but are not required to follow the HIPAA laws. Schools, life insurers, employers, and law enforcement agencies including Child Protective Services are some examples. In chemical dependency, CPS is often involved, especially when the patients provide direct care for their children. If there is any situation in which the welfare of a child is being questioned CPS will have direct access to records. Otherwise, electronic reports, billing information, conversations, and medical records are all information that is protected by covered entities. Covered entities protect this information by limiting use, creating contracts, and having procedures in place including employee trainings. The HIPAA rule gives the patient rights over their health information and it is the patient’s responsibility to learn those rights. Some information about the patient’s rights can be found here: http://www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/consumer_rights.pdf. The HIPAA law does provide some availability at who can look at patient’s records. For example, information can be shared with other professionals to pay a doctor or to protect the public’s health by reporting an outbreak of a virus.
The HIPAA privacy does at times permit covered entities to disclose health information without the patient’s consent. If there is a public health emergency or a bioterrorism threat in which a public health official can help prevent or lessen the threat then it is required by law that the official release the information to law enforcement. However, the HIPAA rule does not require a medical professional to send documents to the government for database purposes. Law enforcement officials may only receive health information if the information is asked for by a specific written request, court order, or grand jury subpoena. If a state agency is a covered entity then they must adhere to the HIPAA privacy law. If a state agency is not a covered entity then they are not required to comply with the HIPAA rule.
Administrators play a big role in enforcing the HIPAA rules throughout their entity. Administrators are responsible for creating policies and procedures that adhere to HIPAA. There must be a designated person that is in charge of creating these policies, receiving complaints, and must also be the main contact in regards to this rule. A covered entity must train all workforce employees and management and also be able to mitigate. A covered entity must have some sort of data safeguard. This would include locking up client records, not allowing client records to be taken out of the office for any reason other than when required by law, protecting a client’s name on any documentation, and shredding paper. A clients documents pertaining to the privacy rules must be maintained for 6 years. If a complaint is being pursued a covered entity may not in any way retaliate against the patient which includes waiving rights, payments, or benefits to the patient.
HIPAA is a very complex rule that involves a lot of education and understanding to be able to exercise properly. It can be especially complicated when it comes to chemical dependency as the counseling sessions naturally involve a lot of legal and ethical issues that will arise. It is vital for all health professionals and patients to understand the laws regarding this rule. A health care professional must also stay up to date on federal and state laws regarding confidentiality. It is important for all healthcare professionals to adhere to the HIPAA rules to not only protect the patient’s confidentiality but to protect themselves and the covered entity that they are working for.
DHS. “Understanding Health Information Privacy.” United States Department of Health and Human Services. Web. 25 Jan. 2011. <http://www.hhs.gov/ocr/privacy/hipaa/understanding/index.html>.