Do you quickly scroll through the privacy protections on websites that are asking you for private information?
Do you read your privacy rights that are sent with your credit card bills?
I know that I often as a consumer quickly scroll without reading the notices to get to what I want to do on the website. At the doctor’s office, I may quickly sign the form rather than read the fine print.
However, as a clinician, it is extremely important that I thoroughly know and apply HIPAA in my interactions with my students and clients. As graduate students in the field of speech and language pathology, it is important that you understand the regulations and integrally follow this law. You are liable to fully understand and follow the HIPAA law.
HIPAA: is the Health Insurance Portability and Accountability Act (HIPAA), Public Law 104- 191, enacted on August 21, 1996.
https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html that will give you the full law.
In summary, the Protected Health Information Protected health information (PHI) includes:
- Social security number
- Demographic information relating to:
- The patient’s past, present, or future physical or mental health
- The provision of healthcare to the patient
- Past, present, or future payment for the provision of health care
Under HIPAA’s Privacy Rule, all PHI used by a covered entity must be protected, no matter the form whether the information is electronic, paper, oral.
What does this mean in the clinic?
- When you are writing your lesson plans you are NOT putting any identifying information on your plan.
- When writing progress notes you are NOT putting any identifying information on your personal computer. Final progress reports are written on secured computers and done by the supervisor.
- If you need to email or text about a client you are NOT using the client’s identifying information.
- You are NOT talking about the client in hallways, cafeteria or other public places.
- You are Not sharing information about your client in any form (phone, text, email, meeting) without a signed release form specifically stating who you can share the information with, how you can share this information and for what dates.
- You are NOT recording therapy sessions, evaluations, language samples or any other interactions with your client on your personal computers. Videotape, audiotape, and DVD recordings are considered part of a patient’s PHI and are NOT to leave the facility for any reason. Secured computers are provided for this and remain in a secured area of the clinic and need to be signed out.
- You are NOT taking screenshots or any other pictures on your personal computer or phone.
- Client’s information must be discarded by shredding, NOT by placing in regular trash/recycle bins.
- Do respect patients and their right to privacy. Keep your voice low so others cannot overhear your conversation.
- Do NOT use the hallway to talk to the families. Have them come into the clinic room to give them privacy. In the clinic, all of the clients are leaving at the same time. Not only will you be violating HIPAA but you create a bottleneck blocking some families from leaving.
I think that it is also important for you to understand the consequence of violating the law.
There are severe civil and criminal penalties for a single violation that range from $100 per violation to $250,000 and/or 10 years in prison. The HIPAA Omnibus Rule of 2013 expanded the penalties up to $1.5 million for multiple violations in a covered year.
HIPAA is the only federal regulation that carries with it a personal liability to individuals who violate the act.
Protecting the privacy of our clients is everyone’s responsibility.