What is HIPAA?

Written By Stephanie Marango

Welcome to a primer on the Health Insurance Portability and Accountability Act, aka HIPAA. Let’s rip off the band-aid and begin...

What is HIPAA?

To understand what it does, consider its composite words; Health Insurance, Portability, Accountability. In 1996, when the act was signed into law, it was designed to protect employees’ health insurance coverage between jobs (the portability part), as well as hold accountable the health insurance companies, in terms of waste management, fraud, etc. (the accountability part).

This turned out to be a first step in a (long and continuing) process of regulations. A step of primary importance for you, is the HIPAA Privacy and Security Rules of 2003 that defined – and protected - Protected Health Information (PHI). You see the outcome of this Rule anytime you visit your Primary Care Provider, for instance: 

• The ‘Notice of Privacy Practices’ you likely receive and sign

• Your ability to request your own medical records

• Your ability to opt of having your data used for marketing, research, etc.

• Controlled access to where your data is stored

• Electronic Medical Record (EMR) systems that are encrypted (similarly to ours!) to protect the privacy of your data when your info is sent to other physicians, health insurance companies for billing, etc.

Subsequent to the aforementioned Privacy Rule and Security Rule came a few more Rules...and there will probably be even more when new standards are added, existing standards are modified, etc.

In short: HIPAA is a set of evolving regulations that are designed to respect the handling of private patient information. And they have more to do with the type of service you provide, than your title. Which leads us to...

How do you know if you need HIPAA compliance?

To quote the experts, a.k.a. the Dept. of Health and Human Services:

As required by Congress in HIPAA, the Privacy Rule covers:

• Health plans

• Health care clearinghouses

• Health care providers who conduct certain financial and administrative transactions electronically. These electronic transactions are those for which standards have been adopted by the Secretary under HIPAA, such as electronic billing and fund transfers.

There you have it. Simple, right?

Not so much.

At the general level, this Rule applies to...

Anyone who is electronically sharing health information or billing for it. Typical examples include physicians, chiropractors, osteopaths, therapists. Basically, practitioners who are covered by an insurance company likely have to comply with HIPAA. 

At the general level, this Rule does not apply to...
Practitioners who are not submitting claims electronically to a third party for billing purposes. Many wellness modalities fall under this purview; for instance, a yoga teacher or reflexologist who keeps notes on their clients but does not accept health insurance. 

Generally speaking...

There is a lot of confusion around this topic. You are not alone. If you are unsure, consult an attorney. An attorney can help you know where you fit into this puzzle and how to make it happen. Which leads to...

How do you make HIPAA compliance happen?

HIPAA compliance is born of federal regulations and, thereby, requires many regulations of your own. After you contact counsel to determine whether or not HIPAA applies to you, there are services that can help guide you through the labyrinth of risk assessment, documentation, security, auditing, staff training, etc. Here’s an example of one we found online: hipaasecuritysuite.com. 

The good news: Coherent Health’s technology fits into a HIPAA compliant practice. Simply. If/When you need to be HIPAA compliant, email us, and - a few steps later - Coherent Health’s software will be part of your HIPAA compliant practice.

The better news: If you’re reading this, you’re likely a wellness practitioner who is not regulated by HIPAA-compliance. That said, you still should make a professional commitment, and take steps to honor client confidentiality. Which our platform inherently does, whether you’re taking notes on it or discussing clients with collaborators.

Want to learn more about honoring confidentiality? 

Whether or not you are regulated by HIPAA, information you receive from your client-practitioner interaction should be kept confidential. It’s that simple. And ethical.

It can also be confusing. Read here to learn more about client confidentiality and how to protect it.

Curious about lots of topics related to HIPAA and confidentiality?
Start here:

US Dept of Health and Human Services: HIPAA Home. The official word, as far as HIPAA is concerned.

The history of HIPAA. Straight from the HIPAA Journal.

Confidentiality versus HIPAA. A very readable conversation by two savvy bodyworkers. 

This document does not constitute legal advice.

Stephanie Marango
Previous

Practice Makes Patterns
Next

Client Confidentiality