Before we delve into this topic, a note: this article is not an exhaustive list of all that is required for HIPAA compliance. You may decide to contact an attorney or Privacy Officer to help you examine each rule thoroughly and put an action plan in place. Our intention is to get you started with what you need to know to hit the ground running.
As a Mental Health or Medical Provider, you will be handling protected health information (PHI). Under HIPAA rules individual practitioners are referred to as a Covered Entity because you transmit health information during your sessions. SecureVideo would be known as your Business Associate, because we help carry out your health services.
Four rules apply to you. Links are provided here should you want to delve in deeper:
You will need to follow all these rules above. Consider the first two proactive and the remaining, reactive. The first two you must follow and create action items around. If there is a security breach, as per the HIPAA Breach Notification Rule, you will need to notify your clients immediately following a security breach of their PHI. The HIPAA Enforcement Rule kicks in if you do not comply to the other three rules.
In a nutshell, HIPAA asks you to do the following:
- Establish protections to safeguard PHI.
- Fairly check that sharing and use of PHI to a minimum, only enough to accomplish the expected outcome.
- Establish your Business Associate Agreements (BAAs) to ensure that your service providers will also preserve PHI and only use it properly.
- Put your policies and procedures in place to restrict who has access to PHI. Enroll yourself and your employees in a training program around PHI safety. Periodically review your procedures to assess how you are maintaining your PHI secure.
Please check in for more articles related to HIPAA laws in the near future. Do you have a specific question? Please ask! We may be able to help.