HIPAA Compliance for Mental Health Professionals

Many mental health providers believe that if they uphold their obligation to client confidentiality, they are HIPAA compliant. Others believe that because their electronic health record provider promises HIPAA compliance, they are HIPAA compliant. Both are common myths. The reality is HIPAA is much more complex, requiring ongoing efforts to protect patient information. HIPAA has very specific privacy requirements for managing patient information well beyond the familiar Notice of Privacy Practices, and HIPAA security regulations also compel providers to consider all electronic (and paper) aspects of their practice.

This vital resource offers mental providers clear guidance on HIPAA and HITECH. The book’s concise but comprehensive format describes HIPAA compliance in ways that are both understandable and practical. Differences between traditional patient confidentiality and HIPAA privacy and security regulations are explained. Additionally covered are:

  • Patient rights under HIPAA and HITECH regulations
  • The HIPAA definition of (federally protected) psychotherapy notes
  • How to conduct the required security risk assessment and implement a subsequent remediation plan
  • Management of the interaction between HIPAA regulations and state mental health statutes
  • Requirements when contracting with business associates or subcontractors
  • Responding to a breach of protected health information
  • Common questions about HIPAA regulations and mobile devices
  • Encryption requirements under the security regulations

HIPAA Demystified applies to anyone responsible for HIPAA compliance, ranging from sole practitioners, to agencies, to larger mental health organizations, and mental health educators. HIPAA requirements are now becoming the standard of care in privacy and security of patient information. Costs for failing to comply with the regulations can include ethical and legal repercussions, reputational damage, financial loss, and damage to the therapist-patient relationship when their private information is breached. Readers will find this book chock full of real-life examples of individuals and organizations who ignored HIPAA, did not understand or properly implement specific requirements, failed to properly analyze the risks to their patient’s private information, or intentionally skirted the law. In the quest to lower compliance risks for mental health providers HIPAA Demystified presents a concise, comprehensive guide, paving the path to HIPAA compliance for mental health.

amazon
kindle
HIPAA Demystified
Sign-Up Below for Your Complimentary Sample Chapter.

"*" indicates required fields

Name*
Would you liked to be informed about other HIPAA training and events?*

Daniel Lettenberger-Klein M.S., LMFT
Regional Service Director Sunrise Detox Alpharetta GA

“HIPAA Demystified provides a superb opportunity for professionals in an agency or corporate setting to more comprehensively assess risk. Through the understanding of changing technologies, Dr. Hecker affords readers the opportunity to more globally understand the aspects of their agency that must be scrutinized. In an agency setting, the opportunity to identify and mitigate areas of concern is truly paramount. The agencies involved in mental/ behavioral health treatment often have to find creative ways to survive, thrive, and maintain revenue streams in today’s insurance driven marketplace. Any seminal event can lead to devastating legal and financial consequences. Not only does this book help to identify the legal ramifications that could impact an organization of any size, but it also sheds light on the financial outcomes that could be debilitating. A thorough assessment and understanding of the necessary HIPPAA guidelines allows for an agency to avoid financial hardship brought about by the results of damaged reputation, diminished patient care, and weakened organizational and funding source partnerships.

HIPAA Demystified brings to light the necessity of thoroughly understanding the reach of risk assumed within an agency. Without this book, risk through areas such as subcontractors or other extensions of business will be difficult to pinpoint. Dr. Hecker thoughtfully allows for readers to gain a comprehensive understanding of the differing types of risk and the impact associated with it. Agencies are only as strong as their weakest link, and therefore the need for training is of the utmost importance. HIPAA Demystified informs the necessity of training at every level of the organization. Overall, HIPAA Demystified , was insightful, informative, well written, and thought-provoking. A mustread for any professional, from student to CEO”.

Mary K. Alvord, Ph.D.
Psychologist and Director, Alvord, Baker & Associates, LLC Adjunct Associate Professor of Psychiatry and Behavioral Sciences at The George Washington University School of Medicine and Health Sciences, Rockville, MD

“HIPAA is becoming the standard of care for mental health, whether or not one is officially a “covered entity”. Therefore, it is critical that all mental health practitioners, and mental health programs and agencies, understand and adhere to the standards of care under HIPAA. While maintaining confidentiality is integral to training and practice, protecting the security of information is less familiar, and there is a need for resources that address this gap in literature. HIPAA Demystified: HIPAA Compliance for Mental Health Professionals meets this need and is a practical and readable resource. Clearly explaining the regulations and law, Dr. Hecker leads the reader to answer pertinent questions to develop a step-by-step guide to implementing a customized compliance program. Key to providing safeguards is a risk assessment, and the book guides you in doing so. Dr. Hecker discusses many critical elements for a mental health practice, such as clarification of how a psychotherapy note is defined by HIPAA and what other types of information are not considered psychotherapy notes. Real world examples throughout the book illustrate the complex set of privacy and security rules applicable to mental health, thus helping the reader establish safeguards to avoid breaches. A model Notice of Privacy Practices is provided as well as numerous links to websites relevant to navigating the HIPAA road! Overall, this book is an extremely relevant and helpful resource for mental health professionals who strive to maintain the security of protected health information while navigating rapidly changing technologies”.

Norman C. Dasenbrook
MS, LCPC Practice Consultant Dasenbrook Consulting Rockford, IL

“HIPAA compliance is so much more than just passing out the Notice of Privacy Practices at the first client contact. In HIPAA Demystified, Dr. Lorna Hecker explains the essence of the Health Insurance Portability Accountability Act of 1996 and translates it in an understandable manner, allowing readers smooth implementation of the regulations to their practices. Each chapter is arranged with clarifying “demystification” summaries that explain HIPAA requirements in actionable terms. Dr. Hecker’s use of real world case examples illustrating breaches of protected patient health information reminds us how easily this can happen and how to mitigate those risks. Search no longer, HIPAA Demystified will be your ultimate guide to HIPAA compliance.”