HIPAA Compliance for Mental Health Professionals

Many mental health providers believe that if they uphold their obligation to client confidentiality, they are HIPAA compliant. Others believe that because their electronic health record provider promises HIPAA compliance, they are HIPAA compliant. Both are common myths. The reality is HIPAA is much more complex, requiring ongoing efforts to protect patient information. HIPAA has very specific privacy requirements for managing patient information well beyond the familiar Notice of Privacy Practices, and HIPAA security regulations also compel providers to consider all electronic (and paper) aspects of their practice.

This vital resource offers mental providers clear guidance on HIPAA and HITECH. The book’s concise but comprehensive format describes HIPAA compliance in ways that are both understandable and practical. Differences between traditional patient confidentiality and HIPAA privacy and security regulations are explained. Additionally covered are:

  • Patient rights under HIPAA and HITECH regulations
  • The HIPAA definition of (federally protected) psychotherapy notes
  • How to conduct the required security risk assessment and implement a subsequent remediation plan
  • Management of the interaction between HIPAA regulations and state mental health statutes
  • Requirements when contracting with business associates or subcontractors
  • Responding to a breach of protected health information
  • Common questions about HIPAA regulations and mobile devices
  • Encryption requirements under the security regulations

HIPAA Demystified applies to anyone responsible for HIPAA compliance, ranging from sole practitioners, to agencies, to larger mental health organizations, and mental health educators. HIPAA requirements are now becoming the standard of care in privacy and security of patient information. Costs for failing to comply with the regulations can include ethical and legal repercussions, reputational damage, financial loss, and damage to the therapist-patient relationship when their private information is breached. Readers will find this book chock full of real-life examples of individuals and organizations who ignored HIPAA, did not understand or properly implement specific requirements, failed to properly analyze the risks to their patient’s private information, or intentionally skirted the law. In the quest to lower compliance risks for mental health providers HIPAA Demystified presents a concise, comprehensive guide, paving the path to HIPAA compliance for mental healh.