Digital Concerns of Security and Privacy and HIPAA
in Private Practice Management

By Ofer Zur, Ph.D.

Digital Ethics, Security & Privacy

8 Important Facts
  1. Only HIPAA Covered Entities are legally required to comply with the federal HIPAA laws. If you have never billed insurance electronically, it is likely you are not a HIPAA Covered Entity. That means that you neither need to give clients Notice of Privacy Practices (NPP) nor do you need to get Business Associate (BA) contracts with anyone.
  2. Nevertheless, HIPAA awareness is still important. HIPAA is generally the standard of care for security and privacy. Plus, your state laws and licensing board rules may mimic parts of HIPAA.
  3. The updated 2013 HIPAA rules clarify that clients can consent to receive emails containing sensitive confidential information if they are first informed of the risks and still choose to receive the emails.
  4. Blank intake forms are not confidential nor are they “protected health information.” Feel free to post them on your website for new clients to download.
  5. Electronic Health Record (“EHR”) systems can be very useful. They are also a major part of the Affordable Care Act, but the federal government does not require them for clinicians who are not involved in the Affordable Care Act system.
  6. Our private practice clients are asking: Can I pay with a credit card? Can I get the intake forms from your website? Can I e-mail you to set up the next appointment? Can I text you if I’m running late? You can answer “Yes!” to all the above questions — if you prepare for the “gotchas” and pitfalls involved. The new HIPAA rules clarify and reiterate that our clients have rights and autonomy. After being informed of any risks involved, they can choose how we communicate with them, how they pay, etc. Our main responsibility is to be aware of those risks and do what is feasible for our practices to keep those risks to a reasonable and appropriate minimum.7. You can secure your computer and smartphone or tablet (iPad, Android tablet, etc) in HIPAA-compliant ways with little or no cost.
  7. You can accept credit cards on your smartphone or tablet computer using free apps like Square or PayPal.

Sign up for topical updates and invitations to participate with Dr. Zur