Privilege and confidentiality

Question 1

what things to focus on relevant to privilege and confidentiality

Answer 1

Laws
-Federal
-PA state

Ethics Code
-PA state board of psychology
-APA

Question 2

what is privilege (legal term)

Answer 2

-A right or benefit that is given to some people and not to others
-Not really used in our field

Question 3

what is confidentiality (ethical principle)

Answer 3

Showing that you are saying something that is secret or private

Question 4

what is privacy (general right)

Answer 4

-Freedom from unauthorized intrusion
-HIPAA falls under this

Question 5

what does HIPAA stand for and what does it apply to

Answer 5

Health Insurance Portability and Accountability Act – applies to electronic media; if you transmit anything electronically you have to follow HIPAA laws

Question 6

general summary of what HIPAA is

Answer 6

Federal law regarding disclosure of information

Minimum standards for
-Protecting health and mental health records
-Security of electronic and other health information

Question 7

what is state preemption

Answer 7

federal law will only take place of state law if federal law better protects patient privacy
-PA state law is strict

Question 8

what is FERPA

Answer 8

federal law that covers confidentiality in education institutions including institutions of higher learning

Question 9

what can help with HIPAA

Answer 9

cyber insurance

Question 10

what are the three components of HIPAA

Answer 10

privacy standards, security standards, transaction standards

Question 11

what are privacy standards

Answer 11

For the use and disclosure of individually identifiable protected health information

Question 12

what are security standards

Answer 12

Protect the creation and maintenance of protected health information

Question 13

what are transaction standards

Answer 13

-Electronic exchange of health information
-Important to include on intake forms, ask people how they prefer communication to be done
-Ask if you are allowed to leave message, if you can say your name and where you work, etc

Question 14

platforms that are HIPAA compliant

Answer 14

-Google meet, Zoom (have to email them and get agreement for HIPAA compliance for Zoom and Google Meet), Doxy

Question 15

what are the covered entities (CE) under HIPAA

Answer 15

-Health care insurers
-Hospitals and health care facilities
-Health care providers who transmit information electronically
-Psychologists must comply if they bill electronically for just one patient

Question 16

what are the requirements of HIPAA

Answer 16

-Privacy notices

-Business associate agreements (can copy these or use pre existing forms)

-Privacy officers (every practice has to have one)
-Person that a client can go to if there is any problems or concerns around confidentiality and HIPAA related complaints
-If you act alone, you are this person; have to figure out how clients can handle these complaints
-Can be an administrator, not a clinician

Question 17

what is the definition of psychotherapy notes within HIPAA

Answer 17

Implications for release of information to patients and third party payors

Process notes you put more information in; progress notes you want to be much more vague and strictly about the content
-Do not know what a legal team will do with this information
-Make plan to shred process notes as these can be subpoenaed (should get rid after supervision)

Question 18

what to include in HIPAA privacy notice

Answer 18

Federal Law Requirements
-Essential information about patient privacy
-Include limits of confidentiality
-Only one is required per organized entity
-Given at start of therapy or as soon as possible

PA State Law
-Follow the federal law

APA Ethics Code
-Limits of confidentiality and informed consent

PA Ethics Code
-Principle 5a: psychologists shall safeguard the confidentiality of information

Question 19

HIPAA privacy rule requirements for business associates

Answer 19

-Individual or group who has legitimate reason to get protected health information (PHI)
-Does not include other health care professionals
-Includes billing services, answering services, etc.
-Business associates agreement – agreement to abide by HIPAA standards

Question 20

HIPAA privacy rule requirements for privacy officers

Answer 20

-Oversees the implementation of confidentiality rules of health care organization

Handles training employees and reviewing grievances
-Have to be trained on HIPAA every single year, need records of this if you are ever audited

Psychologist in solo practice can be their own privacy officer

Question 21

what is considered PHI

Answer 21

Oral, written, typed, or electronic individually identifiable information related to
-A person’s past, present, or future mental health
-Provision of health care to a person
-Past, present or future payment for health care

Question 22

explain psychotherapy notes (process notes) under HIPAA

Answer 22

Not required as a part of HIPAA
-Under HIPAA patients do not have the right to see process notes (but can see progress notes)

Definition of psychotherapy notes
-Notes recorded in any medium by a health care provider who is a mental health professional documenting or analyzing the contents of conversation during a private counseling session or in a group, joint or family counseling session and that are separated from the rest of the individual’s medical record

Question 23

what is NOT considered psychotherapy notes and what someone can have acces to

Answer 23

Medication prescription and monitoring

Counseling sessions start and stop times

Modalities and frequencies of treatment

Results of clinical tests

Any summary of the following
-Diagnosis
-Functional status
-Treatment plan
-Symptoms
-Prognosis
-Progress to date

Question 24

explain how to write progress notes

Answer 24

Try to be very direct and clear in notes; do not leave things up for interpretation

It is best practice to keep these things
-Could be at a legal risk; keep things for 7 years from most recent contact (APA law, state law says 5)
-Best practice is to get rid of this stuff after that time has lapsed

Question 25

explain third party payors

Answer 25

Third party payors can condition payment upon receipt of information listed here

E.g. insurances require new treatment plans every 4 years, this is why people do not take insurances

Question 26

explain the HIPAA security rule

Answer 26

Requires psychologist to safeguard PHI is transmitted or stored electronically

Includes but not limited to
-Patient notes, email with or about patients and insurance or financial records with identifying patient information
-Have to include emails and texts in notes between clients

To be in compliance psychologists must assess possible security risk related to electronic health information and take steps to reduce risks
-Having own server can help with this for the group practice

No way to protect everything, just do the best you can