Privilege and confidentiality Flashcards
what things to focus on relevant to privilege and confidentiality
Laws
-Federal
-PA state
Ethics Code
-PA state board of psychology
-APA
what is privilege (legal term)
-A right or benefit that is given to some people and not to others
-Not really used in our field
what is confidentiality (ethical principle)
Showing that you are saying something that is secret or private
what is privacy (general right)
-Freedom from unauthorized intrusion
-HIPAA falls under this
what does HIPAA stand for and what does it apply to
Health Insurance Portability and Accountability Act – applies to electronic media; if you transmit anything electronically you have to follow HIPAA laws
general summary of what HIPAA is
Federal law regarding disclosure of information
Minimum standards for
-Protecting health and mental health records
-Security of electronic and other health information
what is state preemption
federal law will only take place of state law if federal law better protects patient privacy
-PA state law is strict
what is FERPA
federal law that covers confidentiality in education institutions including institutions of higher learning
what can help with HIPAA
cyber insurance
what are the three components of HIPAA
privacy standards, security standards, transaction standards
what are privacy standards
For the use and disclosure of individually identifiable protected health information
what are security standards
Protect the creation and maintenance of protected health information
what are transaction standards
-Electronic exchange of health information
-Important to include on intake forms, ask people how they prefer communication to be done
-Ask if you are allowed to leave message, if you can say your name and where you work, etc
platforms that are HIPAA compliant
-Google meet, Zoom (have to email them and get agreement for HIPAA compliance for Zoom and Google Meet), Doxy
what are the covered entities (CE) under HIPAA
-Health care insurers
-Hospitals and health care facilities
-Health care providers who transmit information electronically
-Psychologists must comply if they bill electronically for just one patient
what are the requirements of HIPAA
-Privacy notices
-Business associate agreements (can copy these or use pre existing forms)
-Privacy officers (every practice has to have one)
-Person that a client can go to if there is any problems or concerns around confidentiality and HIPAA related complaints
-If you act alone, you are this person; have to figure out how clients can handle these complaints
-Can be an administrator, not a clinician
what is the definition of psychotherapy notes within HIPAA
Implications for release of information to patients and third party payors
Process notes you put more information in; progress notes you want to be much more vague and strictly about the content
-Do not know what a legal team will do with this information
-Make plan to shred process notes as these can be subpoenaed (should get rid after supervision)
what to include in HIPAA privacy notice
Federal Law Requirements
-Essential information about patient privacy
-Include limits of confidentiality
-Only one is required per organized entity
-Given at start of therapy or as soon as possible
PA State Law
-Follow the federal law
APA Ethics Code
-Limits of confidentiality and informed consent
PA Ethics Code
-Principle 5a: psychologists shall safeguard the confidentiality of information
HIPAA privacy rule requirements for business associates
-Individual or group who has legitimate reason to get protected health information (PHI)
-Does not include other health care professionals
-Includes billing services, answering services, etc.
-Business associates agreement – agreement to abide by HIPAA standards
HIPAA privacy rule requirements for privacy officers
-Oversees the implementation of confidentiality rules of health care organization
Handles training employees and reviewing grievances
-Have to be trained on HIPAA every single year, need records of this if you are ever audited
Psychologist in solo practice can be their own privacy officer
what is considered PHI
Oral, written, typed, or electronic individually identifiable information related to
-A person’s past, present, or future mental health
-Provision of health care to a person
-Past, present or future payment for health care
explain psychotherapy notes (process notes) under HIPAA
Not required as a part of HIPAA
-Under HIPAA patients do not have the right to see process notes (but can see progress notes)
Definition of psychotherapy notes
-Notes recorded in any medium by a health care provider who is a mental health professional documenting or analyzing the contents of conversation during a private counseling session or in a group, joint or family counseling session and that are separated from the rest of the individual’s medical record
what is NOT considered psychotherapy notes and what someone can have acces to
Medication prescription and monitoring
Counseling sessions start and stop times
Modalities and frequencies of treatment
Results of clinical tests
Any summary of the following
-Diagnosis
-Functional status
-Treatment plan
-Symptoms
-Prognosis
-Progress to date
explain how to write progress notes
Try to be very direct and clear in notes; do not leave things up for interpretation
It is best practice to keep these things
-Could be at a legal risk; keep things for 7 years from most recent contact (APA law, state law says 5)
-Best practice is to get rid of this stuff after that time has lapsed
explain third party payors
Third party payors can condition payment upon receipt of information listed here
E.g. insurances require new treatment plans every 4 years, this is why people do not take insurances
explain the HIPAA security rule
Requires psychologist to safeguard PHI is transmitted or stored electronically
Includes but not limited to
-Patient notes, email with or about patients and insurance or financial records with identifying patient information
-Have to include emails and texts in notes between clients
To be in compliance psychologists must assess possible security risk related to electronic health information and take steps to reduce risks
-Having own server can help with this for the group practice
No way to protect everything, just do the best you can
