HIPAA for Mental Health Care Providers

This course is for mental health professionals. It answers what HIPAA is; while, ensuring your knowledge and understanding of the important pieces of HIPAA law, such as HIPAA Privacy, HIPAA Security, and the Enforcement Rule for HIPAA violations.

Includes 2021/2022 Updates - ONC 21st Cures Act Final Rule and the CMS Final Rule

Course includes a video and audio component with stand-alone exam

Receive HIPAA Certification "Certificate of Completion" with successful completion

FAQ's

Why does HIPAA prevent mental health reporting?

HIPAA, the Health Insurance Portability and Accountability Act, is designed to protect all health information, including mental health information. It helps to safeguard a patient's privacy. HIPAA does not specifically prevent mental health reporting, but any disclosures need to adhere to the appropriate protections outlined by the Act. The general rule is information can only be disclosed with the patient’s consent unless it falls under certain exceptions, the details of which are covered in this training course.

What are the HIPAA regulations for mental health professionals?

HIPAA regulations allow mental health professionals to disclose essential information in specific circumstances. For example, mental health professionals can share patient details among themselves for consultation or referral purposes, but these disclosures are usually limited to the information necessary for the purpose.

With a patient's permission, they can also communicate with a patient's family members or other persons involved in care or payment for care. However, these communications should also be limited to the minimum necessary information.

When should a mental health professional go against HIPAA?

The HIPAA privacy rule is not typically violated but there are certain circumstances under which a mental health professional can disclose protected health information without the patient's consent. These exceptions include responding to a public health threat, reporting information about victims of abuse, neglect, or domestic violence, and for judicial and administrative proceedings.

What does HIPAA require to release mental health records?

Under HIPAA, a mental health professional can release mental health records with the patient’s consent. The consent must be in writing or, in some cases, assumed if the patient does not object. The information released should be limited to only what is necessary to accomplish the intended purpose.

In some exceptional cases, depending on state law, mental health records can be released without patient consent, for example in circumstances of public health emergencies or legitimate legal processes.

What is a Business Associate Under HIPAA?

Business associates are third parties who create, receive, maintain, or transfer Personal Health Information (PHI) on behalf of a covered entity. They are not typical employees of the entity, but they may have access to, use, or disclose PHI for specific purposes. Consultants, electronic medical record providers, attorneys, accountants, IT software providers, and medical billing services providers are a few examples of business associates.

What is an Example of a Business Associate Under HIPAA?

Businesses that would be considered business associates:

• Software companies with PHI access
• Companies that process or collect claims
• A third-party administrator who helps a health plan process claims.
• Pharmacy benefit administrators who oversee the pharmacist network of a health plan. 
• Patient safety or accreditation organizations
• Medical transcription services
• Software and data processing companies that could handle PHI Medical equipment services companies that deal with PHI-containing equipment
• A CPA firm that provides accounting services to a health care provider that includes access to protected health information.
• A lawyer who provides legal services to a health plan and has access to protected health information.

Which Part of HIPAA Extends all of HIPAA's Obligations to Business Associates?

The HIPAA Privacy Rule is a federal law that protects personal health information privacy and grants patients’ rights. It also mandates that covered entities must obtain assurances from their business associates that the business associate will safeguard the PHI on their behalf. These assurances must be documented in writing, either through a contract or other arrangement between the covered entity and the business associate. A HIPAA Business Associate must understand the HIPAA Privacy Rule and how it applies to them.

How to Become a HIPAA Compliant Business Associate?

A business associate must maintain the privacy and security of PHI in the same way as the covered entity does.  If there is a breach, they will be held accountable. Due to the sensitive nature of their employment, business associates must complete HIPAA compliance training and sign a HIPAA business associate agreement with their covered entity. A business associate agreement acknowledges the business associate's responsibility to protect the PHI entrusted to them by the covered company.

Completing business associate training assists in safeguarding protected health information and meeting the HIPAA Privacy Rule standards. We provide an online HIPAA Business Associate training course that will guarantee your understanding of key HIPAA rules, standards, and regulations.