Maintaining Records Ethically

Video Transcription

Hey. Record keeping is what we'll be digging into in this lesson. We'll discuss basic legal and ethical mandates for security and protection of medical records. It will be essential for you to become familiar with federal laws and regulations, as well as state laws and regulations, related to medical record keeping.

But before we do that, let's first talk about the following, maintaining records, Health Insurance Portability and Accountability Act of 1996 or HIPAA, Public Law 104-191, adhering to HIPAA, confidentiality of alcohol and drug abuse patient records, or CFR Title 42 Part 2, HITECH Act. Then since this lesson covers a fair bit of info, I'll give a quick conclusion at the end.

Laws and regulations related to HIPAA, CFR Title 42, and HITECH will be addressed in this lesson. But the coverage is minimal, and you will need to complete in-depth research into each of the regulations. It's a counselor's responsibility to follow and create policies regarding the federal and state regulations, and failure to do so can result in fines of several thousand dollars.

You want to check with your liability insurance carrier regarding coverage related to confidentiality and security breaches. Free trainings and templates are available to assist in gaining compliance. All of this can be found at the Health and Human Services website. Here's what the web page looks like.

This lesson is just a starting point, and you'll need to complete in-depth reviews of all of the federal and state regulations related to the medical record and of how each regulation applies to your own business situation.

HIPAA establishes rules and regulations for how client-protected health information or a PHI can be used and disclosed. PHI is used for treatment, payment, and basic operations. This information includes client demographics, insurance information, testing information, and any other data collected by you.

HIPAA laws are specifically applicable to covered entities and business associates. Covered entities are health plans, clearinghouses, and any provider who transmits information electronically. Business associates include any person or entity that does business with a covered entity.

Counselors must do all of the following under HIPAA. Number one, create privacy policy and procedures. Number two, train staff on policies and procedures. Number three, give patients information regarding their PHI or notice of privacy policies. Number four, report breaches of PHI. Guidelines and templates for creating HIPAA disclosures for both covered entities, as well as business associates can be found on the federal government's website via a search for the terms HIPAA disclosure statements and Business Associate Agreement template.

HIPAA provides the least minimum protection for confidentiality and privacy. It will be important to also learn any state laws regarding security and privacy of client records, because when the state law is more stringent than the federal law, state law prevails. Lastly, HIPAA allows for disclosure of PHI without client authorization for purposes of treatment, payment, and health care operations.

So this is applicable to anyone who one, is federally assisted and two, diagnoses, treats, or refers clients for substance use disorder care. Part two of CFR Title 42 provides the maximum in protection and confidentiality and privacy. Part of the reason for additional stipulations regarding substance use disorder or SUDs is because there is a social stigma related to alcohol and drug use.

Different from HIPAA, Part 2 does not generally allow for disclosure of protected health information, related to SUDs for purposes of treatment, payment, or health operations without client specific consent.

HITECH stands for the Health Information Technology for Economic and Clinical Health. The HITECH Act addresses the following, privacy, security of electronic transmission of PHI, rules and regulations regarding the enforcement of HIPAA. HITECH puts forth rules and regulations regarding auditing of health care providers to determine compliance with HIPAA. The HITECH Act also provides provisions related to meaningful use. A meaningful use is the use of EHR technology to improve client care. HITECH also includes provisions on how to report breaches of PHI.

OK, so that was a lot of information. So let's wrap this package up with a nice big old bow on top. So to reiterate, the information just described is a very brief introduction into the privacy and confidentiality of PHI. Laws and acts are continuously being updated and amended. A consultation from a seasoned clinician may be helpful for reviewing your policies and procedures related to privacy and confidentiality of client PHI.

You may want to use extensive internet searching of .gov websites related to HIPAA Part 2 and HITECH to become familiar with the nomenclature as well as the actual rules and regulations. Whatever policies and procedures are enacted by you will need to be reviewed on an annual basis.

So here's what we covered in this lesson, maintaining records, Health Insurance Portability and Accountability Act of 1996, HIPAA, public adhering to HIPAA, confidentiality of alcohol and drug abuse patient records, CFR Title 42 Part 2, HITECH Act, and conclusion.