Conidentiality: Overview, HIPAA tips, and practical

Welcome

Dr.J.Sco-NelsonEd.DNCCLCPCCRADCSAPAssistantProfessor

LicensedClinicalProfessionalCounselor

Con$identiality:Overview,HIPAAtips,andpracticaltechnologytools

Presenter:Dr.J.ScottNelsonEdD.,LCPCCRADCSAPACSAssistantProfessor/LicensedClinicalProfessionalCounselorIllinoisFireFighterPeerSupport(ILFFPS)ClinicalConsultant

[email protected]

Copyright ©2013, Netsmart Technologies, Inc. All Rights Reserved.

Course Objectives

A=ercomple?ngthiscourse,par?cipantsshouldbeableto:

•  Understandtheconceptofconfiden0ality•  Dis0nguishthedifferencebetweenconfiden0alityandprivilegedcommunica0onandprivatecommunica0on

•  Iden0fyaprac0caldecisionmakingmodelforprotec0ngclientconfiden0ality

•  Definethepersonalriskfactorsthatmightcontributeuninten0onalbreachofconfiden0ality


Confidentiality AndRelatedTermsDefined


Confidentiality:

“Mentalhealth[andmedical]professionalshaveanethicalresponsibility,aswellasalegalandprofessionalduty,tosafeguardclientsfromunauthorizeddisclosureofinforma0on…”

Corey et al. (2015)


Confidentiality:

• Atthecoreofeffec0veclinicalwork• Rootedinclient’srighttoprivacy• Professional’sethicalandlegaldutytoprotectprivateclientcommunica0on

Corey et al. (2015)


Privileged Communication:

•  Legalconceptthatvariesfromstatetostate• Generallyprohibitsdisclosureofconfiden0alcommunica0oninlegalproceeding

•  Excep0ons:• GroupCounseling• CouplesandFamilyCounseling• ChildandAdolescentCounseling

Corey et al. (2015)


Privacy:

“Thecons0tu0onalrightofindividualstobeleRaloneandtocontroltheirpersonalinforma0on”

Wheeler & Bertram (2012)


When Using Case Studies

• Obtainclientpermission• Disguisecasematerial• Developacompositefrommorethanoneclientmaterial

Sperry and Pies (2010)


Permissive Limits of Confidentiality:

• Clericalhandlingofconfiden0alinforma0on• ProfessionalConsulta0on• ClinicalSupervision• WithClientWriVenConsent

“DoNoHarm”

Corey et al. (2015)


Legal Exceptions

• CredibleClientThreattoSelforOthers• ClientDisclosesIntenttoCommitaCrime•  SuspectedChildorVulnerableAdultAbuse/Neglect

• CourtOrder• ClientFilesComplaint• CivilCommitment

Corey et al. (2015)


Fisher’s 6 Step Guideline

1.  Prepara0on-knowthelimits2.  Tellclientsthetruth“upfront”3.  Obtaintrueinformedconsentbefore

disclosing4.  Respondethicallytolegalrequests5.  Stayawayfrom“avoidable”breaches6.  Talkaboutconfiden0ality

Fisher (2008)


HIPPA (1996)

• HealthInsurancePortabilityandAccountabilityActof1996(HIPAA)

• ProtectConfiden0alityandSecurity•  SetsLimitsandCondi0ons• GivesClients/Pa0entsRights

•  ExamineHealthInforma0on• RequestCorrec0ons


HIPPA Privacy Rule (2003)

• Rule protects all “individually identifiable health information”

• Relating to: • past, present, or future physical or mental

health or condition • provision of health care • past, present, or future payment


HIPPA (2003) Permitted Disclosures

1.  to the individual client/patient 2.  for treatment, payment, and operations 3.  with opportunity to agree or object 4.  for notification and other purposes 5.  for public health and benefit activities


HITECH Act (2009)

• Transmit individually identifiable health information in electronic format

• Providers • Health Plans • Clearing Houses • Business Associates


HIPAA Business Associates

BusinessAssociates=thosewhoserela0onshiptotheclinicalprac0ceisspecificallyintendedtoincludethehandlingofprotectedhealthinforma0on Office cleaning crew??



People who handle personally-identifying client information for us, e.g. § Billing services § Backup data services § E-mail provider § Cloud services



We must “obtain satisfactory assurances that the business associate will appropriately safeguard [personally-identifying client information.]” “Satisfactory assurance” required by the law =Business Associate Agreement (BAA)


Electronic Communication

• Difficulttopreventmonitoringorrecordingoftheconversa0on

• Avoidmakinganycommentsyouwouldnotwantedrepeatedinlegalproceedings

• Beprofessionalandcau0ouswhentalkingaboutanyconfiden0alinforma0on

• Avoidsayinganythingofftherecord• Donotallowunauthorizedpersonstohearorreadcommunica0ons

Corey et al. (2015)


Telecommunication

•  Verifywhoyouarecommunica0ngwith•  Donotacknowledgeclientisreceivingservicestounauthorizedpeople

• Whentalkingonphone-assumethecallerisnotinaprivateplace

•  Realizeyourcommunica0onmaybeinterceptedbyunauthorizedperson(s)

• Whenleavingvoicemailorsendingtextoremail-beawaresomeoneelsemightretrievethecommunica0on

Corey et al. (2015)


Affordable Care Act (2010)

• Riskanalysistodeterminethevulnerabilityofelectronicprotecteddata

•  Encryptpa0entPHI• Reviewpoliciesandprocedures• Reviewcontractswithvendorsandother“businessassociates

Bender, et al. (2013)


Affordable Care Act (2010)

•  allowpa0entstoforbiddisclosureofinforma0onpaidoutofpocked

• permitpa0entstorequesttheirhealthinforma0oninelectronicform

•  requireprac0cestoupdatetheirno0ceofprivacyprac0ces

Bender, et al. (2013)


HIPPA Mental Health- Higher Standard

•  Excep0ontopa0entrighttoreviewrecords• Psychotherapynotes• Keptseparatefrommedicalrecord

Vose (2013)


Substance Use: 42 CFR Part 2

•  SubstanceUseField• GovernedbyFederalLaw(42U.S.C.§290dd-2)• AndRegula0ons(42CFRPart2)•  SubstanceUseS0gma• Whatcanandcan’tbedisclosed• Withandwithoutclientconsent• WhoandWhat?

Awad (2013)


42 CFR Part 2 Application

•  InvolvesSubstanceUse•  Educa0on,•  Treatment,or• Preven0on

•  Thatis• RegulatedbytheFederalGovernment• AssistedbytheFederalGovernment

Awad (2015)


42 CFR Part 2 Exceptions

• PossibleExcep0ons(NoFederalAssistance):•  ForProfitPrograms• PrivatePrac00oners

• Unless,•  StateLicensureBoardRequires• Cer0fica0onAgencyRequires• DEARegistra0on(detoxormaintenance)

Awad (2015)


42 CFR Part 2

Theregula0onsrestrictthedisclosureanduseofalcoholanddrugpa0entrecordswhicharemaintainedinconnec0onwiththeperformanceofanyfederallyassistedalcoholanddrugabuseprogram(42CFR§2.3(a)).Appliestoanyinforma0onthat“wouldiden0fyapa0entasanalcoholordrugabuser…”(42CFR§2.12(a)(1)).

Awad (2015)


42 CFR Part 2

Protectedinforma0onisisanydatadisclosedbyacoveredprogramthatiden0fies:•  anindividualdirectlyorindirectlyashavingacurrentorpastdrugoralcoholproblem,or

•  asapar0cipantinacoveredprogram.

Awad (2015)


42 CFR Part 2 Requires

• Pa0entConsentforDisclosuresIncluding:•  Treatment• Payment• HealthCareOpera0ons

• ConsentMUSTbeinwri0ng

Awad (2015)


42 CFR Part 2: Written Consent

• ConsentRequires10Elements:1.  Namesoftheprogramsmakingthe

disclosure2.  Nameoftheindividualororganiza0on

receivingthedisclosure3.  Nameofthepa0ent4.  Specificpurpose5.  Howmuchandwhatkindofinforma0on

NCSC (2015)


42 CFR Part 2: Written Consent

• ConsentRequires10Elements:6.  Pa0ent’srighttorevoke7.  Condi0ontreatment,payment,enrollment,

oreligibilityofbenefits8.  Date,event,orcondi0onuponwhichthe

consentexpires9.  Signatureofthepa0ent10. Dateconsentisassigned

NCSC (2015)


42 CFR Part 2: Mandated and Permitted

•  MandatoryDisclosures:•  ChildAbuseorNeglect•  CauseofDeath•  ValidCourtOrder

•  PermiVedDisclosures:•  MedicalEmergencies•  CrimeonPremisesorAgainstStaff•  Administra0veControl•  QualifiedServiceOrganiza0ons(QSO)•  OutsideAuditorsorResearchers

NCSC (2015)


Email

EmailislikeapostcardpassingthroughthewildhinterlandsoftheopenInternet.Variousnefariouselementsmaybeabletoseeitscontentsasitgoesby….


Email

• Caniden0fypeopleveryeasily•  1of18iden0fiersthatHIPAAdefinesaswithout-a-doubtpersonallyiden0fying.


Email

HIPAArequiresthatouremailservicesexecuteaBusinessAssociateAgreementwithus.Justlikeyouwouldrequirearecep0onpersoninyourofficetosignconfiden0alityagreements,HIPAArequiresyoutosignaBAAwithyouremailservice.


Email

• Non-secureemailprovidersthatwillexecuteaBAAwithcustomers:

• GoogleAppsforWork(notfreeGmail!)• MicrosoR365


Email

Somesecuremessaging(“encryptedemail”)thatworkwell:• Hushmail• ProtectedTrust• Paubox


Secure Skype

VSee


Secure Dropbox

ViiVo


Conclusion

• Clinicianshavemanyresponsibili0es•  Ethicaldilemmaswhenresponsibili0esconflict• Knowyourprofessionalethicalcodes•  Seekconsulta0onandsupervision•  Staywithinscopeofprac0ce• DoNoHarm• BeHIPPAcompliant

Corey et al. (2015)

ThanksforJoiningUs

Dr.J.Sco-NelsonEd.DNCCLCPCCRADCSAPAssistantProfessor

LicensedClinicalProfessionalCounselor

ThanksforJoiningUsToday.

Presenter:Dr.J.ScottNelsonEdD.,LCPCCRADCSAPACSAssistantProfessor/LicensedClinicalProfessionalCounselorIllinoisFireFighterPeerSupport(ILFFPS)ClinicalConsultant


References

Awad,S.(2015).AmericanSocietyofAddic0onMedicine.ConfusedbyConfiden-ality?APrimeron42CFRPart2.Downloadedfrom:hVp://www.asam.org/magazine/read/ar0cle/2013/08/15/confused-by-confiden0ality-a-primer-on-42-cfr-part-2

Bender,J.,Verdon,D.R.,Zimlich,R.(2013).MedicalEconomics.AquickguidetoHIPAAcomplianceforphysicians.Downloadedat:hVp://medicaleconomics.modernmedicine.com/medical-economics/content/tags/hipaa/quick-guide-hipaa-compliance-physicians?page=full

Corey,G.,Schneider-Corey,M.,Corey,C.,&Callanan,P.(2014).Issuesandethicsinthehelpingprofessions,(9thed.).Stamford,CT:CengageLearning.

Fisher,M.A.(2009).Protec0ngconfiden0alityrights;Theneedforanethicalprac0cemodel.AmericanPsychologist,63(1),1-13.

Na0onalCenterforStateCourts(2015).SubstanceAbuseandConfiden-ality:42CFRPart2.Downloadedfrom:hVp://www.ncsc.org/sitecore/content/microsites/future-trends-2012/home/Privacy-and-Technology/Substance-Abuse.aspx

Sperry,L.,&Pies,R.(2010).Wri0ngaboutclients:Ethicalconsidera0onsandop0ons.Counseling&Values,54,88-102.

Vose,R.(2013).PhysiciansPrac0ce.HIPAAandMentalHealthRecords:AHigherStandard.Downloadedat:hVp://www.physiciansprac0ce.com/blog/hipaa-and-mental-health-records-higher-standard

Wheeler,N.&Bertram,B.(2012).Thecounselorandthelaw:Aguidetolegalandethicalprac-ce(6thed.).Alexandria,VA:AmericanCounselingAssocia0on.

Documents

Conidentiality: Overview, HIPAA tips, and practical