HIPAA 101 for the Private Practitioner
This chapter introduces basic requirements of the Health Insurance Portability and Accountability Act (HIPAA), including privacy regulations applicable to HIPAA-covered entities and security regulations applicable to both HIPAA-covered entities and business associates. The privacy regulations covered in this chapter include the definition of psychotherapy notes under HIPAA regulations, the “minimum necessary” requirement, HIPAA authorizations, personal representatives, and the need for an accounting of certain disclosures of client’s protected health information. Also explored is the interaction and state law and HIPAA regulations, especially in relation to the practitioner’s Notice of Privacy Practices. The security regulation’s administrative, physical, and technical safeguards are discussed, including an introduction to the HIPAA required security risk assessment. Also explained is the breach notification law that was enacted through the 2009 Health Information Economic and Clinical Health (HITECH) Act.