Issue link: https://www.massageandbodyworkdigital.com/i/259468
I t p a y s t o b e A B M P C e r t i f i e d : w w w. a b m p . c o m / g o / c e r t i f i e d c e n t r a l 85 it is permissible to disclose the client's health information without one. Another example is having a written policy and procedure for handling a security breach—how and when you must inform the client and the US Office for Civil Rights, corrective and disciplinary actions you are going to take, and more. If you're not a covered entity according to HIPA A, you can still honor a personal commitment to maintain a client's health information without the need to meet these additional legal obligations. CINDY: Right, and it's not necessarily a good idea to just say you're HIPA A compliant, since it involves a lot more than simply stating yourself as such. I compare the relationship between professional ethics and HIPA A compliance to the difference between bodyworkers and Rolfers. All Rolfers are bodyworkers, but not all bodyworkers are Rolfers. We all need to maintain client confidentiality, but we are not all legally required to be HIPA A compliant. Just as a massage therapist would never claim to be a Rolfer if he hadn't gone through the training to become one, we shouldn't claim to be HIPA A compliant unless we have those protocols in place in our business. I have heard some massage professionals argue, "We should be recognized as health-care workers," and see HIPA A compliance as a step in that direction. While it is certainly understandable that many of us seek the respect and recognition of a health professional, it's essential to understand that what matters here is HIPA A's definition of a health-care provider. That definition may likely exclude massage therapists simply based on the types of services performed; it doesn't imply anything about our professionalism, skill, or training. Confidentiality vs HIPAA Compliance While massage therapists are bound by professional ethics to maintain client confidentiality, HIPAA compliance refers to the law and its regulations applicable to "covered entities." Being HIPAA compliant involves compliance with all of the regulatory requirements of HIPAA, and there are many requirements. On the other hand, a representation that you will maintain clients' privacy and confidentiality means you will take reasonable measures to protect sensitive information and not share it without the client's permission. Who is a covered entity under HIPAA? Health-care providers (as defined by HIPAA) who transmit health information electronically in connection with a transaction covered by the HIPAA Transaction Rule; for example, submitting health-care claims. Business associates of such a health-care provider. Who is not a covered entity under HIPAA? Massage therapists whose services do not fall under HIPAA's definition of "health-care provider" and/or do not transmit health information electronically for things such as claims submission. HIPAA-compliant software? There are many features that can help protect the security of electronic health information that is maintained by the software company. However, there is no such thing as "HIPAA-compliant software," because there is no software package or web-based application that will "magically" make you, as "the user," compliant with HIPAA. If you are required to comply with HIPAA, then you, as the covered entity or business associate, must be HIPAA compliant. On the other hand, software can be a tool to help support your policies and practices that will best protect your data.