Confidentiality vs HIPAA Compliance
By Cindy Iwlew & Erin Howk/Massage & Bodywork 2014 Mar 4, 2014
While massage therapists are bound by professional ethics to maintain client confidentiality, HIPAA compliance refers to the law and its regulations applicable to “covered entities.” Being HIPAA compliant involves compliance with all of the regulatory requirements of HIPAA, and there are many requirements. On the other hand, a representation that you will maintain clients” privacy and confidentiality means you will take reasonable measures to protect sensitive information and not share it without the client’s permission.
WHO is a covered entity under HIPAA?
Health-care providers (as defined by HIPAA) who transmit health information electronically in connection with a transaction covered by the HIPAA Transaction Rule: for example, submitting health-care claims. Business associates of such a health-care provider.
Who is not a covered entity under HIPAA?
Massage therapists whose service does not fall under HIPAA’s definition of “health-care provider” and/or do not transmit health information electronically for things such as claims submission.
There are many features that can help protect the security of electronic health information that is maintained by the software company. However, there is no such thing as “HIPAA-compliant software,” because there is no software package or web-based application that will “magically” make you, as “the user,” compliant with HIPAA. If you are required to comply with HIPAA, then you, as the covered entity or business associate, must be HIPAA compliant. On the other hand, software can be a tool to help support your policies and practices that will best protect your data.