HIPAA is a tricky subject for clinicians. It covers any digital transmission of personal healthcare information (PHI). It’s complex. And it’s easy to violate: sending a text message to a patient could violate HIPAA. So could an e-mail. Putting those disclaimer footers at the bottom of your e-mail? Nope, not sufficient to protect yourself.
Trust Liability Insurance recommends that all mental health professionals follow HIPAA guidelines, even in the very remote chance that you’re not bound by HIPAA. Trust’s FAQ is a good place to start building your understanding of these regulations.
The best course of action for anyone considering HIPAA is to speak with a knowledgeable attorney. I am not an attorney, don’t play one on TV, and cannot authoritatively advise you on how to follow HIPAA.
However, once you know more about it, I can help set up your HIPAA-compliant workflow. You don’t have to pay a ton of money for a “practice management” site — that’s a nice all-in-one option, but it’s not necessary to follow HIPAA. Using a paid Google Suite account gets you a ton of HIPAA-compliant apps (I can get you a discount on a new Google Suite account if you contact me via the form at bottom of this page); there are free secure text message services like OhMD; and HSS.gov has a page with model NPP forms that you can customize for your practice. Whatever you do, make sure any HIPAA-compliant service you want to use can provide you a Business Agreement, and check their privacy practices carefully to ensure patient information will remain secure.