HIPAA governs the privacy of Protected Health Information (PHI) is all “individually identifiable health information."

Which means that you must have permission from your clients to:

• Allow students to access medical records for the purpose of education or verification of documentation for their NARM / school applications.
• Participate in regular peer review when your client is readily identifiable from their outcome
• Disclose information about a client's care to family or friends
• Public displays of their identifiable health information, likeness or image.- (think office bulletin boards, web sites, Facebook, etc)

Situations that require no permission and can be routine in your practice:

• Consultations or transfer of care
• Sharing a chart with a back up midwife
• Reporting victims of abuse, neglect, domestic violence, legal proceedings, national security, and law enforcement

Your clients have the right to:

• Access and initiate corrections to their record
• Request an accounting on how their information was used and who it was released to in the course of their care
• Request that all communications be confidential
• Complain about a perceived violation of privacy- to you, your practice’s manager (if you have one), your licensing or certifying agency, or the government

HIPAA does not require medical records be retained for any length of time. Check with your state’s laws on the length of time you need to hold on to records. And when you do get rid of them be careful when disposing of PHI:

• If it’s paper, it needs to be shred before going in a locked dumpster.
• If it’s electronic, it needs to be cleared, (using software or hardware to overwrite the data) purged, (exposing it to a strong magnetic field) or the computer hard drive itself needs to be physically destroyed.
• Only the patient or their personal representative has the right to access or allow sharing of their medical records.

While a full HIPAA Security audit includes over 70 standards and implementation specifications to review and document, below is a simple list of some of the most critical risk areas to get you started.

Also if you haven’t already, my evidence-based, lawyer-reviewed, and professionally designed HIPAA informed disclosure is free for you to download and use in your own practice here

Have comments or questions? Make sure to join our Birth Business Club private Facebook group OR if you're looking for a more personalized interaction with me (Augustine) be sure to sign up for our Birth Business Club on Patreon!

See you in the next section!