HIPAA is a frightening thing to many behavioral health providers. Although it is something to take seriously, it need not be frightening . Nor do you need to pay big bucks to a company to set things up for you. A very simple thing that will help you become compliant is to get an EHR that is both integrated and features end-to-end encryption. This post explains why.
Think you're not doing telehealth? Think again. Although there's no one-size-fits-all definition that cuts across state and/or discipline lines, most agree that telehealth basically involves any electronic method you use to communicate with or about your clients. This can include common things like phones, email and electronic file storage, in addition to video sessions, which is what we typically think of with the term telehealth.
I sometimes hear therapists mention specific software programs they’re using in their practices for tasks like notes, calendar/schedulers, online file storage, billing, video sessions or email and then add something like, “They’re HIPAA compliant. They just don’t – you know – have Business Associate Agreements.”
In the not too distant past, a therapist with some kind of note pad in hand was the norm. It was expected. We were doing our jobs and interested enough in the client to take notes on what they were saying. I was part of that crowd. Although I preferred to write my notes after the client left, I definitely felt that paper notes were the way to go and I burned through many legal pads in the early years of my career.
Most of us have documents like a will, power of attorney and other estate planning instruments either already in place or at least on our “I’ll get to that eventually” list. Far fewer have given much thought to how we would want our clients to be taken care of in the case of our demise or anything else that would cause a sudden interruption in our ability to provide services.
Short answer? Yes. You can. However, there are some good reasons why you may not want to: 1) It may end up being more costly. 2) It takes more time and work. 4) The learning curve is greater. 4) Client records are scattered and may be difficult to retrieve.
At it’s simplest, digital record-keeping could simply mean a Word doc, Excel sheet or PDF that you’ve saved on your computer, tablet, phone, thumb drive or other type of digital storage device. There are advantages to digital record-keeping even at this elementary level. For example, with digital records, you no longer have to contend with bulging filing cabinets, finding adequate long-term storage, or shredding – all of which are factors with paper health records. Additionally, it’s relatively easy to make backup copies of digital files to guard against some type of disaster, whereas making copies of paper records is costly, both in terms of time and money and also, effectively doubles the number of filing cabinets or other physical storage space you need.
The most common reason people give for being reluctant to switch to a web-based EHR is safety. When we’re charged with protecting something – in this case, our clients’ records – most of us intuitively feel safer with something we can see and touch; something physical within our own office where we can maintain control of security ourselves. However, despite this subjective sense of safety, Hurricane Katrina taught us all a valuable lesson about the danger of keeping client records on paper. Floods, tornadoes, fires and other types of disasters can destroy paper records in a heartbeat. If you do maintain paper records, at the very least, you should have backup copies of everything – and those copies should be stored at a completely different location – preferably far away from where your paper records are stored.