Special LIVE Event: Marketing Your Telehealth Services: Successful, Legal & Ethical Online Strategies See Details


HIPAA Policies and Procedures for Behavioral Health

by | Feb 24, 2017 | 0 comments

HIPAA Policies and ProceduresHIPAA policies and procedures are an essential part of implementing an effective compliance program in your behavioral health practice.

Federal regulation requires that HIPAA Privacy and Security standards be addressed by a series of policies and procedures that work throughout your entire practice. These policies and procedures form the basis of your compliance program–all activities involving the use, storage, and distribution of protected health information (PHI) are governed by these regulatory standards.

There are many different resources available to covered entities (health care providers, health plans, and clearinghouses) to create policies and procedures for their organizations. Implementing good policies and procedures is not as simple as purchasing a binder, though. It’s important to keep in mind the HIPAA regulatory requirements that must be met in order to ensure your policies and procedures are compliant with the law.

Below, we discuss the major requirements that behavioral health specialists should keep in mind when deciding on HIPAA policies that they implement in their practice.

  • Policies and Procedures must be reviewed on an ongoing basis. If your practice undergoes a major change, your policies and procedures must be updated to reflect this chance. An example would be if you update workstations or change physical locations. Policies and procedures must accurately reflect the current state of your business, including privacy and security requirements that may change over time.
  • Policies and Procedures must be tailored to your practice. Stock binders of policies and procedures that are not customized to the way you do business can be dangerous in the event of a data breach or HIPAA investigation. If your policies and procedures do not match up with the particulars of your practice, you could be at risk of a fine in the event of a HIPAA audit.
  • Staff must be trained to follow all Policies and Procedures. Regular employee training sessions must be held so that staff members are aware of the policies and procedures of your practice. In addition to this training, staff members must attest with documentation that they have read and reviewed these HIPAA policies and procedures. In the event of a HIPAA breach, you must be able to prove that your employees were trained on the particulars of these policies and procedures in order to avoid monetary penalties.


What Are Your Thoughts?

Please leave your comments below.

Basic Telehealth Legal Issues

Would TBHI Telehealth Training Help You?

Basic Telehealth Legal Issues: Rules, Regulations & Risk Management

Bring your telehealth practice into legal compliance. Get up to date on interjurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, duty to report, termination and much more!

Disclaimer: The Telebehavioral Health Institute (TBHI Telehealth.org) offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to TBHI Terms and Conditions and Privacy Policy.


Submit a Comment

Your email address will not be published.

Blog Categories