Appointment Reminder, The Minimum Necessary Standard, HIPAA Tips

HIPAA Tips and Resources


December 15, 2018 | Reading Time: 3 Minutes

Please support’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker. How

HIPAA Tips Every Behavioral Health Professional Should Know

HIPAA compliance can be a complex web of interlocking regulatory requirements. Behavioral health professionals in particular need to be wary of HIPAA violations and data breaches just because of the sensitive nature of the health information they handle on a daily basis. HIPAA tips can be found all over the internet, but when it comes down to it, how can you find out what you really need to address the regulation?

We’ve put together this list of HIPAA tips to give you a definitive look into HIPAA compliance requirements for behavioral health professionals. Use this to help you understand the elements that make up HIPAA regulation, so you can get a sense for how to best start implementing an effective compliance program to protect your practice!

HIPAA Tips: Starting with the Basics

HIPAA regulation is a set of national privacy and security standards that all health care professionals must address in order to safeguard protected health information (PHI). PHI is any demographic information that can be used to identify a patient. Common examples of PHI include a patient’s name, date of birth, address, telephone number, insurance ID number, Social Security number, financial information, and any part of a medical record, to name a few.

HIPAA regulation identifies two different types of entities that must be compliant. The first is called a covered entity. Covered entities include health care providers, insurance companies, and health care clearinghouses. These entities are directly involved in the creation of PHI–meaning that behavioral and telebehavioral health professionals are considered covered entities. HIPAA also identifies another class of entity called a business associate. Business associates are any third party vendor or organization that is hired to perform services involving the handling of PHI. That includes telehealth platforms, EHR providers, video chat clients, and many more.

HIPAA Tips: What Are Your HIPAA Requirements?

As a behavioral or telebehavioral health professional, you must address the full extent of HIPAA regulation. That’s because HIPAA regulation is broken up into a series of component pieces called the HIPAA Rules.

These HIPAA tips will give you the information you need to understand the HIPAA rules so you can start addressing their standards within your practice. Something like a HIPAA checklist can get you started on creating an effective HIPAA compliance program, but these HIPAA tips focus mainly on understanding your requirements under the HIPAA Rules to protect your business! The HIPAA Rules include:

  • The HIPAA Privacy Rule: The HIPAA Privacy Rule sets standards regarding the uses and disclosures of PHI and patients’ rights to accessing their data. Under the HIPAA Privacy Rule, covered entities must ensure that they have policies and procedures outlining each standard within the rule, including standards for how and when patients may request copies of their PHI, how and when PHI may be disclosed, what kind of authorizations must be in place to release PHI, and the contents of your practices’ Notice of Privacy Practices, among others.
  • The HIPAA Security Rule: The HIPAA Security Rule sets standards for safeguarding the PHI that covered entities and business associates come into contact with. These safeguards include physical, technical, and administrative safeguards that all HIPAA-beholden entities must address. Physical safeguards are about protecting the physical premises of your practice where PHI may be kept. Technical safeguards are about having the proper cyber-security measures in place to keep PHI secure. Administrative safeguards are about instituting proper HIPAA training for your employees,
  • HIPAA Breach Notification Rule: The Breach Notification Rule sets standards for how and when breaches of unsecure PHI must be reported to the Department of Health and Human Services.
  • HIPAA Omnibus Rule: The Omnibus Rule states that, before any PHI may be shared with vendors or business associates, you must execute a business associate agreement (BAA) with said vendors. A BAA is a contract that protects your practice from liability in the event a data breach caused by your vendors and is invaluable for defending against strict HIPAA violations and HIPAA fines!

Understanding the HIPAA rules is the best defense your practice has against HIPAA violations and related fines. Keep these HIPAA tips in mind as you create your own HIPAA compliance program within your behavioral health business!

HIPAA Resources

Recent Webinar: Cyber-Attacks: Top 5 Things You Can Do Tomorrow Morning to Protect Your Practice

Recent Webinar: Social Media and HIPAA Compliance: Protecting Your Practice in the Digital Age

Visit our other On-Demand Webinars

If you need assistance with HIPAA compliance, consider working with our TBHI affiliate, the HIPAA Compliancy Group. (When you purchase services from them, TBHI will be paid a small commission.) They can help you support your HIPAA compliance with The Guard®. The Guard is a web-based HIPAA compliance solution, built by former auditors to help simplify compliance. The Guard is built to address the HIPAA regulations, including guided walkthroughs of HIPAA Risk Assessments. With The Guard, you can focus on running your practice while keeping your patients’ data protected and secure.Compliancy Group’s team of expert Compliance Coaches® can also field questions and guide you through the implementation process, taking the stress out of managing compliance. Find out more about how Compliancy Group and the HIPAA Seal of Compliance® can help simplify your HIPAA compliance today!

Essential Telehealth Law & Ethical Issues

Bring your telehealth practice into legal compliance. Get up to date on inter-jurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, the duty to report, termination, and much more!

Disclaimer: offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. Some of’s blog content is generated with the assistance of ChatGPT. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to Privacy Policy and Terms and Conditions.

Please share your thoughts in the comment box below.

Notify of
1 Comment
Newest Most Voted
Inline Feedbacks
View all comments
3 years ago

Implementing any health-related software applications needed HIPAA compliance approval. Thank you for providing information about HIPAA compliance.

Register for Free

Receive Any of Our 57 FREE Newsletters!


Most Popular Topics

You May Also Like…

ChatGPT HIPAA Considerations
ChatGPT HIPAA Considerations

ChatGPT HIPAA compliance is one of the hottest topics at 2023 conferences and with good reason. AI...