What is HIPAA, anyway?


My name is Kali, and I am the HIPAA privacy and security officer for Etheridge Psychology. It is my job to make sure our office stays HIPAA compliant and that your protected health information is not improperly shared. We take your privacy very seriously. Our counselors and psychologists know that the information you’re sharing is very private and personal; you may share things you’ve never told anyone else before. We also know that if you weren’t confident that information was protected, it would be less likely that you would share it.

What is HIPAA, exactly? It stands for the Health Insurance Portability and Accountability Act. HIPAA can be confusing for patients and healthcare professionals alike. At its core, it is a federal law designed to protect patients and their health records. There are lots of other aspects to this law, but I will focus on the privacy aspect.

Here are some HIPAA related terms that you may have seen or heard in your practitioners' offices before:

PHI – This stands for protected health information. That means any information that can be used to identify you, such as your name, date of birth, address, or social security number.

Disclosure – The act of releasing protected health information. This cannot be done without your authorization (except under certain circumstances which will be stated in more detail below).

Authorization – The patient may authorize that a healthcare provider can release or disclose their protected health information to a third party by signing a release form.

There are some instances that mental health professionals cannot keep information confidential. If the patient discloses information to the clinician that leads him or her to believe that abuse or neglect of a child, elderly person, or disabled adult is happening, they must report it to the Department of Social Services. If you are an imminent danger to yourself or others, your clinician will take the necessary steps to ensure that you or someone else is not harmed (they may need to share your PHI with family members, the police, or the individual that could be harmed). Lastly, a court can subpoena a clinician’s records, and they are required to disclose whatever the court has requested in the order. It is also worth noting that minors and dependent adults have very limited right to keep their information private from their parents.

Here at Etheridge Psychology, we take a number of safeguards to make sure your mental health records are protected and disclosed properly. Some of the things we do here are:

Technology – All of our computers are secured to stringent HIPAA standards.

Paper – Most paper documents that contain patient information are shredded. Anything we do keep hard copies of are protected by lock and key.

Authorization/Release forms – These forms can be confusing, as HIPAA requires certain specific information on a release form for it to be valid. Our administrative staff and clinicians will help you with release forms if needed so that you’re confident that you know what you are signing.

Our office frequently performs risk assessments to make sure your information stays protected. If you have any questions about HIPAA or your privacy rights as it pertains to your treatment here, we are happy to help.

If you would like to learn more about HIPAA, please click the following link:

HIPAA for Individuals