SpeechPathology.com Phone: 800-242-5183


Therapy Source Career Center - June 2019

HIPAA: Defining Privacy Issues in Speech-Language Pathology

HIPAA: Defining Privacy Issues in Speech-Language Pathology
K. Todd Houston, PhD, CCC-SLP, LSLS, Cert AVT
August 7, 2014
Share:

This text-based course is a transcript of the webinar, “HIPAA: Defining Privacy Issues in Speech-Language Pathology,” presented by K. Todd Houston, Ph.D., CCC-SLP, LSLS, Cert AVT. >> Dr. Todd Houston:  As Amy mentioned, I am an associate professor at the University of Akron.  That being said, I will let everyone know up front that I am not an attorney.  Do not take anything that I say today as legal advice.  It is nothing more than my experience to a degree with the Health Insurance Portability and Accountability Act (HIPAA) in setting up clinics, working to make sure that everything that I do is compliant, and that our services at the University of Akron, as well as other centers and universities that I have worked in, are compliant.  That is the perspective that I am speaking from. I imagine that everyone here today is probably working in healthcare, probably working in hospitals, skilled nursing facilities, private practices, maybe speech and hearing centers, and maybe even the public schools. ObjectivesOur objectives today are to talk about the importance of HIPAA and how it is applied within the practice of speech-language pathology.  I want to talk about some of the covered entities that are addressed in the privacy rule.  We will also define what Protected Health Information is.  We will talk about how HIPAA interacts with other laws, such as the Health Information Technology for Economic and Clinical Health (HITECH) Act and how that affects the practice of speech language pathology.  I will mention HITECH Act, because it is also a part of the Affordable Care Act, but I will not spend too much time on it, as that is a whole other presentation.  I will give you some direction about HITECH and how it affects HIPAA and vice versa. Basics of HIPAAWhat do we know about HIPAA?  What are the basics?  The actual name of the act is the Health Insurance Portability and Accountability Act, and you see this spelled and abbreviated in one million different ways.  However, it is HIPAA.  Make sure you are referring to the act appropriately. HIPAA has three different areas: the Privacy Rule, the Security Rule, and then a Breach Notification rule.  We will get into these in more detail during this presentation.  These are the three areas that I think confuse most people. If we think about HIPAA, it is broken into two broad sections.  You have Title 1, which talks about healthcare access portability and renewability.  Title 1 of the Act gets into protecting individuals’ health insurance coverage when they lose or change a job.  It also has some language related to pre-existing conditions and how that should not, in some cases, prevent someone from getting healthcare coverage.  The Affordable Care Act goes way beyond that, and guarantees that.  Some of you have changed jobs or unfortunately have been in a situation where you were laid off and you have COBRA options available to you. That is essentially what Title 1 is all about.Title 2 is the section of the Act that we will spend most of our time on today.  It deals with the provisions for privacy and security, talks about the electronic standards for transmission of information, and also requires unique identifiers for various providers.  Within that Title 2 aspect of the Act is where we find the privacy rule, security rule, and breach notification rule. What are those three areas? We will get into more detail as we go along today.  The privacy rule basically protects privacy and addresses the use and disclosure of protected health information (PHI).  PHI is a term that comes up often; this is the protected health information of the patient.  Security rules get into the national standards for security of electronic protected health information.  This is how we share that information and what the rules are for sharing.  The security rule goes into some detail, but probably most people would say not enough detail.  As you can imagine, with security issues around electronic information, in terms of computers and data sharing, that is changing every day.  They are not rewriting these laws every day.  Some people get quite frustrated that it does not go into more detail.  We will discuss some information around security rules, and then the breach notification rules and what they say.  They require the covered entities and the business associates to provide notification following a breach of unsecured protected health information.  Where a lot of people get hung up with HIPAA is the idea of who is and is not a business associate, and who should be following HIPAA and who should not, in terms of the business associates that you may be working with.  I hope to shed some light on that today as well.Privacy RuleCovered entities. Let's discuss the privacy rule and what that means.  Essentially, it applies to healthcare providers who transmit health information, a health plan, or what is called a healthcare clearinghouse.  We will talk a bit about each one. In our context, as speech-language pathologists, we obviously are healthcare providers. I have listed a few of the other healthcare providers.  Healthcare providers include all providers of health and medical services, such as SLPs, hospitals, physicians, nursing homes, or other practitioners that are defined as healthcare providers by Medicare.  Any other person or organization that furnishes, bills, or is paid for healthcare would also be considered a healthcare provider. Health plans are the insurance plans that an individual may have.  These are others: insurance policies, healthcare policies, health maintenance organizations (HMOs), or other government healthcare plans like Medicare, Medicaid, and even veterans’ healthcare in VA hospitals. There are also healthcare clearinghouses.  Those are entities that process health information that they receive from other entities; e.g., billing services, re-pricing companies, or even community health management systems that are in place to help manage healthcare for a group of providers, whether it is physicians’ practices or hospitals. The covered entity would be any one of these different areas: the healthcare provider themselves, the health plan, or the clearinghouse. Business associates. With that, we also have business associates. ...


k todd houston

K. Todd Houston, PhD, CCC-SLP, LSLS, Cert AVT

Dr. K. Todd Houston is an Associate Professor in the School of Speech-Language Pathology and Audiology at The University of Akron. His primary areas of research include spoken language acquisition in children with hearing loss, strategies for enhancing parent engagement in the intervention process, Auditory-Verbal Therapy, cochlear implantation in children and adults, adult aural rehabilitation, and telepractice. He directs the Telepractice and eLearning Laboratory (TeLL), an initiative to evaluate clinical practices in the area of distance service delivery in Speech-Language Pathology. Dr. Houston also is the author of Telepractice in Speech-Language Pathology (2014, Plural Publishing), one the first texts in the field addressing the topic of telepractice as a service delivery model. 



Related Courses

Developing Your Business Accent: Tips & Tools for Offering Accent Modification Services
Presented by Sonia Sethi-Kohli, MS, CCC-SLP
Video
Course: #9145Level: Introductory1 Hour
Interested in offering accent modification, but don’t know where to start? This course will provide the basic building blocks of what you will need to establish/grow an accent modification business, some potential challenges to be aware of, and resources/tools to help you get started.

Everyday Cybersecurity Best Practices for SLPs
Presented by Josiah Dykstra, PhD
Video
Course: #9979Level: Introductory1 Hour
This course covers practical steps and cybersecurity best practices to help protect professionals as well as their patients’ protected health information. Recognizing malicious emails and websites, selecting strong passwords, protecting smartphones, and securing sensitive data are discussed.

20Q: Infection Control Strategies for SLPs
Presented by A.U. Bankaitis Smith, PhD
Text
Course: #9729Level: Intermediate1 Hour
Speech-language pathologists are expected by policy authorities to apply appropriate measures to protect patients, co-workers and themselves in clinical situations that may expose individuals to infectious microbes. This article provides practical guidelines for implementing infection control principles within the context of the COVID-19 pandemic, including discussion of personal protective equipment (PPE) and disinfecting and cleaning products.

Understanding Mental Health in Older Adults
Presented by Gabrielle Juliano-Villani, LCSW
Video
Course: #10246Level: Introductory1 Hour
Mental health issues concerning older adults are discussed in this course. Topics include the intersection between mental and physical health, symptoms of common mental health disorders in this population, and referral criteria.

Assessment of School-Age Clients through Telepractice
Presented by William Bolden, MA III, CCC-SLP
Video
Course: #9740Level: Introductory1.5 Hours
This is Part 1 of a two-part series. Many SLPs may feel uneasy when beginning to assess clients remotely. This course provides practical information on how to ethically and reliably assess school-age clients via telepractice, accommodate/modify assessments as needed, and report assessment results.

Our site uses cookies to improve your experience. By using our site, you agree to our Privacy Policy.