AMTA Minnesota: American Massage Therapy Association - Minnesota Chapter

Home

Education
HIPAA
Contact Hours
Library

Membership

Sports Massage

Board & Committees

Advertising & Editorial

Contact

HIPAA: Maintaining the Chain of Trust

By Joanie Holst, Director of Education

We now have additional information on the Health Insurance Portability and Accountability Act (HIPAA) that is vital for us, as massage therapists, to understand. HIPAA compliance was required to be fully in effect by health care providers on April 14, 2003. HIPAA was enacted because the government thinks that privacy issues have changed because of internet and electronic media and billing procedures.

HIPAA was created to:

  • Protect and enhance consumer rights by providing them access to their health information.

  • Control inappropriate use of consumer health information.

  • Improve quality of health care by restoring trust in the healthcare system among consumers, and to standardize protocols and ethics.

  • Improve efficiency and effectiveness of health care delivery by creating a national framework for health privacy protection.

Originally, massage therapists and small business owners were told that HIPAA only applied to health care providers that transmitted any client information electronically (i.e. billing an insurance company), or used email as a method to exchange information with clients about appointments, etc.

HIPAA and Minnesota statutes mandate that even if a business is not using electronic transmission in any form, the privacy considerations still remain. Under these guidelines, a massage therapist or business owner must become HIPAA compliant because we maintain client records, gather client health care information, and engage in oral communication as well as transmission of records (electronically or not).

  1. The second criterion of HIPAA is termed "chain of trust". If a primary care provider refers a client to you, or you send a client's progress report or records to a doctor or referring professional, you must be HIPAA compliant. It is our responsibility as massage therapists and/or business owners to do the following to become HIPAA compliant:

  2. Deal with the confidentiality issues by verbally informing the client of when, to whom, and under what conditions you will use electronic media concerning client records.

  3. Write a HIPAA declaration for the client to read and sign that clearly specifies your process for management of their records, including the following:

    1. How the business will use the client's information

    2. What secure storage method will be used for client files

    3. Circumstances under which the business may disclose any information

    4. The procedure for clients to obtain copies of their records

  4. A copy of the HIPAA notice needs to be posted, one should be given to the client and one signed by the client for your business files.

  5. Train all your office personnel on the HIPAA procedures.

  6. Disseminate client information with your staff on a need-to-know basis.

  7. Assign a user ID and password to anyone with access to electronic information.

  8. Use monitoring software to document when and where media is sent.

  9. For email, obtain written consent from the client and use encrypted software.

  10. Store all client files in a locked cabinet to which only authorized employees have access.

  11. Do not leave files in an area accessible by clients or unauthorized staff.

  12. Keep appointment books out of everyone's view.

  13. Put a confidentiality notice on all faxes and emails.

  14. Do not discuss any medical information with a third party without written authorization from the client.

The difference between HIPAA and CAM is that CAM simply informs the client that their information will be kept confidential and HIPAA informs the client of the possible entities that may view or ways that you may use or disclose their health care information. HIPAA also includes the client's right to limit uses or disclosures of their health care information.

As professional massage therapists, it is vital that we take the appropriate measures to ensure our client's privacy and confidentiality, and protect their health care information.

Because HIPAA is a federal and state mandated law, there are significant fines if you do not comply.

Here are some references for any additional questions you may have regarding HIPAA:

  1. American Health Information Management Association: www.ahima.org

  2. HIPAA Hotline: 886/282-0659 or 866/627-7748

  3. US Department of Health and Human Services (includes documents) www.hhs.gov/ocr/hipaa: 800/368-1019