1. What are the points on a HIPAA compliance checklist to consider to make sure that you are in full compliance?
2. What are the ways in which HIPAA guidelines affect psychiatrists?
3. What are the concepts related to the client’s informed consent?
4. What are the concepts that focus on the HIPAA guidelines related to minors?
5. What are the risks in which ethical boundaries could be broken due to the sharing of HIPAA approved information on the internet?
6. What are the changes in boundaries in regards to the disclosure of raw test data?
7. What are the controversies created by HIPAA and its possible breach of privacy boundaries?

Answers:

A. categorization of notes; instances of exemption; and exclusions.
B. autonomy; State Law vs. HIPAA; and exemptions.
C. shift in standards; effects of HIPAA; and protecting test security
D. Notice of Privacy Practices; Business Associates Agreement; and Correspondence Confidentiality Statements.
E. HIPAA requirements; readability; and comprehension.
F. nationwide database; hackers; and errors in correspondence.
G. governmentally accessed information; contradictorylanguage; and employer access.

Questions

8. According to APA, when is it appropriate to disclose confidential information without the consent of the individual?
9. According to DeMuro, how did HIPAA extend the requirement of privacy protection to entities that it was not authorized to regulate? 
10. What are the steps to Yennie’s HIPAA compliance plan? 
11. HIPAA’s privacy regulations include "data scrubbing". What is "data scrubbing"?
12. In regard to the HIPAA confidentiality standards, what should Mental Health Professionals be especially familiar with?
13. What type of research must adhere to relevant HIPAA regulations? 
14. How does HIPAA broadly define "personal health information" (PHI)?  
15. Under what conditions can a clinic deny access to a person’s personal health information? 
16. According to Kuczynski & Gibbs-Wahlberg, what is the second confidentiality problem under HIPAA?  
17. What will be a challenge concerning healthcare organizations ensuring HIPAA compliance? 
18. How are psychotherapy notes treated differently than other medical records?

Answers

A.  in provisions that are unique to psychotherapy notes. The regulations define these specifically as notes recorded in any medium by a health care provider who is a mental health professional documenting or analyzing the contents of conversation during a private counseling session or a group, joint, or family counseling session, and that are separated from the rest of the individual's medical record.
B.  any health information that a covered entity (health care provider and insurer, public health authority, employer, life insurer, academic institution) creates or receives in any medium.
C. (1)  Educate yourself, and promote awareness and education among senior management and the board of directors. (2)  Develop an organization project team for managing HIPAA compliance. (3)  Conduct an organizational risk assessment. (4)  Develop and implement policies and procedures to address identified risks. (5)  Develop and implement staff education and training. (6)  Provide continual auditing and monitoring of compliance activities.
D. Although HIPAA only authorized HHS to regulate healthcare providers, health plans, and healthcare clearinghouses, by requiring covered entities to be responsible for compliance of their business partners, HHS effectively extended the requirement of privacy protection to entities that it was not authorized to regulate.
E.  In certain situations, where providing access may be detrimental to your health, the clinic is permitted by state and federal law to withhold access.
F.  "data scrubbing" is removing patient identifiable information
G. information may be shared without the patients consent and with the 2003 Amendments may be shared despite patient objections.
H.  those that involve a covered entity or include treatment, payment, or the administration of health care operations must adhere to relevant HIPAA regulations.
I. (1) to provide needed professional services to the patient or the individual or organizational client, (2) to obtain appropriate professional consultations, (3) to protect the patient or client or others from harm, or (4) to obtain payment for services, in which instance disclosure is limited to the minimum that is necessary to achieve the purpose
J.  It will be very difficult for healthcare organizations to monitor or influence the compliance of outside entities even though they will have the potential to create compliance problems for the healthcare organizations.
K.  it is protected from normal release to the patient, the courts or anyone else, unless stipulated by state law.