What is HIPAA?

HIPAA. It’s an acronym thrown around quite a lot in the healthcare and mental health fields, but what exactly does it mean? HIPAA stands for Health Insurance Portability and Accountability Act. It is legislation which regulates data privacy and security provisions for safeguarding medical information. The privacy aspect of HIPAA is only one part of the actual legislation, but is the aspect being referred to whenever “HIPAA” is used as jargon amongst those in the healthcare or medical insurance industries. HIPAA outlines the responsibilities of healthcare professionals and other related entities and persons to carefully guard and monitor access to specific types of information, called PHI, which could potentially reveal the identity of a patient or client.

Blue HIPAA logo

What is PHI?

The information safeguarded by HIPAA is known as PHI, or protected health information, and includes any data which can be used to identify an individual, or information that was used, created or disclosed while providing a health care service. This would cover conversations occurring during the course of treatment between a provider and a client. It also includes information obtained to diagnose an individual, like medical history or family history. Because PHI includes information which could so much as hint at the identity of a patient, strict adherence can be a balancing act. Transmitting information for collaborative care and insurance reimbursement is necessary, but doing so while protecting PHI takes training and knowledge.


Examples of PHI:

paper binders with a large amount of paper sheets

  • Billing information from a medical or mental health provider
  • Patient e-mail to a psychiatrist’s office about a medication or prescription
  • Appointment scheduling note for a patient
  • Biopyschosocial assessments
  • Counseling/therapy session notes
  • Lab results
  • Phone records

Privacy and Behavioral Healthcare

Ensuring that HIPAA provisions are in place and being followed is vital to any healthcare entity, especially providers of mental health services. The repercussions for a patient should their mental health diagnosis, psychoactive medication prescriptions or behavioral health information become known by those without authorization can be catastrophic. Jobs, reputations and especially peace of mind are potentially at risk. It is especially important in the world of behavioral health, counseling, psychiatry, and the like that trust between the provider and the patient be established and respected. Disclosures of an accidental nature are treated less severely than those which are purposeful, but the element of negligence is taken into account when penalties are levied. Consequences for infringements include a range of fines and, in the most severe cases, jail sentences.

circle graphic with dna strand and lock in the middle of the circle

Information Security in Medical Billing

Medical billing and HIPAA go hand in hand. Diagnosis and procedure codes, along with medication information and provider notes, must all be transmitted to appropriate entities in order to continue care for an individual. Reimbursement from a health insurance company does not occur without the sharing of a patient’s information. It is during this storing and transmission of data that the greatest chance of HIPAA violation exists. Healthcare clearinghouses forward claims from providers to insurance payers, and have to be fully HIPAA compliant in order to ensure patient privacy is maintained. When using an outsourced medical billing service, it is important to find a knowledgeable medical billing and coding specialist. The Psych Biller is an experienced, fully HIPAA compliant medical billing service with the knowledge to spot and correct claims errors as well as potential privacy and HIPAA violations. To ensure your clients’ privacy is safeguarded, contact us for more information!