Missing Piece Blog

HIPAA and Confidentiality for ABA and Behavioral Health Providers

A young child with a lollipop in his mouth sitting at a table with an adult looking at playing cards.

The Health Insurance Portability and Accountability Act (HIPAA), enacted in 1996, institutes a comprehensive framework for protecting the privacy and security of patients’ health information. Adhering to the HIPAA privacy rule is paramount for ABA and other behavioral health professionals due to the sensitive nature of the therapeutic information they handle.

All healthcare providers must be very familiar with the basics of HIPAA law and state confidentiality regulations, as well as the requirements of their certification or licensure regarding confidentiality. In addition, a thorough HIPAA analysis should be a regular aspect of practice management, ensuring that both physical and electronic safeguards are effectively put into place to mitigate any risks associated with Protected Health Information (PHI). HIPAA training is not just crucial upon hire; it is an ongoing educational requirement — ideally on an annual basis, if not more frequently, to keep up with any regulatory updates or emerging threats to data security.

HIPAA requirements

For ABA specialists, supervision is an integral part of professional practice. Following the HIPAA privacy rule and maintaining the ethics of ABA supervision demand a delicate balance. This includes adhering to ABA therapy documentation best practices and regularly training staff on both ethics and HIPAA compliance. In addition, it’s critical for providers to design a responsive plan for potential data breaches, detailing procedures for breach containment, notification of impacted parties and authorities, and a comprehensive investigation to identify the breach’s root cause and forestall similar future occurrences.

Further to this, healthcare providers are obligated to adhere to the Security Rule, which requires safeguarding all electronic PHI via data encryption, stringent access controls, and frequent security assessments. The Breach Notification Rule obliges providers to inform affected parties, the Department of Health and Human Services, and sometimes the media if a breach occurs. 

It is necessary to keep abreast of the latest developments and best practices in the industry. Consulting with professional associations and legal consultants and being HIPAA certified are measures that can help achieve the highest degree of confidentiality and security for patient health information.

Visit the HIPAA website for more.

Common HIPAA violations to avoid

Missing Piece Billing and Consulting does not provide legal guidance, but we can share a few common HIPAA violation examples in ABA, children’s behavioral health services, and behavioral and mental health services that should be avoided: 

  • Disclosing information in a waiting room
  • Sending PHI in emails that are not secure
  • Throwing documents with PHI in the trash
  • Transportation of clinical documentation
  • Disclosing information to someone besides parents without a release
  • Participating in community-based activities with a client/patient while wearing company attire
  • Transportation of patients in a company vehicle branded with corporate logos or advertising
  • Texting PHI
  • EMR systems that are not HIPAA-compliant
  • Telehealth systems that are not HIPAA-compliant
  • Using vendors that violate HIPAA

Many professional associations, as well as legal consultants, are available to assist with your HIPAA-certified preparations and policies. Since HIPAA violations could result in severe infractions, both civil and criminal, HIPAA policies need to be addressed with extreme care and consideration. 

Streamline your practice with support services

The day-to-day operations of patient care are demanding enough without the added burden of compliance stress. Third-party services, like those provided by Missing Piece Billing and Consulting, can help alleviate this load. With the assurance that all our systems are in compliance with HIPAA, our partnership allows you to center your energies on patient care, knowing that your revenue cycle and other administrative processes are in secure and knowledgeable hands.

Contact us today at 765-628-7400 or weare@yourmissingpiece.com.

Disclaimer: This blog is meant to be information only and does not provide legal guidance. Please consult a legal professional for further details. 


Health and Human Services:

For Mental Health Providers

Basic Information for Professionals