In 1996, the Health Insurance Portability and Accountability Act was passed, and required the HHS to put national standards in place for electronic transactions and code sets that include personal health information. There are a variety of standards that have been put in place to continue to enforce personal health privacy and information. It is critical for healthcare providers to understand and comply with HIPAA to protect both their practice and their clients’ personal health information.
The Basic HIPAA-Compliance Rules
The Privacy Rule, added in 2000, protected individually identifiable health information processed by three types of covered entities: health plans, healthcare clearinghouses, and healthcare providers. Health plans are the individual and/or group plans that provide or pay the cost of medical care. Healthcare providers include any provider who transmits health information electronically to other covered entities. Healthcare clearinghouses are those that process nonstandard information they receive from other entities or vice versa.
Added in 2003, the Security Rule set standards for protecting the confidentiality, integrity, and availability of electronic protected health information. Lastly, the Omnibus Rule leverages provisions of the HITECH Act that strengthen the privacy and security protections for personal health information.
What are HIPAA Compliant Forms and How Do I Build Them?
An important aspect of being HIPAA-compliant is notifying clients of their rights and how their personal health information may be shared, and obtaining their authorization to release said information. Overall, the most important thing as a healthcare provider is to be absolutely sure you have received your client’s consent to exchange their PHI with other entities.
So, when are you required to give a HIPAA compliant release form to your clients? HIPAA authorization from clients is needed when personal health information needs to be disclosed for a reason that is not covered in the Privacy Rule of the original HIPAA Act. Covered disclosures include treatment, payment, and healthcare operations. Non-covered instances may include:
- Disclosing PHI to a third party, such as a family member, parent, or guardian
- Using PHI for marketing or fundraising purposes
- Using PHI for research
- Disclosing any psychotherapy notes
- Disclosing PHI for monetary compensation
The HHS has also outlined requirements for how to structure your HIPAA compliant authorization form. The overarching requirement for every single release form is that the communications must be written in plain language; this means that when describing how a patient’s health information will be used, HIPAA compliant forms must be in basic, easy-to-understand language, free of too much technical or medical jargon. Forms must also be easily available for patients to read and review before they sign and authorize the release of their information. Aside from that, the bare bones of the form include: a description of the type of PHI that will be disclosed, the purpose for disclosure, who the information will be shared with, the date at which a patient’s consent expires, and the patient’s dated signature. The form must also educate each client about their rights, which include the right to revoke said authorization and how to do so, any exceptions to do so, and that they cannot be penalized for not providing authorization.
Healthie’s platform also provides secure ways to send messages, emails, documents, forms, and faxes virtually to support your practice.
Are Google Forms HIPPA Compliant?
If you implement your HIPAA strategy in the right way, you can use Google Forms to obtain HIPAA authorization and other personal health information from clients. To use Google Forms, you must obtain a Business Associate’s Agreement from Google. A business associate is “a person or entity, other than a member of the workforce of a covered entity, who performs functions or activities on behalf of, or provides certain services to a covered entity that involve access by the business associate to protected health information.”
A BAA is critical to describe how the third party protects and secures the PHI to which they have access, and outlines the “uses and disclosures of the protected health information by the business associate.” It is likely that your business associates already have a BAA prepared to share upon request; you as the provider are required to initiate the process of obtaining and signing the BAA in order to ensure compliance. This means you can use Google Forms for HIPAA authorization, intake forms, progress surveys, and any other instances in which you might need to collect a client’s personal health information.
Other HIPAA Compliant Client Forms you Might Need
Once you have received HIPAA authorization to release a client’s personal health information, you will need to collect said health information through other intake forms. Some important online intake forms may include:
- New Client Intake Forms: Collect basic patient information such as demographics, contact information, payment information, and medical history
- Office Policies: This can include cancellation or rescheduling policies, client-provider contact policies, and financial responsibilities.
- Referral Information: If your client was referred by a primary care provider, collect that information on this form to build your network.
- Insurance Information: If you are an insurance based practice, you can collect your client’s insurance information and photos of their insurance card right off the bat.
Leveraging a cloud-based platform is a useful solution to both securely store patient paperwork, complete chart notes and to streamline the intake form process.
Healthie’s free Starter plan is completely HIPAA and PCI compliant, sign up for a free account today.
Using Healthie for HIPAA-Compliant Forms & Cloud Storage
With Healthie, a practice management platform for wellness professionals, you can create your new patient intake forms and will automatically distribute them to patients to complete electronically. Healthie’s EHR and practice management platform is HIPAA-compliant, so you can rest assured that your client’s information is secure.
Here’s what you gain when working with your wellness clients via Healthie:
- HIPAA-Compliant forms and charting
- Insurance Billing
- Patient Engagement
- Payment Processing
- Reporting and analytics
Healthie’s Plus, Group, and Enterprise levels all integrate with HIPAA-compliant Zoom. To set up a free Starter account to test out other features, click here. you’re a solo practitioner or part of a multi-provider group or organization, our flexible membership plans adapt to meet your business needs. Let us help you launch your practice.
Make more time to grow your business
Use a platform that automates the administrative, so you can focus on growth and care.
Stay Up to Date with Healthie
Sign up for our monthly newsletter