If an ADHD coach handles protected health information (PHI), they must use HIPAA compliant emails or text messages, to maintain client confidentiality, adhere to legal obligations, and uphold ethical standards.
According to the ADD Coach Academy, patients with attention-deficit/hyperactivity disorder (ADHD) “have the same human needs as any coaching client, and also face unique challenges related to ADHD, which can interfere with their quality of life. These challenges might include hyperactivity, impulsivity, and/or inattention, as well as the belief that they can't reach their goals because they have ADHD.”
ADHD coaches specifically work on practical strategies and skills to help patients address the challenges associated with ADHD. They also “work with clients to create structures, support, skills and strategies to help them move forward with fuller and more satisfying lives.”
ADHD coaches “are not licensed to offer a medical diagnosis or medication,” explains HealthCentral. However, if an ADHD coach is providing services that involve handling protected health information (PHI), like discussing specific medical history, medication details, or other personal information, they must maintain HIPAA compliance.
Health Insurance Portability and Accountability Act (HIPAA) was enacted to safeguard individuals' medical information. It sets the standards for protecting health information and applies to covered entities, like healthcare providers, health plans, and healthcare clearinghouses, that transmit electronic health information.
While ADHD coaches do not always fall under this category, they can still handle protected health information (PHI) when working with clients on aspects like medication management, treatment plans, and personal health details.
Go deeper: Who needs to be HIPAA compliant?
Client confidentiality: ADHD coaching often involves discussing personal details that fall under PHI, so ensuring HIPAA compliance helps maintain client confidentiality, creating a safe environment for open communication.
Legal obligations: Providers, including ADHD coaches, must protect PHI and ensure HIPAA compliance, as non-compliance can lead to severe penalties, including fines and reputational damage.
Ethical standards: “HIPAA framework is consistent with ethical norms governing patient care,” explains the AMA’s federal privacy protections. So, ADHD coaches must uphold HIPAA standards for ethical conduct and professional integrity.
Read also: Ethical email marketing for healthcare organizations
Regular electronic communication services are not secure and should not be used for transmitting PHI. Instead, ADHD coaches must use a HIPAA compliant platform, like Paubox, when emailing or texting clients. These platforms offer encryption, secure storage, and access controls, safeguarding patients’ PHI from unauthorized access and mitigating the risk of potential breaches.
Provider organizations must ensure all staff involved in ADHD coaching are regularly trained on HIPAA regulations and understand their responsibilities regarding PHI. Regular training sessions can help reinforce compliance and promote a culture of privacy and security within the organizations.
ADHD coaches must explain to patients how their PHI will be handled and protected. Furthermore, ADHD coaches can use HIPAA compliant consent forms that outline privacy practices, client rights, and procedures for handling PHI.
HIPAA applies to healthcare providers, health plans, and healthcare clearinghouses that handle protected health information (PHI).
Protected health information (PHI) includes any individually identifiable health information held or transmitted by a covered entity or its business associates.
Penalties for HIPAA violations can range from fines of up to $50,000 per violation to criminal charges and imprisonment, depending on the severity and intent.