Mental healthcare providers must use a HIPAA compliant form to obtain patients’ informed consent for telepsychology to protect themselves and their patients from potential legal risks.
HIPAA and telepsychology
The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that protects the privacy and security of individuals' health information. Therefore, HIPAA applies to all forms of communication when providing telepsychology services.
Telepsychology providers must obtain patients’ informed consent before sharing their protected health information (PHI). In telepsychology, consent involves a “video interaction between the participant and the provider followed by authentication via OTP or photo-based or handwritten e-signature or by clicking ‘Yes’ in the online informed consent form,” explains a study on the approach to informed consent in telepsychiatric service.
Throughout this process, providers must use a HIPAA compliant form, like Paubox, to obtain patient consent. HIPAA compliant consent forms use encryption, secure storage, and access controls to protect PHI from unauthorized access and potential breaches. Additionally, its HIPAA compliant cloud storage solutions provide regular audits with access logs, upholding federal privacy regulations in telepsychology services.
These forms are also customizable so providers can give the patient “enough information so [to] make an informed decision regarding the proposed procedure, test, examination, or treatment… after reasonably foreseeing the consequences of the choice.”
What should the HIPAA compliant form include?
In combination with the American Psychological Association (APA) informed consent checklist for tele-psychological services, HIPAA compliant forms must include the following:
- The provider’s name, signature, and the patient’s name, signature, and date.
- The potential benefits and risks of using a video-conferencing platform for virtual sessions.
- Required permissions for recording sessions.
- The patient’s webcam or smartphone requirements.
- Encourage patients to be in a quiet, private space free of distractions (including cell phones or other devices) during the session.
- Remind patients to use a secure internet connection rather than public/free Wi-Fi.
- Steps for canceling or rescheduling the appointment.
- A backup plan (e.g., phone number where you can be reached) to restart the session or reschedule in the event of technical problems.
- A safety plan that includes at least one emergency contact and the closest emergency room to your location, in case of a crisis.
- If the patient is a minor, the consent form must include a parent or legal guardian’s permission and contact information.
- Patients must confirm with their insurance company that the video sessions will be reimbursed; if they are not reimbursed, patients are responsible for full payment.
- If the therapist determines that telepsychology is no longer appropriate sessions should resume in-person.
Furthermore, healthcare providers must check that their video-conferencing platforms are HIPAA compliant. The platform must be willing to sign a business associate agreement (BAA) with the provider’s practice to assume responsibility for PHI shared through their platform. Examples include Zoom for Healthcare, Doxy.me, and other telehealth services.
Read also: Is Zoom HIPAA compliant? (Update 2024)
FAQs
What is a business associate agreement?
A business associate agreement (BAA) is a legally binding contract establishing a relationship between a covered entity under the Health Insurance Portability and Accountability Act (HIPAA) and its business associates. The purpose of this agreement is to ensure the proper protection of personal health information (PHI) as required by HIPAA regulations.
What is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) sets national standards for protecting the privacy and security of certain health information, known as protected health information (PHI).
HIPAA is designed to protect the privacy and security of individuals’ health information and to ensure that healthcare providers and insurers can securely exchange electronic health information. Violations of HIPAA can result in significant fines and penalties for covered entities.
Does HIPAA apply to mental health information?
Yes. HIPAA sets standards for protecting the confidentiality, integrity, and availability of protected health information (PHI), including mental health records.
Learn more: HIPAA Compliant Email for Mental Health Professionals
