HIPAA Basics and How it Relates to Doulas
HIPAA: An acronym with the expanded meaning of “Health Insurance Portability and Accountability Act.
In 1996, the Health Insurance Portability and Accountability Act was passed by President Bill Clinton. HIPAA helps to keep patient information safe, simplify administrative billing processes, and much more!
Traditionally, doula programs have not included much on HIPAA because doulas have not been included in the healthcare system as healthcare providers. However, when a doula works directly for a hospital or charges insurance for doula services through Medicaid or private insurance claims, HIPAA does apply.
As Medicaid reimbursement and insurance coverage of doulas expands in the United States, understanding HIPAA and how it relates to your doula practice is essential–and has real legal and criminal implications if not followed correctly.
That can all feel pretty scary and daunting. This blog aims to help break down some of the obligations and requirements to help give birthworkers a place to start.
Disclosure: All information in this blog is shared for guidance but should not be taken as a substitute for legal advice.
There are a number of sections and rules under the HIPAA umbrella that may be helpful to become familiar with (listed below for reference):
Healthcare Access, Portability, and Renewability
Protects patients who lose their job from losing their health insurance
Administrative Simplification
The goal of this provision is to create uniformity and simplify the billing processes for electronic healthcare processes. You can learn more by reviewing this Administrative Simplification Resources Toolkit
→ Unique Identifiers Rule
As a part of the Administrative Simplification rule, HIPAA established the need for NPI’s (National Provider Identification numbers) to help with Administrative Simplification of billing and record keeping. If you plan on submitting claims for insurance or Medicaid, you will need an NPI. The application to request an NPI is free.
Privacy Rule
To keep a patient’s information safe, this rule helps keep patient Medicaid information from being made public. Information such as the patient’s medication(s), provider’s diagnoses, and more are classified as Private Health Information, or PHI, and should not be shared. Considerations for doulas regarding the Privacy Rule might include:
Not sharing medical data with providers who are not on that client’s care team
Keeping conversations private (pay attention to who is within earshot!)
Not releasing PHI without your client’s written consent (e.g., include a clause in your client agreement for billing release purposes)
Avoid releasing any information about your client on social media (this includes pictures!)
Security Rule
This rule sets standards for keeping records safe and establishes processes to protect against data breaches. It feels like there is a new scam every day, and as doulas, we have to be very aware of the security measures we have implemented in our practice. Considerations for the Security Rule might include:
Locking all of your devices
Only sharing PHI records on secure platforms
Keep antivirus/malware and VPNs
Getting rid of files (physical or electronic) properly (e.g., shredding and fully deleting/wiping information from your device)
Enforcement Rule
This rule sets specific processes for violations and enforcement. HIPAA has real legal, criminal, and financial liability for providers. For instance, if there is a breach (e.g., if there is a scam that affects your devices), in addition to other steps, affected clients MUST be notified. Enforcement penalties will vary and take into consideration various factors such as a risk assessment, intent, and more.
Ombinus Rule
This rule was added later and expands responsibility for upholding HIPAA to third party organizations (e.g., if you use another system to submit claims), and it also establishes tiers for penalties.
Doula practices that submit claims to insurance/Medicaid must follow HIPAA guidelines to keep the client records safe and secure. It is your responsibility to educate yourself and stay aware of liabilities and requirements. It is also important to do a risk assessment of your practice and ensure that all of your systems and processes are compliant.
HIPAA and Clients
Part of understanding your responsibility as a provider is knowing what rights your clients have. This applies to records within your doula practice and other medical care that they receive. Providers (in this case, doulas are included) should be asked to read and agree to a Privacy Statement that outlines their rights.
These may include but not be limited to:
All clients/patients* have the right to access their medical records
If there is an error in the records, clients/patients can submit a “written statement of disagreement” that is kept on file
Providers can discuss medical records between other providers on the patient’s care team for the sake of discussing the best care plan or for billing reasons, but they should not discuss with providers who are not serving the client
Clients have the right to request that medical providers contact them via email, phone, text, etc. and have the right to request that voicemails are not left
When paying out of pocket, patients have the right to request that their payment and care information is not shared with an alternative active health plan that they might have.
Understanding the rights of your client can help you in supporting their navigation of the medical system so that you can effectively advocate for them.
*(Note: clients and patients are used interchangeably in the section above, but doulas or midwives will typically use the term client, while nurses and doctors will primarily use the term patient.)
Becoming a Medicaid Provider
Exciting news! As of this writing, BADT is working on a Medicaid/Billing course to help support our students in navigating the world of provider enrollment and claims submissions–stay tuned for more information!
We at BADT are working hard to stay up to date with the state Medicaid requirements for doula reimbursement. You can see the full list of states our training meets the requirements for on our website. In addition, BADT training also qualifies you to work with Carrot Fertility and WINFertility–with more coming!
Please feel free to reach out to us with any questions. While we may not have location-specific information, we can answer questions that we do know the answer to and help point you in the right direction for those that we don’t. Happy learning!
Resources
Free HIPAA training for CHWs (Community Health Workers) from the New England Public Health Training Center
Your Health Information, Your Rights! from HealthIT.gov
Doulado: a very user-friendly, HIPAA-compliant electronic health record and client management system built for doulas with the capability to bill insurance directly through the platform