HIPAA Compliance: A Mindfulness Mandate

EMPA Blog Photos EntrepreneurBusiness ownership does not come with a specified list of office hours. You’re always open for business from helping a client to keeping your office smoothly running, you don’t get many opportunities to put responsibilities aside. Observing the holidays is no exception. You will always need to squeeze some practice management obligations between gift-giving and festivities. So instead of kicking back for a breather this holiday season, consider looking ahead to the new year and inventorizing your business priorities. Make sure to plan on assessing the risk management portion of your practice. One of the most beneficial actions you can take for yourself is ensuring your business remains HIPAA compliant. Do you recall the procedures that you need to have in place? If not, here’s a refresher.

            First, what exactly is HIPAA (Health Insurance and Portability and Accountability Act) and why is it so important? HIPAA stands out as the government-sanctioned metric for healthcare practitioners to follow. Simply, the act requires professionals in the health field to maintain the privacy and security of patients’ Protected Healthcare Information (PHI).

Who Needs to be HIPAA Compliant?

In its guidelines, HIPAA identifies the regulated businesses or “covered entities,” which must adhere to the act’s required policies. Covered entities typically refer to health care professionals and health care corporations. Energy healers, who are licensed healthcare professionals, work within their scope of practice and are also considered covered entities, and as such, must protect their clients’ confidential healthcare information including the personal information on an intake form. As an energy practitioner, you would need to be HIPAA compliant if you respond “yes” to any of the following:

  • You maintain session notes for each client
  • You require intake forms from each client
  • You have client communications containing confidential information
  • You have liability or malpractice insurance coverage in case client files are subpoenaed

If you get the feeling that HIPAA is a little vague with its definition of “covered entity” and you’re not sure whether the law applies to you, it is always smart to take the HIPAA path regarding the handling of private information. Remember, you are a guardian of your client’s confidential records, not the owner, and respect for the privacy of your clients takes precedence.

Practitioners who are unlicensed energy healers and do not practice in a regulated profession, do not need to adhere to HIPAA standards. A few states, including California and New Mexico, have health care freedom laws and as a result, are not explicit about HIPAA compliance. In cases like this, a practitioner can decide what to do however, conducting yourself like a licensed practitioner and maintaining HIPAA compliance would be a wise decision.

HIPAA Guidelines

               Following the guidelines set up by HIPAA is not difficult, but it does require diligence by a practitioner to ensure the required procedures are in place and kept current. If keeping on top of the administrative details demanded by HIPAA does not come naturally to you and your client records are rudimentary at best, then make today your first step towards thorough HIPAA compliance. Let go of the old routines that might keep you from fully embracing HIPAA. As with any new habit, give yourself at least one week until new procedures become routine for you. It won’t take long until you’ve accustomed yourself to the recordkeeping that is required, and compliance becomes second nature to you.

If you’re wondering how much time and effort HIPAA requires from you, the guidelines and forms are not complicated nor time-consuming – as long as you are prepared. Adopt a new attitude about HIPAA documentation. Don’t think of it as a chore but as a way to develop a deeper relationship with your clients. Plus, HIPAA compliance can be a good marketing resource for you. It’s all in your attitude and the steps you take with your existing clients and prospects in becoming HIPAA compliant. Here’s how you start.

Collect the Right Information

               Data collected for HIPAA can be summarized as information that is collected which can be used to identify the client. So what information do you collect and is regulated by HIPAA?


    Name Medical record history
    Residence Medical record dates
    Telephone & FAX Numbers Prescriptions
    Social Security Doctor names & contact
    Email addresses Medical procedures/surgeries

Most energy practitioners already have a client intake form which serves as a primary source of information. If you’re collecting this kind of information, then it needs to follow HIPAA guidelines. On its website, Energy Medicine Professional Association has a sample intake form which can be a helpful resource for you to ensure you have a comprehensive form.

An informed consent form includes information about your scope of services and relationship between you and the client. You do not want to confuse the client intake form with the informed consent. To simplify things, you could consolidate these two forms, but it might be a better idea to keep them separate. In doing this, your client would have a clear understanding of the role of the informed consent form. Rather than focus on the client, informed consent addresses scope of practice and practitioner credentials including:

  • Credentials and areas of expertise (scope of practice)
  • Descriptions of the treatment
  • Benefits and limitation of treatment
  • Explanation of what a client could expect
  • Fees and cancellation policy
  • Insurance
  • Confidentiality and privacy statement

One of its most important features of the informed consent can be distilled into a brief, yet direct paragraph known as the hold harmless clause. The forthright language of a hold harmless clause adds an extra layer of protection and liability clarity for your clients. 

“_______ By signing this release and initialing here, I hereby waive and release Energy Healer from any and all liability past, present and future relating to her services, whether they be onsite at the home of the client signing this consent or at another location. Except in the case of gross negligence or malpractice, I or my representative(s) agree to full release and hold harmless Energy Healer from and against any and all claims or liability of whatsoever kind or nature arising out of or in connection with my session(s).”

The hold harmless statement makes it specifically clear the client waives any prospect of a liability claim for the energy healing services received. Combined with your liability insurance, you have powerful protection which would cause anyone to think twice before filing a claim As well, in addition to having liability insurance, you have a process that deters frivolous lawsuits.

               Having your clients sign an informed consent and hold harmless are precautionary measures you should take for your business. By doing this, you can have peace of mind through protection and the freedom to focus on your gift: energy healing. Treat yourself as you do your clients. Give yourself the resources to help you and your practice thrive.

Pro-Active Risk Avoidance: 3 Risk Solution Strateg...
One Promise You Must Keep