Two HIPAA-Related Reminders for the Start of this School Year

by ih-coc admin

As parents, children, and youth navigate the start of the new school year, prevention and wellness will likely way heavily on the minds of the adults. These concerns will likely come in multiple shapes and sizes: in some school districts, this can mean an uptick in the sale of “bulletproof backpacks.” In others, the more mundane concerns of correctly filled-out state medical forms, and various medication authorizations take precedence. In still other areas, mobile or digital apps for everything ranging from homework follow-up, to health and wellness checks are on parents’ check-lists.

In the throes of the back to school rush, it is easy for parents and guardians to forget about the impacts and function of HIPAA privacy and security safeguards and their attendant risks, which take place when those same safeguards are ignored or under/over-utilized. This article provides a brief overview of 2 ways in which HIPAA safeguards—both the existence and lack thereof—can affect children and youth during this school year.

    1. HIPAA and Patient Privacy Once a Child turns 18

According to the HIPAA Privacy Rule, a child is no longer considered a minor upon turning 18, and even though the child might still be under their parents’ care or on their insurance, the parents themselves should ensure medical release authorizations are properly filled out, signed, dated, and submitted ahead of time to their child’s provider, or are at least on file should an emergency need arise, whether in-state or out-of-state. This restriction, as well as the actual format of HIPAA-compliant release authorization forms allow 18-year-old children and youth to limit the level of access their parents or guardians might have to their PHI and health records.

Ideally, parents and their 18-year-old children should have a clear conversation regarding medical authorizations related to care coordination or in the case of medical emergencies before the start of the school year or right around their 18th birthday, whichever comes first. However, it is never too late to complete medical release authorizations that ensure, should the need arise, that parents are allowed to properly participate in care coordination at the level required of them. Authorization forms can be easily located at your local provider offices or online. A version providing youth with the option to limit parental access to aspects of their PHI can be accessed at this link: https://www.athenaeum.edu/pdf/free-hipaa-release-form.pdf

2. The Importance of Securing Amazon and other mobile apps and accounts

Amazon is already the friendly neighborhood Big Data giant in homes across the United States. Children and young adults often have their own access accounts, subscriptions, and purchase lists; many adults purchase items for their home or their children’s school needs via Amazon as well. While there is no clear outline regarding Amazon’s plan for engaging with user’s PHI, there has been news of Amazon, Berkshire Hathaway, and JP Morgan coming together to form a new healthcare coalition to address the healthcare needs of their US employees (Businesswire, 2018).

Per a more troubling story from June 2018, a woman in Connecticut had her PHI information displayed via product photos of an item she purchased via Amazon from a 3rd party vendor. At the time, neither Amazon nor the 3rd party vendor was subject to HIPAA regulations as they were not and are not carriers of health insurance plans, health information clearinghouses, or actual providers (Loy, 2018). The roll-out of new offerings from Big Data companies that will incorporate user PHI is not a far-fetched idea and may come to fruition sooner than most parents might think. It is therefore prudent for your entire household to develop an age-appropriate understanding of why it is important to secure each individual’s PHI and personal information regarding health-related products such as wearables (e.g. Fitbit), DNA kits (e.g. 23andMe), or wellness subscriptions that require inputting PHI (e.g. online therapy modules or nutrition delivery services). It might also be smart to curtail sharing PHI until you as a consumer have a clear idea about how the particular company or service in question will use, protect, or share your PHI data.

New to HIPAA? Looking for a graphic that will introduce the concept to your end users, or family members? A useful one, developed by HealthIT.gov, is available below:

https://i.pinimg.com/originals/5e/a0/05/5ea005a6b6c92c2389ebe3088688ac56.jpg

 References

Businesswire (2018). Amazon, Berkshire Hathaway and JPMorgan Chase & Co. to partner on U.S. employee healthcare. Retrieved from https://www.businesswire.com/news/home/20180130005676/en/Amazon-Berkshire-Hathaway-JPMorgan-Chase-partner-U.S

Katherine Loy (2018). Vernon Woman Finds Her Personal Health Information on Amazon. Retrieved from https://www.nbcconnecticut.com/news/local/Vernon-Woman-Finds-Her-Personal-Health-Information-on-Amazon--486983141.html