Do community health workers have to comply with HIPAA?

Community health workers access protected health information (PHI), so the workers and the centers they operate in have to comply with HIPAA. 

Do community health workers need to comply with HIPAA? 

The HHS outlines that the organizations required to comply with HIPAA include covered entities and business associates. It specifically states, “covered entity under HIPAA must comply with the Rules' requirements to protect the privacy and security of health information…” and “If an entity does not meet the definition of a covered entity or business associate, it does not have to comply with the HIPAA Rules.”

Community health workers often interact with patients, providing health services that require access to PHI. As these workers often work directly for or with these entities, they are often classified as covered entities. It means they must comply with HIPAA to protect the PHI they are responsible for.

The HIPAA compliant practices that community health workers should follow

Use HIPAA compliant communication tools

• HIPAA compliant email and text messaging platforms like Paubox should be used for all communications. 
• While email can be used for longer and more official communications, text messaging offers a solution for rapid contact with patients and providers. 

Collect patient data securely

• When collecting patient information make sure to use secure, encrypted forms for data collection as opposed to paper forms.
• Storage should also be secure and protected with only limited staff having access. 

 Limit the PHI shared

• When sharing PHI with anyone, whether healthcare provider or third party, limit the information shared to what is necessary. 

Have regular training sessions

• Community health workers should be fully aware of the requirements set by HIPAA. The organization they work for should ensure that regular training sessions are conducted. 

Be careful when it comes to community engagement

• Patient information should never be discussed in public or shared spaces where others might overhear. 
• Always verify and research community resources before recommending them to patients. 

FAQs

What is HIPAA?

The Health Insurance Portability and Accountability Act is a federal law protecting the privacy and security of people's health information. 

What is the difference between a community and a social worker? 

Community workers focus on connecting individuals to research and support in their community, social workers provide counseling and support to individuals to address mental health or social issues usually through federal or nonprofit organizations.

Do social services need to be HIPAA compliant?

Yes, when social services handle PHI, they must comply with HIPAA.