Community health workers access protected health information (PHI), so the workers and the centers they operate in have to comply with HIPAA.
The HHS outlines that the organizations required to comply with HIPAA include covered entities and business associates. It specifically states, “covered entity under HIPAA must comply with the Rules' requirements to protect the privacy and security of health information…” and “If an entity does not meet the definition of a covered entity or business associate, it does not have to comply with the HIPAA Rules.”
Community health workers often interact with patients, providing health services that require access to PHI. As these workers often work directly for or with these entities, they are often classified as covered entities. It means they must comply with HIPAA to protect the PHI they are responsible for.
Use HIPAA compliant communication tools
Collect patient data securely
Limit the PHI shared
Have regular training sessions
Be careful when it comes to community engagement
The Health Insurance Portability and Accountability Act is a federal law protecting the privacy and security of people's health information.
Community workers focus on connecting individuals to research and support in their community, social workers provide counseling and support to individuals to address mental health or social issues usually through federal or nonprofit organizations.
Yes, when social services handle PHI, they must comply with HIPAA.