TPC-Journal-V5-Issue3

407 The Professional Counselor Volume 5, Issue 3, Pages 407–418 http://tpcjournal.nbcc.org © 2015 NBCC, Inc. and Affiliates doi:10.15241/tw.5.3.407 Tyler Wilkinson, NCC, is an Assistant Professor at Mercer University. Rob Reinhardt, NCC, is in private practice in Fuquay-Varina, NC. Correspondence may be addressed to Tyler Wilkinson, 3001 Mercer University Drive, AACC 475, Atlanta, GA 30341, Wilkinson_rt@mercer.edu. Tyler Wilkinson, Rob Reinhardt Technology in Counselor Education: HIPAA and HITECH as Best Practice The use of technology in counseling is expanding. Ethical use of technology in counseling practice is now a stand-alone section in the 2014 American Counseling Association Code of Ethics. The Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act provide a framework for best practices that counselor educators can utilize when incorporating the use of technology into counselor education programs. This article discusses recommended guidelines, standards, and regulations of HIPAA and HITECH that can provide a framework through which counselor educators can work to design policies and procedures to guide the ethical use of technology in programs that prepare and train future counselors. Keywords: counselor education, technology, best practice, HIPAA, HITECH The enactment of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) brought forth a variety of standards addressing the privacy, security and transaction of individual protected health information (PHI; Wheeler & Bertram, 2012). According to the language of HIPAA (2013, §160.103), PHI is defined as “individually identifiable health information” (p. 983) that is transmitted by or maintained in electronic media or any other medium, with the exception of educational or employment records. “Individually identifiable health information” is specified as follows: Information, including demographic data, that relates to: • the individual’s past, present or future physical or mental health or condition, • the provision of health care to the individual, or • the past, present, or future payment for the provision of health care to the individual, and that identifies the individual for which there is a reasonable basis to believe can be used to identify the individual. Individually identifiable health information includes many common identifiers. (U.S. Department of Health and Human Services [HHS], n.d.-b, p. 4) The HIPAA standards identify 18 different elements that are considered to be part of one’s PHI. These include basic demographic data such as names, street addresses, elements of dates (e.g., birth dates, admission dates, discharge dates) and phone numbers. It also includes information such as vehicle identifiers, Internet protocol address numbers, biometric identifiers and photographic images (HIPAA, 2013, § 164.514, b.2.i). According to language in HIPAA, the applicability of its standards, requirements and implementation only apply to “covered entities,” which are “(1) a health plan (2) a health care