TPC-Journal-V5-Issue3

The Professional Counselor /Volume 5, Issue 3 410 professionals (ACA, 2014). For example, the movement toward increased use of ePHI across health care will place increasing demands on students to understand how to appropriately keep electronic data private and secure. Counselor educators need to be mindful of how the use of technology in the practice of counseling is being taught and implemented with counseling students. Counselor educators should thoughtfully consider how students will learn the ways in which technology can be used professionally while maintaining ethical and legal integrity (Association for Counselor Education and Supervision [ACES] Technology Interest Network, 2007; Wheeler & Bertram, 2012). Having standards to guide the use of ePHI throughout counselor education programs is a way in which students can become knowledgeable and skilled regarding the laws and ethics surrounding digital media. Policies and procedures should include information guiding the ways in which students collect, store and transmit digital media (e.g., audio recordings or videotapes) while a member of the counseling program. By requiring students to utilize the ePHI (real or fictitious) they collect in accordance with policies and procedures informed by HIPAA and HITECH, students crystallize their understanding of these complicated laws. HIPAA Compliance and Technology Complying with HIPAA Privacy and Security Rules requires individuals to be mindful of policies and procedures, known as “administrative safeguards” (HIPAA, 2013, §164.308, p. 1029), and work to implement safeguards consistently. The HHS has made clear that it does not provide any type of credential to certify that an individual, business, software or device is HIPAA compliant (HHS, n.d.-a; Reinhardt, 2013). Complying with HIPAA rules requires organizations and individuals to address many different processes where choice of hardware or software is only one aspect (Christiansen, 2000). Being HIPAA compliant is less about a certification or a credential on a device and more about having a set of policies and procedures in place that ensure the integrity, availability and confidentiality of clients’ ePHI (Christiansen, 2000; HHS, n.d.-b). Hardware and software technology companies who make claims that a product or an educational resource is HIPAA compliant are likely doing so for marketing purposes. Claims of this type are mostly meaningless (HHS, n.d.-a) and would not provide protection in the case of a breach (HITECH, 2009). Being HIPAA compliant is an “organizational obligation not a technical specification” (Christiansen, 2000, p. 7). The distinction is important for educators to understand as they seek to implement technology in counselor education programs. When establishing a set of policies and procedures within a counseling department, the recommendations set forth in describing the security and privacy of PHI in Part 164 of HIPAA (2013) can be an appropriate framework for establishing best practices for counselors and counselor educators. The general requirements in complying with HIPAA security standards are to ensure the confidentiality, integrity and availability of individuals’ ePHI while protecting against any reasonably anticipated threats to the security and privacy of said ePHI (HIPAA, 2013, §164.306.a). The key phrase to consider is that covered entities are asked to protect against any “reasonably anticipated” (HIPAA, 2013, §164.306.a, p.1028) threat. Educators must understand the importance of spending time considering reasonable, foreseeable risks. A primary responsibility is to create administrative safeguards that address any reasonable, foreseeable risks, which the individual, department or covered entity establishes. Before looking at key aspects of HIPAA Privacy and Security guidelines, key definitions should be understood: • Administrative safeguards include policies and procedures used to manage the development, selection, implementation and security in protecting individuals’ ePHI (HIPAA, 2013, § 164.304).