TPC-Journal-V5-Issue3

The Professional Counselor /Volume 5, Issue 3 411 • Authentication includes “the corroboration that a person is the one claimed” (HIPAA, 2013, § 164.304, p. 1027). • Confidentiality defines “the property that data or information is not made available or disclosed to unauthorized persons or processes” (HIPAA, 2013, § 164.304, p. 1027). • Encryption is “the use of an algorithmic process to transform data into a form in which there is a low probability of assigning meaning without the use of a confidential process or key” (HIPAA, 2013, § 164.304, p. 1027). • Security incident is described as “the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operation in an information system” (HIPAA, 2013, § 164.304, p. 1027). HIPAA (2013) standards are categorized as either required or addressable as indicated in Section 164.306.d.1. The rest of this document will highlight the standards that the authors believe shape a set of best practices for counselor educators when implementing technology into their counselor education programs. The degree to which a counseling program decides to implement those standards that are considered required or addressable will be determined by their status as a covered entity, state laws, needs of their counseling program and the financial feasibility of implementing these standards. Safeguards HIPAA requires that all covered entities maintain policies and procedures that (1) ensure confidentiality and availability of all electronic PHI, (2) protect against any reasonably (emphasis added) anticipated threats or hazards to the security or integrity of ePHI, (3) protect against any reasonably anticipated uses or disclosures of ePHI, and (4) ensure compliance by the workforce. The following sections will discuss ways in which HIPAA Privacy and Security rules can be utilized as best practices in counselor education programs so that foreseeable risks, threats and vulnerabilities may be minimized. Please note that this interpretation of safeguards is intended for the consideration of counselor education programs that are not covered entities, but may use HIPAA Privacy and Security rules to establish a set of policies and procedures as a means of best practice. (For a sample guide for counselor educators to use in developing policies and procedures, please contact the first author). Administrative Safeguards Administrative actions and oversight make up an important component of the language within HIPAA (2013). Administrative safeguards consist of the policies and procedures designed to “manage the selection, development, [and] implementation” (§ 164.304, p. 1027) of the security and privacy of one’s ePHI. This section describes HIPAA standards to consider when establishing administrative safeguards. Assigned responsibility. A faculty or staff member within the counselor education program should be identified as responsible for the development, oversight and implementation of the policies and procedures for the department. The faculty member needs to be familiar with the privacy and security policies of HIPAA in order to implement the policies and procedures and to facilitate student training in ways that address the specific needs of the program. Developing a relationship with a staff member in the university information technology department may result in collaborative efforts regarding specific procedures for the use of technology within the university.