Intro to HIPPA for Doulas Billing Insurance

HIPAA (the Health Insurance Portability and Accountability Act) is a federal law that protects a client’s Protected Health Information (PHI). PHI includes any information that can identify a client and relates to their health, care, payment for care, or health status.


Many doulas begin their work serving self-pay clients, where formal healthcare privacy laws may not have applied in the same way. In those settings, documentation and communication were often managed informally through personal email, paper notes, or private messaging. While confidentiality has always been a core value in doula care, these systems were not required to meet federal healthcare security standards.


Once you begin billing Medicaid or private insurance, however, you are considered a covered entity (or a business associate working with covered entities) and must comply with HIPAA. This means you are legally responsible for how client information is stored, shared, accessed, and protected.


HIPAA compliance requires using secure, approved systems for documentation, communication, and recordkeeping. It also means having clear policies in place to protect client privacy and prevent unauthorized access to sensitive information.


What Counts as PHI for Doulas?

Examples include:

  • Client name + pregnancy, birth, or postpartum details
  • Intake forms, visit notes, care plans
  • Insurance information (Member ID, DOB, diagnoses)
  • Claims, authorizations, EOBs
  • Messages discussing client care (email, text, app messages)

If it identifies the client and relates to care or billing, it’s PHI.

Core HIPAA Principles

  • Minimum Necessary: Only access or share the information needed to do your job.
  • Secure Storage & Communication:  PHI must be:
    • Stored in HIPAA-compliant systems
    • Shared only through secure, encrypted platforms
  • Client Rights:  Clients have the right to:
    • Know how their information is used
    • Access their records
    • Request corrections
    • Receive a Notice of Privacy Practices (NPP)
  • Accountability: You are responsible for protecting PHI, even if a mistake happens.

What NOT to Do

Avoid these common violations:

❌ Store client info in Google Docs (free version), Notes apps, or spreadsheets

❌ Text or email PHI through non-secure personal accounts

❌ Share logins or passwords

❌ Use platforms that are not HIPAA compliant

❌ Discuss client details in public or group chats

Steps for your HIPPA-Compliant Doula Practice

  1. Use HIPAA-Compliant Software

  • You must use systems that:
    • Sign a Business Associate Agreement (BAA)
    • Securely store and transmit PHI
  • Examples of compliant tools:
    • HIPAA-compliant CRM/EHR (like Doulado Premium or Impact)
    • Secure email and document storage (if needed)

  1. Maintain Required Documentation

  • You should have:
    • Notice of Privacy Practices (NPP) – given to clients
    • Client Acknowledgment - of Privacy Practice
    • HIPAA policies & procedures (even simple ones)
    • BAAs with any vendors that handle PHI

See this article for more information about required and recommended documentation for HIPPA Compliant Doula practices.

  1. Protect Client Information Day-to-Day

  • Use strong, unique passwords
  • Enable two-factor authentication
  • Lock devices when not in use
  • Avoid using shared or public computers
  • Log out of systems after sessions

  1. Submit Claims Securely

  • Submit claims through a HIPAA-compliant billing system
  • Never send insurance info via regular email or text
  • Store claims, authorizations, and EOBs securely

  1. Train Anyone You Work With

  • If you work with admin staff, schedulers, or backup doulas:
    • Give them individual logins
    • Provide basic HIPAA training
    • Limit access to only what they need

6. If You’re Part of a Team or Collective

  • Clearly define each business/entity
  • Document data ownership
  • Use role-based access
  • Maintain internal agreements or BAAs

Why Compliance Matters

Not following HIPAA can lead to:

  • Claim denials
  • Audits
  • Loss of payer contracts
  • Fines (even for small practices)
  • Loss of client trust

Even small practices are held accountable.

Final Takeaway

If you bill insurance, HIPAA compliance is not optional, but it is manageable with the right systems and habits. Think:

Secure tools + clear processes + minimal access = compliance


Resources:

HIPPA Basics for Providers from the Center for Medicare Services

HHS Privacy Practice Templates