Does a HIPAA plan mean I'm compliant?

In short, no. There is no magic switch to make a doula HIPAA-compliant, however the software they use to manage client information, documents, and communication is probably the biggest piece. Lucky you!

Do I need a HIPAA plan?

Most doulas do not technically need to be compliant. There are several factors in determining and yu can read our article on the basics of HIPAA. However, if you need or want to be, and you use Doulado, then the only plans that provide a signed Business Associate Agreement (BAA) are the Team and Impact plans. Our Solo plan is not HIPPA Compliant.

If I am subscribed to a Team or Impact Plan, what's left?

Most of the effort in becoming compliant is in documenting your policies regard what are called HIPAA Specifications for the HIPAA Security Rule. Here is what we recommend:

  1. Identify what PHI you capture and take an inventory of all of the different tools, software, or other mediums you use to store or communicate that PHI
  2. You need to stop using any tools or software in Step 1 to only tools that offer HIPAA compliance to store or transmit PHI. For example, text messaging is not compliant, so you need to stop texting clients, or make sure and not text any PHI.
  3. You need to go through all of the HIPAA Rules and Specifications and document all of your policies, procedures, plans, etc. that you are going to follow to keep PHI safe. For example, in Step 2 above, text messaging was used as an example. If you continue to text clients, you need to create and write down a policy for yourself on what is and is not OK to text to clients.
  4. Create a breach plan for if something happens to client data, what actions would you take.
  5. You need to find some training material and courses on HIPAA and record when you read that material. Also create a policy regarding other people you work with and how you verify if they have been trained in HIPAA or if they are compliant.
  6. Create calendar reminders for yourself to regularly review your HIPAA practices and policies. Every 6 months is often fine, but just make sure you do it and take notes and document every time you review.

When am I compliant?

Only you can determine when you are officially compliant. Many of the factors you need to consider are based on your own judgement of risk and your practices. Once you are convinced that you have:

  1. Fully understood all of the HIPAA rules
  2. Received good HIPAA training material and used it
  3. Assessed the risks in your business practices and addressed them
  4. Documented the systems and tools you use to store and transmit PHI
  5. Set up the correct policies and procedures to safeguard client PHI
  6. Created a schedule for you to regularly review your HIPAA compliance strategies
  7. Documented everything related to the above

Then you can feel confident in adopting the term "HIPAA Compliant"

I am on a doula team member on a Team, am I HIPPA Compliant?

If the client is owned by the Team, meaning the Team owner added the client and is listed under the team account, then it is HIPAA protected. Essentially, if the client was created by the team and shows up under the team profile, then it's covered. If the doula on the team adds their own client as a personal client, it would not be HIPPA protected. If you are a doula on a Team, any team owned clients are HIPPA protected, but any clients on your personal clients tab are not (unless you have your own Team account).