By Sharon Muza, BS, CD(DONA), BDT(DONA), LCCE, FACCE, CLE

The Health Insurance Portability and Accountability Act (HIPAA – Not HIPPA!) became a law in 1996 by a sweeping vote of Congress. You can read more about what this law does (and does not do) here in this great explanation by Consumer Reports. If you want to take a deeper dive, I encourage you to check out the U.S. Department of Health & Human Services website, where you can learn even more. It is important for you to understand that doulas do not fall under HIPAA regulations.

For a quick FAQ, Susan Feinstein’s article on the Consumer Reports website includes this information:

What is HIPAA?

The Health Insurance Portability and Accountability Act’s primary purpose was to help protect employees and their families from losing health-insurance coverage after a job change or loss.

What does HIPAA have to do with privacy?

One of the provisions of HIPAA—and perhaps the most well-known among consumers—is the HIPAA Privacy Rule, which regulates who can look at and receive your individually identifiable health information. The HIPAA Privacy Rule applies to all forms of protected health information, whether electronic, written, or oral. It is an important tool in helping to protect against health care identity theft.

What type of health information has to be kept private?

HIPAA calls it Protected Health Information (PHI), and it includes any individually identifiable information about your health status, health care that you have received, or payment for health care. The HIPAA Privacy Rule does not apply when the information is used as part of a large data set with no identifiers that connect information to individual patients. Also, the HIPPA Privacy Rule does permit release of your medical files for the purposes of coordinating treatment with another provider, payment, or other health care operations.

Who has to keep my medical information private?

This is a key point. Only “covered entities” are bound by the HIPAA Privacy Rule. Covered entities include:

  • individual health care providers, such as doctors, psychologists, chiropractors, dentists, pharmacists, and nurses.
  • medical establishments, such as hospitals, clinics, urgent care centers, and nursing homes
  • health plans, such as health insurance companies, HMOs, company health plans, and certain government programs that pay for health care, including Medicare and Medicaid
  • health care clearinghouses, such as organizations that work with converting health information into electronic format.

Importantly, many entities are not covered by HIPAA. These include your employer, life insurance companies, workers’ compensation carriers, and most schools and school districts. Nor does it apply to companies that collect your information through health-tracking apps or activity trackers. And, to the chagrin of many, the HIPAA Privacy Rule does not apply to a friend or family member who breaches your confidence, to your coworker who overhears you talking on the phone, or to the sanitation worker who finds your paperwork in the trash.

How is the HIPAA Privacy Rule enforced?

The federal Office for Civil Rights  (OCR), which is within the U.S. Department of Health and Human Services (HHS), is in charge of enforcement. You, as a consumer, can file a complaint, but you have no standing under this law to sue for a HIPAA Privacy Rule violation. Only the OCR or the U.S. Department of Justice can file an action.

According to the law, neither birth or postpartum doulas are entities required to follow HIPAA regulations. There is also nothing in the DONA International Scope of Practice or Code of Ethics that requires DONA members to follow HIPAA guidelines.

That does not mean that doulas should not respect client confidentiality and make every effort to secure documents (both paper and electronic) that contain information, communications, and images of the clients that doulas work with. This requirement *is* covered and addressed in the DONA International’s Standards of Practice and Code of Ethics:

Confidentiality and Privacy. The doula should respect the privacy of clients and hold in confidence all information obtained in the course of professional service.

Here is a simple graphic that covers what the doula should know about protecting their client’s confidentiality.

Doulas are professionals and should honor the trust that clients have placed in them to respect client confidentiality. Our clients deserve that and it is the ethical thing to do. A great guideline to follow is “when in doubt, leave it out” which is clear and simple.

How do you handle client confidentiality in your practice? What situations have you come up against that has felt awkward or uncomfortable? How do you talk about confidentiality with your clients? Share your thoughts and experiences in the comments here.