Site translation by Certified Deaf Interpreter Steven Stubbs.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federally mandated law that protects patient’s privacy and all identifiable health information from being shared without patient’s consent. However the Privacy Rule that is attached to HIPAA allows for minimally necessary information to be shared for patient care amongst providers, covered entities and business associates.
Where do medical interpreters fit into the law? Are they mandated to be HIPAA compliant? How do you know if they are?
Interpreters that are not directly employed by a medical facility are considered business associates. A business associate is someone that provides services for the medical facility while not being a direct employee of the facility. For example, when a hospital has the need for interpreting services and they contract with an interpreter, whether onsite or video remote, that interpreter is a business associate.
Hospitals, clinics, and medical facilities are considered covered entities and are mandated to train all of their employees (members of the workforce) on HIPAA policies and procedures. However, the medical facilities are under no legal obligation to ensure their business associates (contracted interpreters) are trained in HIPAA compliance. The covered entity may have a provision in their contract with the business associate that mandates HIPAA training and compliance but at a minimum, the interpreter must adhere to a confidentiality agreement between the covered entity and the business associate.
A contract between a business associate and a covered entity must, “describe the permitted and required uses of protected health information by the business associate; provided that the business associate will not use or further disclose the protected health information other than as permitted or required by the contract or as required by law; and require the business associate to use appropriate safeguards to prevent a use or disclosure of the protected health information other than as provided for by the contract.” However, if the business associate has received HIPAA training, those provisions stated above are implied.
American Sign Language interpreters in particular, adhere to a code of professional conduct, which is governed by the Registry Interpreters for the Deaf. While the code of professional conduct has no legal implications if it is violated, interpreters can jeopardize their certification status if they violate it. Confidentiality is a cornerstone principle for certified interpreters and if an interpreter is not trained in HIPAA, the minimum standard of hiring only nationally certified interpreters does provide the covered entities with some safeguards when it comes to patient privacy.
However, if a covered entity wants to ensure the best for their patients when providing language access, hiring a HIPAA compliant interpreter is preferred. As mentioned in previous blog posts, hiring nationally certified interpreters is critical to providing quality communication access but adding a requirement that the nationally certified interpreter be HIPAA compliant offers even more protection for the covered entity and the patient.
For business entities, what does it mean to be HIPAA compliant? Interpreters that are HIPAA compliant have completed a training course on HIPAA and understand the provisions of HIPAA and how HIPAA can be violated. It is important to note that there does not exist a HIPAA certification and interpreters that claim to be HIPAA certified are misinformed and/or misleading the hiring entities.
The United States Department of Health and Human Services does not endorse any particular training program or course for business associates (including interpreters) but there are several third party organizations that provide trainings; it is up to the business associate to determine the validity of the training program. ASL interpreters have plenty of options for HIPAA compliance training; one in particular being provided by SAW Interpreting.
HIPAA compliance reaches beyond the doctors, nurses and medical providers to include anyone that comes in contact with patients and their health care information. Interpreters are no exception and when providers are making arrangements for communication access, requiring national certification and HIPAA compliance should be mandatory. Hiring entities should feel free to ask interpreters for certificates of completion on HIPAA training when asking for proof of national certification; patients will be grateful for such thorough safeguards being taken to ensure quality, effective communication while respecting their privacy.