This Week's Poll
Looking for a supervisor? You surely don't want one that cuts corners cause that's what they'll be teaching you to do. One of the most common areas in which to cut a corner is the mandatory compliance for mental health counselors.
That means they've skipped the implementation of their HIPAA/HITECH compliance program and opted to "wing it and hope for the best". Is that the kind of supervisor you want? Better choose wisely cause all supervisors are not equal!
Mandatory Compliance For Mental Health Counselors: What Do I Need to Know?
A fully licensed counselor needs to be familiar with all of the subject-matter represented in The Counseling Landscape, including HIPAA/HITECH compliance. Doesn't matter whether you plan to run your own practice someday or not. Everyone needs to know this stuff and you're either going to learn it from the supervisor you pick or, you're going to pay good money to learn it on your own later.
A well-rounded supervisor candidate for you will recognize that HIPAA/HITECH compliance is a 3rd-party program that they are required by law to put in place. That's what you're looking for.
If You See This, Run!
Misguided thinking believes that compliance is simply a matter of determining if "the other guy" is HIPAA compliant or not. That's half of it, but the counselor/supervisor still has to pay for and implement a structured compliance program. As mentioned above this is typically done through a 3rd-party provider.
So, unfortunately, if you were to ask most supervisors, "have you done your HIPAA compliance?", or "are you HIPAA compliant?" they're going to say, "yes", because what they just heard was, "are all of the online platforms you subscribe to and deal with HIPAA compliant?" And that's NOT what you just asked.
They saw on the platform's website that it said, "HIPAA Compliant", but good luck with that. Some are, some aren't. So you can see how asking a supervisor candidate if they're compliant won't get you very far.
So How Can I Be Sure?
Any counselor who's completed the implementation of a 3rd-party compliance course will have "evidence" of it lying about their office. If you know what to look for and ask about, you can know for sure if they've done their compliance.
Here's (3) things to look for:
They Will Have Policies & Procedures Hard-Copy
The compliance implementation process generates a set of manuals that must be printed out and kept in the office.
So ask: Do you have a set of compliance manuals in-house and may I see them? (A totally legitimate request!)
They Will Have a Designated Privacy Officer
One of a hundred things that has to be decided and put in writing during the implementation process is who in the office is going to be the dedicated Privacy Officer. This person is extremely important in that they are the only one allowed by plan to handle release of records requests.
So ask: "Who is your designated Privacy Officer?"
They Will Have a Firewall in Place
One of the major objectives of the compliance process is data security. 3rd-party compliance providers will strongly encourage the client to put a physical firewall in place to help prevent bad guys from the internet getting through.
So ask: "Do you have a physical firewall in place for data security purposes?" (This one by itself doesn't guarantee they have a compliance program in place, but in conjunction with the other two, you're 3-for-3!)
You won't hear this stuff in school, but you know it now. Asking these types of questions of your supervisory candidates is totally legit and if they have a problem with it, go somewhere else (they won't; they'll be to busy trying to figure out wth you're talking about to object anyway!). This is your life, your career and you've spent too much time and money to be shy or settle for less than the best. Speaking of the best, check out The Wall of Excellence.
Plan Smart. Be Safe. Serve Others.
Kathleen Mills, LPC-S, CEAP
Got An Opinion?
These posts are my beliefs based on a) almost 30 year practice as a mental health provider and b) my own research. Whether you agree or disagree, please feel free to leave your civil, constructive comments below. I try very hard to back up my liberty-based statements with my own experience and/or verifiable facts and I would ask you to do the same. You do not need to be logged in to leave a comment.