The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federally mandated law that protects patients' privacy and all identifiable health information from being shared without a patient’s consent. However, the Privacy Rule that is attached to HIPAA allows for minimally necessary information to be shared for patient care between providers, covered entities and business associates.
Where do medical interpreters fit into the law? Are they mandated to be HIPAA compliant? How do you know if they are?
Interpreters who are not directly employed by a medical facility are considered business associates. A business associate is defined as someone who provides services for the medical facility while not being a direct employee of that facility. For example, when a hospital has the need for interpreting services and they contract with an interpreter, whether onsite or via video remote, that interpreter is a business associate.
Hospitals, clinics and medical facilities are considered covered entities and are mandated to train all of their employees (members of the workforce) on HIPAA policies and procedures. However, the medical facilities are under no legal obligation to ensure their business associates (contracted interpreters) are trained in HIPAA compliance. The covered entity may have a provision in their contract with the business associate that mandates HIPAA training and compliance, but at a minimum, the interpreter must adhere to a confidentiality agreement between the covered entity and the business associate.
A contract between a business associate and a covered entity must, “describe the permitted and required uses of protected health information by the business associate; provided that the business associate will not use or further disclose the protected health information other than as permitted or required by the contract or as required by law; and require the business associate to use appropriate safeguards to prevent a use or disclosure of the protected health information other than as provided for by the contract.” However, if the business associate has received HIPAA training, the provisions stated above are implied.
American Sign Language (ASL) interpreters in particular adhere to a code of professional conduct, which is governed by the Registry Interpreters for the Deaf. While the code of professional conduct has no legal implications if it is violated, interpreters can jeopardize their certification status if they do. Confidentiality is a cornerstone principle for certified interpreters and if an interpreter is not trained in HIPAA, the minimum standard of hiring only nationally certified interpreters provides the covered entity with some safeguards when it comes to patient privacy.
However, if a covered entity wants to ensure optimal language access for their patients, hiring a HIPAA compliant interpreter is preferred. As mentioned in previous blog posts, hiring nationally certified interpreters is critical to providing quality communication access, and adding a requirement that the nationally certified interpreter be HIPAA compliant offers even more protection for the covered entity and the patient.
For business entities, what does it mean to be HIPAA compliant? Interpreters who are HIPAA compliant have completed a training course on HIPAA, understand the provisions of HIPAA and how it can be violated. It is important to note that no HIPAA certification exists and interpreters who claim to be HIPAA certified are misinformed and/or misleading the hiring entities.
The United States Department of Health and Human Services does not endorse any particular training program or course for business associates (including interpreters), but there are several third party organizations that provide trainings; it is up to the business associate to determine the validity of the training program. ASL interpreters have plenty of options for HIPAA compliance training including one provided by SAW Interpreting.
HIPAA compliance reaches beyond doctors, nurses and medical providers to include anyone who comes in contact with patients and their healthcare information. Interpreters are no exception, and when providers are making arrangements for communication access, requiring national certification and HIPAA compliance should be mandatory. Hiring entities should feel free to ask interpreters for certificates of completion on HIPAA training when asking for proof of national certification. Your patients will be grateful for such thorough safeguards being taken to ensure quality, effective communication while respecting their privacy.
Site translation by Certified Deaf Interpreter Steven Stubbs.