Protecting learners’ privacy: HIPAA compliancy in the digital world

The power of digital

Portia modernizes ABA clinic practices by giving you the flexibility to work digitally whether you’re in the office or meeting a client remotely. With only an Internet connection you can collect data, communicate with team members, and save documents wherever you are. With all this data, industry professionals need to make absolutely sure that their clients’ Personal Health Information (PHI) is protected and that their data is handled with full confidentiality. U.S. law HIPAA (Health Insurance Portability and Accountability Act) mandates industry-wide standards for health care information on electronic billing and other processes. This reduces health care fraud and privacy leaks, protecting both the client and the clinic.

Keeping digital data safe

Portia secures all of the data collected on HIPAA-compliant servers, ensuring your clients’ data is safe. To keep it this way, make sure that each staff member who is assigned a device signs a privacy agreement that establishes their accountability. Signing an agreement instills a sense of ownership and ensures that staff know and understand the importance of protecting client PHI.

Here are 4 key points you should include in your privacy agreement:

  1. The device must be secured with a passcode. Set the passcode to wipe the device after ten unsuccessful attempts. It is much better to lose a few hundred dollars than your client’s PHI. The consequences of losing PHI are not just a hefty fine on the clinic’s part, but also a breach of trust and privacy for your client.
  2. Passcodes should be changed at regular intervals and should not be reused. If the staff member believes that someone has seen them enter the code, they must change it immediately.
  3. After a session, staff members must logout— an open device is an insecure device. To ensure this is done, performing random checks is good practice.
  4. Ensure the agreement includes the device model, serial number, full name of the user, date, signature, and a witness.

It is essential that the entire clinic is doing its utmost to protect clients’ PHI. With Portia, keeping client data safe isn’t difficult, but that doesn’t mean it’s not important. Make sure you know the risks that accompany data collection by seeking council from an industry expert or lawyer in your jurisdiction.


The information in this blog is for general information purposes only and is not intended to provide any type of professional advice. Portia does not guaranty the accuracy or reliability of any information contained in this blog from third party sources. You should consult a Board Certified Behavior Analyst or other qualified professional for specific advice. Portia International assumes no responsibility for any reliance made on or misuse or omissions of the information contained in this blog.

© 2012-2024 Portia International Inc.
Portia ABA Clinic Software, VirtualClinicPro™, PortiaPro™, Portia Software™ and Portia™ are Tradenames of Portia International Inc.