ABRET HIPAA Policy
When the United States Congress passed the Health Insurance Portability and Accountability Act (“HIPAA”) (codified at 45 CFR parts 160 and 164) Congress anticipated and provided that Personal Health Information (“PHI”) would be used in reviewing the competence or qualifications of health care professionals for the purpose of certification and accreditation. 45 CFR part 164.501.
It is ABRET’s policy to fully comply with HIPAA. ABRET’s mission is to encourage, establish and maintain the highest standards, traditions and principles of Clinical Electroencephalography and Evoked Potential Technology. By adopting this HIPAA Policy ABRET is endeavoring to not only meet its legal responsibility, but also its moral responsibility to patients, society, and other health care professionals.
To best evaluate adherence to ABRET’s standards for certification and accreditation, ABRET requires candidates and/or laboratories to review, analyze, explain and thus disclose certain patient records. Consequently, ABRET requires that candidates and labs remove as much individually identifiable information as possible from the records and information used for accreditation and certification. However, ABRET recognizes that in some circumstances it is impossible to remove all PHI. To permissibly review PHI, HIPAA requires that a Business Associate Agreement is executed. Toward such end, ABRET will enter a Business Associate Agreement (or a Business Associate Agreement Addendum in cases where a hospital or institution uses its own Business Associate Agreement.)
As part of its technologist certification examination, ABRET reviews patient records and information only for two hours during the “Record Review” section of the examination. The PHI submitted in the lab accreditation process is reviewed by ABRET for approximately five weeks. During its review ABRET shall not disclose nor copy such records and information in any format and shall promptly return them.
The Executive Director will serve as ABRET’s HIPAA Compliance Officer. ABRET’s HIPAA compliance officer will be responsible for the development and implementation of policies and procedures relating to privacy of PHI. ABRET’s HIPAA compliance officer will conduct board training that is necessary and appropriate to permit board members and ABRET examiners to carry out their functions.
ABRET requires its examiners to sign a written Confidentiality Agreement in which they agree not to copy patient records or information in any manner while such information is in their possession. Further, ABRET examiners agree not to disclose patient information. Patient records and information are used only for the purpose of evaluation during the examination period. (This period is two hours for certification and six weeks for lab accreditation.) After review, ABRET shall promptly return all patient records submitted.