What is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules are intended to enforce standards of ethics and confidentiality. NARM recommends that all CPMs address HIPAA compliance and determine their status as a “covered entity” under HIPAA. More information on whether you are “covered entity” required to comply with HIPAA can be found on the HHS.gov Website:
HIPAA Compliance for CPMs
NARM requires that ALL CPMs, even those not designated as “covered entities”, address the following standards for disclosure of personal health information (PHI) in their professional documents of informed disclosure/informed consent.
CPMs must have permission from their clients to allow students to access medical records for the purpose of education or verification of documentation for their NARM application.
CPMs must disclose to their clients that they participate in regular peer review, which can sometimes necessitate confidential disclosure of health information for the purpose of reviewing the midwife’s professional conduct.
The adoption of HIPAA in the US has rapidly altered the standards and best practices for health professionals in maintaining privacy and confidentiality of client health information. While many of the requirements of providers under HIPAA relate to institutional guidelines that may or may not be relevant to many CPMs, it is the responsibility of every CPM to maintain HIPAA compliance in their practice. NARM’s role as a certifying agency means that under HIPAA NARM is classified as a “Business Associate” for every CPM and must therefore follow the guidelines under HIPAA for maintaining privacy and security of all protected health information (PHI) shared with NARM in relation to the process of validating certification.
NARM makes every effort to respect the confidentiality of all applicants and certificants. NARM is required to verify, when asked, whether someone is or is not a CPM. No further information is released unless the midwife has given permission to share contact information to those who inquire. NARM does not provide a list of certificants to the public, however NARM must abide by any and all laws regarding the release of information.
The following articles specifically related to HIPAA for midwives may be useful to CPMs in better understanding HIPAA compliance issues:
HIPAA for Midwifery 101: Part 1 – The Basics
HIPAA for Midwifery 101: Part 2 – Disclosures, Communication and Storage
HIPAA for Midwifery 101: Part 3 – The Security Rule- Keeping Electronic Information Safe
The following sample HIPAA-related standard disclosures may be useful: