General Info & Requirements

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) enacts sweeping changes in how the healthcare professions handle the administrative details of their practices, and contains a broad and stringent framework, for the privacy and confidentiality of personally identifiable health information. This Federal statute was enacted as Public Law 104-191. Further information regarding this act can be found at the Department of Health and Human Services (HHS) website.

The Administrative Simplification provisions of HIPAA (Title II of the Act) require HHS to establish national standards for electronic health care transactions, and national identifiers for providers, health plans, and employers. Covered entities must comply with the technical standards and data sets adopted by HHS. HIPAA also addresses the security and privacy of health data, and establishes stringent procedures, which covered persons and entities must follow, in obtaining and disclosing personally identifiable health information.

Licensing boards do not administer the provisions of HIPAA. Therefore, the Board cannot licensees with guidance, regarding HIPAA compliance. Licensees with HIPAA questions should seek answers through the following resources:

• HHS's website provides a great deal of information, including frequently asked questions.
• Another good source of information is the HIPAA website maintained by the HHS Centers for Medicare and Medicaid Services.
• HHS's Office of Civil Rights (OCR) implements the HIPAA privacy regulations. Guidance about the privacy requirements may be found on OCR's website at www.hhs.gov/ocr/hipaa.

• Under law, “telehealth” is the mode of delivering health care via information and communication technologies, including, but not limited to, telephone and/or internet
• Licensees may deliver health care, under their scope of practice, via telehealth, under certain conditions
• Licensees are responsible for understanding all applicable laws, to deliver health care via telehealth
• Failure to comply with any provisions regarding telehealth may be subject to disciplinary action by the Board

Detailed explanations regarding telehealth requirements, for licensees and registrants, are contained in the following statutes and regulations:

• California Code of Regulation Title 16 §1815.5: Standards of Practice for Telehealth
• Business and Professions Code §2290.5

This section applies to clients who are physically located in California.

• Individuals providing psychotherapy or counseling, either in person, via telephone, or via internet, must be licensed in California.

This section applies to clients who are physically located out-of-state.

• California licensees or registrants who wish to engage in telehealth with a client located in another jurisdiction need to check with that jurisdiction to determine its laws related to telehealth, and if licensure in that jurisdiction is required.  Several states currently consider a client located in their state to be under their jurisdiction.  Therefore, a practitioner needs to comply with that jurisdiction’s laws in order to avoid any potential violations of those laws.

Prior to the delivery of health care via telehealth, the provider initiating the use of telehealth shall:

• Inform the patient about the use of telehealth; AND
• Obtain, and document, verbal or written consent from the patient for this use

• All laws regarding the confidentiality of health care information and a patient's right to their medical information shall apply to telehealth interactions.

Additional information regarding telehealth is contained in the following statutes and regulations:

• California Code of Regulation Title 16 §1815.5: Standards of Practice for Telehealth
• Business and Professions Code §2290.5