Time2Track and HIPAA Compliance

This forum made possible through the generous support of SDN members, donors, and sponsors. Thank you.
B

Boston2k

Full Member
15+ Year Member
Joined
Feb 5, 2008
Messages
86
Reaction score
25
I was wondering if Time2Track is possibly not HIPAA compliant? While I would think it has to be, and training programs have either paid for it outright or encouraged its use, from a look at government documentation online (http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/index.html), it seems that it may not meet deidentification policy for date of service data (criteria pasted below from website):

(C) All elements of dates (except year) for dates directly related to the individual, including birth date, admission date, discharge date, date of death; and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older;
Click to expand...
It seems like Time2Track would be considered a "business associate" under HIPAA parlance, and I have no recollection of seeing anything on their site meeting the governmental standard (pasted from the aforementioned site):

Business Associate Contracts. A covered entity’s contract or other written arrangement with its business associate must contain the elements specified at 45 CFR 164.504(e). For example, the contract must: Describe the permitted and required uses of protected health information by the business associate; Provide that the business associate will not use or further disclose the protected health information other than as permitted or required by the contract or as required by law; and Require the business associate to use appropriate safeguards to prevent a use or disclosure of the protected health information other than as provided for by the contract. Where a covered entity knows of a material breach or violation by the business associate of the contract or agreement, the covered entity is required to take reasonable steps to cure the breach or end the violation, and if such steps are unsuccessful, to terminate the contract or arrangement. If termination of the contract or agreement is not feasible, a covered entity is required to report the problem to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR).
Click to expand...
While I recognize this is a fair bit paranoid, I did have some concern before using the service, and thought I would put this out there.
Members don't see this ad.
 
I agree. When I started tracking my clinical hours I was encouraged to use T2T. However, I was not comfortable with the confidentiality issue and didn't want to pay the money for something I could do with an excel spreadsheet. So, I used an excel spreadsheet all through school. It worked just fine when it came time to submit the APPI.
 
ditto, I've got a google excel sheet that i've been keeping since my pre-practicum days and just update it whenever wherever...
 
Would anyone mind sharing their spreadsheet with me? I am looking for a spreadsheet to use for tracking hours that matches the setup of the most current APPIC. So very much obliged!!
 
You must log in or register to reply here.
Next unread thread

Similar threads

just_a_cigar
Terminal Master's hours in Time2Track
Replies
1
Views
370
Zazulator
Z
T
Private Practice - Storing Documents in HIPAA Compliant Manner
Replies
5
Views
373
texanpsychdoc
T
Phanicus
Do I really need an EHR to be HIPAA compliant?
Replies
5
Views
2K
yana clever
yana clever
Piquica
Time2Track/APPIC Question for Inpatient Groups
Replies
2
Views
949
Piquica
Piquica
I
logging parent vs. child sessions in time2track
Replies
2
Views
1K
ExecutiveDysfunction
E
Top