On Demand Streaming Consultation Sessions
HIPAA and Teletherapy Support for Mental Health Professionals and Practicing Clinicians in a Private Practice. Rather see Group Practice Office Hours?
Do I need to be checking IDs?
Answering the Question: Can you tell me if it is necessary for me to check driver’s licenses to establish an identity for patients coming in to establish care at my solo practice? Does HIPAA or anyone else legally require this?
PCT+ OH 306 q7
Evan: Here’s a recent clip from office hours. Stay till the end for a special offer. PCT only uses clips, which don’t identify the asker or when we get their permission to share the clip.
Roy: Can you tell me if it is necessary for me to check driver’s licenses, to establish identity for patients coming in to establish care at my solo practice, the SEPA, or anyone else legally require this?
The se that’s that’s the question. Yes, exactly. I don’t think so. HIPAA does not. And I can guarantee you that. Um, it’s certainly, I haven’t seen that requirements, uh, anywhere in my state for my practice. Um, the only, the only time it ever comes up is you need to identify the person. Sorry, sorry. Latha. Step on your.
No, I was just
Liath: gonna say, um, so HIPAA may not be, or HIPAA does not require, it would have not seen a state licensing boards require it, but you may see insurance plans requiring it requiring photo identification.
Roy: Right. That’s a good point, actually. That is a, that is probably the place you’d want to look most diligently.
Yeah. They are probably the most likely to say that they want you to identify the person with a photo identity. Um, the general security, privacy principles you’ll find in HIPAA ethics codes. Number of state laws will say, you need to identify, confirm the person’s identity. The HIPAA doesn’t say that the HIPAA would say you need to authenticate the person.
You didn’t know that the person you’re talking to as a person, you think you’re talking. It doesn’t tell you how to do it. Doesn’t say you have to like, get their driver’s license, but if you can’t think of another way to do that, then you probably want to see it. Right. That’s what that is like. Um, so for example, if I was find that interesting, because like HIPAA, for example, is not usually, usually not, it doesn’t care if someone gives you a fake name.
So as long as from then on, you’re able to know that whenever you’re talking to. No. Mr. Fake name is the same person you talked to the first time, right? Because you’re handling their private info and you need to make you keep it private to them. Right? If they’re giving you an alias, technically under HIPAA, that doesn’t even really matter, right?
HIPAA doesn’t address that. If it doesn’t care, if like, you know, their social security number or you can identify them, uh, you know, uniquely among all the Americans in the, in the, among everybody in the world, um, they just want to make sure that. That if you’re, you know, if you have Phi relating to a person, you protect it, these are the them and their rights.
Right. Which is why it’s so authentic. There is relative. It’s about making sure it’s the same person. Not that it’s the person being identified by the name of the driver’s license. Um, there are other reasons to care about their actual legal name. Of course. Uh, one of those being that that’s the strongest way to make sure you’re authenticating them.
If they give you an alias, that’s more prone to authentication problems. Um, so like, uh, but insurance companies do care that it is the person because that’s how they’re authenticating them. So you need to be authenticating them the same way the insurance company does, right. In order to be on the same page.
So they may require that you check ID. Um, it’s also. There are also potential problems for a licensed clinician, um, to misidentify a person. Even if you consistently, even if you really, you know, reliability, you know, it’s typical reliability, that’s always consistent. There’s basically what we’re saying.
You just need to have a reliable authentication with the person, um, from a general privacy perspective, but in terms of outside entities who are supposedly work with the same person, You need to be reliable across you and all those entities at that point. It’s very difficult to do that without actually confirming the person’s legal identity.
Is that okay? Yeah, I think that that was a way to express it. I hope that’s not too technical. Um, but, uh, so, and they’re saying, um, they don’t have third-party reimbursement. That’s really good. Um, oh, and the, okay. No, I think it’s a different ask. You’re saying they have no relationship with the patient, not even in the state that the patient’s in.
Yeah. That, you know, um, that situation, it might mean, honestly, that’s technically no different from coming to your office when it comes to authenticating them. So I always find this kind of interesting because very few therapists ask for ID when someone comes to their house.
Liath: I think that might’ve been related to the previous question related to the misdirected facts.
Roy: Oh, gotcha. Oh, that’s not about this one. Okay. Got it. Well, that’s actually like a funny enough relevant to this question too. It’s like the, so what I’ve always found this to be, um, an interesting concept to follow as it propagates its way through all the different standards bodies in our world, um, that the idea of identifying the client properly has come up a lot as a tele-health concern.
And isn’t discussed a lot as an in-person therapy. Even though you still have to identify the person. And the way we identify people, normally as humans is usually with their face in their voice or watching their gait or their mannerisms. Right. That’s how we authenticate and identify people. Right. I’m doing that on video too.
It’s like, I don’t have to see them in person to do that. Um, so when people, so when that standard came up about, you need to identify or authentically that you’re talking to the right person, That came from a time when tele-health would frequently include textual communication where you can’t see or hear the person.
And so you need some way of making sure you’re talking to the right person and that’s been very early on, but that has propagated through all the standards because there is still a need to, to authenticate people. Um, and I think it sort of morphed over time so that it’s become, I think it’s, I think it’s become a little bit of a confused standard in some places.
Right. However, the insurance company does want to make sure they’re talking to the person. Uh, so like if there’s an insurance company, it makes sense. They may require you get the ID because they, you know, they want you to confirm to a high, high standard that you are actually working with the person who they have, who they insure.
Right. Um, I’ve not seen a state have that level of requirement. However, it doesn’t mean it’s not there because we it’s not there. I just haven’t seen it.
Liath: Another thing to consider in the context of a teletherapy is that, um, remote crisis management can be hindered. If in, in certain instances, if you don’t have the correct identification information for.
The client, right? Yeah. Um, so that’s, that’s one element to, to consider, but if you do have, for example, there, you know, correct address and emergency contact, uh, those potential issues of not having their authentic identity, um, are, are fairly well mitigated.
Roy: Yeah. Yeah, I agree. Great. Okay. Hopefully that was, I mean, it’s a, it’s not a pat answer, but hopefully that was that’s answers your question or give you the guidance you need.
Thanks for watching
Evan: use coupon code PCT, plus all one word to get one month free with a yearly subscription to office hours.
Get expert answers for your tech questions live and up-to-date.
Subscribe to Solo Practice Care to get access to Office Hours for answers to your questions at the next session: