Audit records requests

Updated

Why you may have received a records request

Records requests happen when payers reach out to us requesting documentation related to a handful of randomly selected sessions. This does not mean you did anything wrong — this is a standard ask from insurance companies.

Learn more about chart reviews and audits on Headway.

 

Authorization to release records under HIPAA

Release of records to Headway and to health plans does not require additional patient authorization because they are considered covered entities under HIPAA.

Additional patient authorization or notification is not required for covered entities, per the “Permitted Uses and Disclosures” section of HIPAA.

HIPAA permits covered entities to disclose PHI when it is used specifically for treatment, payment, and healthcare operations (TPO). Any progress notes shared with Headway or stored on the Headway platform are fully HIPAA compliant. We’ve built a secure infrastructure and platform, maintain SOC 2* and HIPAA compliance, and follow industry best practices regarding cloud infrastructure and encryption. 

Headway team members receive specialized training on HIPAA, the importance of PHI safety, and the “minimum necessary” rule. Headway also proactively maintains an audit log of all access to client records. A dedicated, specialized team at Headway will review your charts on occasion, but only for the purposes of processing insurance, ensuring compliance, and performing other payment and healthcare operations functions. 

 

Safety measures to protect PHI

We’re trusted with individuals’ most sensitive information, and take protection very seriously. We’ve built a secure infrastructure and platform, maintain SOC 2 and HIPAA compliance, and follow industry best practices regarding cloud infrastructure and encryption.

Headway limits requests, use, and disclosure of protected health information to what is minimally necessary to accomplish the intended purpose of the appropriate request, use or disclosure.

 

Have additional questions? 

For any other questions, please reach out using our contact form

 

Glossary of terms and definitions

 

Term Definition

Covered entity

Covered entities include any person or business that provides, bills, or receives payment for medical care, including healthcare providers, clearinghouses that process or change the format of medical information, as well as health plans and health insurance issuers.

Articles in this section