Why you may have received a records request
Records requests happen when payers reach out to us requesting documentation related to a handful of randomly selected sessions. This does not mean you did anything wrong — this is a standard ask from insurance companies.
Authorization to release records under HIPAA
Release of records to Headway and to health plans does not require additional patient authorization because they are considered covered entities under HIPAA.
Additional patient authorization or notification is not required for covered entities, per the “Permitted Uses and Disclosures” section of HIPAA.
HIPAA permits covered entities to disclose PHI when it is used specifically for treatment, payment, and healthcare operations (TPO). Any progress notes shared with Headway or stored on the Headway platform are fully HIPAA compliant. We’ve built a secure infrastructure and platform, maintain SOC 2* and HIPAA compliance, and follow industry best practices regarding cloud infrastructure and encryption.
Headway team members receive specialized training on HIPAA, the importance of PHI safety, and the “minimum necessary” rule. Headway also proactively maintains an audit log of all access to client records. A dedicated, specialized team at Headway will review your charts on occasion, but only for the purposes of processing insurance, ensuring compliance, and performing other payment and healthcare operations functions.
Safety measures to protect PHI
We’re trusted with individuals’ most sensitive information, and take protection very seriously. We’ve built a secure infrastructure and platform, maintain SOC 2 and HIPAA compliance, and follow industry best practices regarding cloud infrastructure and encryption.
Headway limits requests, use, and disclosure of protected health information to what is minimally necessary to accomplish the intended purpose of the appropriate request, use or disclosure.
Have additional questions?
For any other questions, please reach out using our contact form.
Glossary of terms and definitions
|Covered entities include any person or business that provides, bills, or receives payment for medical care, including healthcare providers, clearinghouses that process or change the format of medical information, as well as health plans and health insurance issuers.