HIPAA for Massage Therapists

Health Insurance Portability and Accountability Act (HIPAA) was created in 1996 to help protect the privacy of patients especially when health care professionals are using electronic billing, fax and email to send information back and forth.  It is still unclear and confusing as to whether or not every Massage Therapist needs to be HIPAA compliant or not.

To find out if you need to be HIPAA compliant you can go to the US Dept of Health website  it says:

A Covered Entity is one of the following:  A Health Care Provider…..but only if they transmit any information in an electronic form in connection with a transaction for HHS has adopted a standard.

and look at the PDF but here is what it basically says:

Does the person, business or agency transmit (send) any covered transactions electronically?  If NO, then it says the person is not a covered entity.

So the question then is – what is a covered transaction?  They explain it clear as mud in the PDF.

In the book, Introduction to Massage Therapy By Mary Beth Braun, she says this about a covered transaction:

Covered transactions include using any electronic means to transmit a persons health insurance information such as claims, enrollment, eligibility, explanation of benefits (EOB), premiums, claims status, referral certification, or authorization, and coordination of plan benefits.  If your business performs any transactions electronically (computer, electronic media storage,  email, internet, personal data assistants etc), then your business is considered to be a covered entity.

Cherie Sohnen-Moe in this Massage and Bodywork Magazine article also says that even if you don’t send things electronically that you need to be HIPAA compliant.

When you maintain client records, gather information from a client, engage in oral communication or transmit records (whether electronic or not), you are considered a covered entity.

If you work for other doctors/healthcare providers that are HIPAA compliant, you also have to be compliant.

To be HIPAA compliant you will need to create a manual for your office that gives the details about what you will be doing under various circumstances with clients information.  You will need to have clients sign your HIPAA policy and let them know of any changes in the way you will use their information or secure their information.

So what do you need to do to become HIPAA compliant?

  • You need someone in your office to be in charge of this (YOU!) and create a manual.  If you hire people to work for you, they need to be aware of the rules.
  • Create privacy policies on how you will keep personal health information private.
  • Install locks on your computer and file cabinets
  • Create a privacy notice for email/text communications
  • Give each client a Notice of Privacy Policies form to sign.
  • Don’t let clients see your appointment books with the names of people
  • Get and National Provider Number (NPI) (Directions from Vivian Madison Mahoney on Massage Today) so that you can bill electronically
  • If you collect people’s email address on your intake form, tell them how you will be using it.
  • If you plan on selling your business you will need to ensure privacy is maintained with the new owner.


Articles online:

An Update on HIPAA Living the Law By Cherie Sohnen-Moe Originally published in Massage & Bodywork magazine, December/January 2004.

Everything You Ever Wanted to Know About HIPAA An Interview With HIPAA Authority Howard Ross By Editorial Staff Massage Today

HIPAA recommendations by Susan Salvo on Massageprofessionals.com

HIPAA Forms – www.sohnen-moe.com

US Dept of Health – are you a covered entity?

1 thought on “HIPAA for Massage Therapists

  1. I have a home office with an establishment license and Massage Therapy license since 16 years.
    Recently I took in a roomate ( Eric) who was made aware of the fact that I work from home and that he was not to be in my home while I worked with my clients. The other day he decided to come home early and sat in the living room while I was still working. When my client and I came down that stairs and he saw the roomate, he was very uncomfortable as we discussed the treatment plan and it would have been very easy for Eric to listen in. I have told Eric that he is violating my HIPPA Law and that I could get in trouble if he ever does this again. Mind you, at move in date I explained to him that I work from 9-5 and sometimes even longer. He usually leaves the house at 7 am, Wed-Sun and leaves on Mon and Tues when I tell him I have a client coming in. Recently he has come home earlier and interrupted my treatment with his presence and I have lost now several clients and money. When I texted him ( to have paper trail) that I was working till 6 pm just a day ago, he texted back saying he studied the HIPPA law and it was solely to protect the clients information and that he spoke to a lawyer and that HIPPA lawsays nothing about having other people in the house. I told him that he was misinformed and that I was doing this since 16 years and that I am in violation of HIPPA Law if he shows up while I told him I was still working, not to mention, making my clients very uncomfortable. My ad to find a roomate also stated that I need to have the roomate to not be home while I worked from home. I have a lease and the lease is up on 04.01.19. ( Thank God)
    He has also smoked weed in my backyard and I specifically prohibited that as it is illegal in Florida. In our lease it also states NO SMOKING. Is there anyone that has the specific write up or clause that prohibits others to be at the home while I give a in house treatment pertaining HIPPA Law? I also contacted the Florida Health Investigation Service who does their yearly check ups and called the Department of Health in Florida and it was confirmed that he was not allowed to be there while I was working with a client.
    I m looking online to find that specific write up. Someone please send it to me if you have it. I want him ( Eric) out of my house.

Leave a Comment