What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that protects the privacy and security of individuals' health information and governs how that information can be used or shared by healthcare providers, including homecare agencies and their staff.

Prohibited Activities Under HIPAA

• Discussing client conditions with unauthorized people
   
• Leaving client forms or devices unsecured
   
• Using personal phones or emails to transmit client details
   
• Sharing photos, names, or stories related to clients on social media—even without identifiers
   

Security and Confidentiality Expectations

 

• Use secure systems to store or send Protected Health Information(e.g., encrypted emails, secure portals)
   
•  Keep paper records locked up when not in use
   
• Use passwords and logouts on devices accessing care information
   
• Do not discuss client information in public or shared spaces

Confidential and Compliant Serive Recordkeeping 
All homecare service documentation, including visit records and care notes, must comply with PA CHC HCBS EVV Policy

*Examples of Homecare Service Documentation: 

• EVV records (electronic visit verification entries for start/end times and tasks completed)
• Daily care notes or progress logs
• Medication reminders or non-skilled service checklists
• Behavioral observations or incident reports (when applicable)
• Paper backup timesheets (only if EVV is unavailable and agency-approved)
• Any client communication logs or service confirmations

Homecare Service Documentation Guidelines

1. Use EVV at the Point of Care:

• All visit entries (start time and end time, tasks completed) must be logged in the agency-designated EVV system (HomePlus Care's designated EVV system is HHAexchange).

• EVV must be used in real time using secure mobile devices or telephony.


2. Handling Paper Records (If Temporarily Used):

• Only use paper forms when EVV systems are temporarily unavailable (e.g., technical failure).

• Complete forms neatly and immediately during the visit.

• Forms must be returned to the agency within 24 hours, or per agency policy.


3. Prohibited Practices:

ⅹ Do not leave care notes or timesheets in the client's home.
ⅹ Do not store or transport documents loosely or in open view (e.g., car seats, purses).
ⅹ Do not take pictures or save copies of documentation on personal devices.

Training and Compliance

Homecare agency staff must:
 

• Complete HIPAA training regularly (annually or per agency policy)
   
• Understand state-specific confidentiality policies under PA CHC LTSS guidelines
   
• Report any potential breaches immediately to the agency's HIPAA officer or supervisor
   

*HIPAA is about protecting the privacy and dignity of clients by safeguarding their personal health information—especially important in homecare, where services are delivered in the client’s own home and trust is at the heart of every interaction.

• Only access or share Protected Health Information when it is necessary and permitted
   
• Always prioritize confidentiality, security, and client dignity
   
• Know that violations can lead to serious consequences—for you and your agency