Frontline Initiative Documentation

Protecting Privacy DSPs and the HIPAA Standards


Alison Campbell is a member of the publications team in the Office of Communications, Academic Health Center, University of Minnesota.

Health care professionals, Direct Support Professionals (DSPs) included, have always had a duty to protect the privacy of the people they support. A new federal law, the Health Insurance Portability and Accountability Act, known as HIPAA, adds to that duty a legal obligation. HIPAA sets new federal privacy standards and defines what kind of health information is protected.

Protected health information is any health information that can be linked to an individual. Protected health information includes a person’s written health record, whether on computer or on paper; billing information from health care and human service providers; and spoken information about that person’s condition. 

Protected health information is protected from unauthorized use. In general, those who have access to an individual’s protected health or billing information may disclose only the minimum information necessary for the intended purpose. An improper disclosure of protected health information may result in criminal or civil legal actions.

A Few Facts

  • HIPAA gives patients and people supported by DSPs more control over their health information. In hospital settings, for instance, patients, parents, or guardians must be asked if they object to the release of their protected health information before they can be listed in the public directory.
  • HIPAA does not prevent healthcare providers — doctors, nurses, and so on—from discussing patients’ cases; it only restricts them from discussing cases where others might overhear the conversation.
  • HIPAA generally gives patients and the people supported by DSPs the right to examine and obtain a copy of their own health records, case notes, and other data collected by providers and to request corrections.
  • A typical health plan or healthcare and human service provider is required to tell patients and people being supported by DSPs about their privacy rights under HIPAA — and how their health program or billing information can be used.
  • Health care and human service providers need to keep safe the protected health program and billing information of patients and people being supported by DSPs. Health, program plans, and treatment records should not be easily seen or easily accessed via computer by those who have no need to see them.

This is just a brief introduction. HIPAA, its privacy rules, and other aspects of the law are complicated.