HIPAA — the Health Insurance Portability and Accountability Act — is the federal framework that sets the floor for how patient health information is collected, used, stored, and disclosed in the United States. CareHub Therapy is a covered entity under HIPAA because we directly furnish behavioral health services, and every person who touches a CareHub case — clinicians, coordinators, ops, engineering — is part of the same workforce under that rule.
The day‑to‑day practice that HIPAA expects of you is narrower than the law itself, and it comes down to four habits:
- Treat patient information as the patient's, not yours. You see it because the work requires you to see it. The moment you're outside the scope of the work, the access ends.
- Use the minimum information necessary for the task in front of you. If a job can be done with less, do it with less.
- Move information through CareHub's sanctioned paths — the platform, the audit‑logged distribution rails, the documented integrations. Don't email a chart note. Don't paste PHI into a chat. Don't screenshot the dashboard.
- Report anything that looks like a breach within hours, not days. Better to escalate something that turns out to be fine than to sit on something that isn't.
The rest of these modules unpack each of those habits in working detail.