susanlitton

About Susan Litton

Susan C. Litton, Ph.D. holds degrees in both psychology and IT. In addition to being the developer of the PSYBooks EHR & Portal, she's been a practicing clinical psychologist in Decatur, GA, since 1985.

De-identified Data in Healthcare

The issue with de-identified data in healthcare lies in the fact that some Electronic Health Record (EHR) companies have crafted Business Associate Agreements (BAAs) that could potentially harm healthcare providers and their patients. While it is not entirely clear whether these companies are strictly adhering to the letter of the law, they certainly do not uphold the spirit of it. The original intention of a BAA, as outlined in the HITECH Act and further refined by the Omnibus Rule, is to serve as the company's commitment to understanding HIPAA privacy and security requirements. In cases where breaches are caused by the software, the company should take responsibility. However, when data is de-identified, companies gain significant latitude in its use. They are not obliged to seek permission or inform subscribers about how or when their patients' data is utilized, nor are they held accountable for software failures that result in data breaches.

Fun New HIPAA Compliant Video: PSYBooks Connect

Remember what it's like to walk into a therapist's REAL waiting room? The virtual space in PSYBooks Connect where your clients wait is like that. Connect is the new, low-cost, HIPAA Compliant video option that's integrated into the PSYBooks EHR. The animated waiting rooms* not only allow you and your client(s) to test and adjust both audio and video, but also provide a relaxing atmosphere to gather your thoughts before the session.

The Importance of End-to-End Encryption and Integrated Products

HIPAA is a frightening thing to many behavioral health providers. Although it is something to take seriously, it need not be frightening . Nor do you need to pay big bucks to a company to set things up for you. A very simple thing that will help you become compliant is to get an EHR that is both integrated and features end-to-end encryption. This post explains why.

Customizable Mental Health Forms for Group and Private Practices

The current "must have" feature on many therapists' wish list is customizable forms. If you're not familiar with the concept of a customizable form, it's an app, or a section of a larger app, that allows the therapist to create online forms to replace the paper forms they normally use in their practice: their intake forms, informed consents, HIPAA agreements, Good Faith Estimates, Depression Inventories - whatever they typically use. Once the digitized forms are created, they can be securely sent to their patients, who fill them out, esign them (if requested), and send them back to the therapist.

What Every Therapist Should Know about Email and Texting

Behavioral health therapists have both legal and ethical guidelines pertaining to email. Some programs do an adequate job of one, but not the other. Even worse, some do neither and yet still claim to be HIPAA compliant. While that's probably a truthful statement, the part they're not telling you is that their programs aren't 100% end-to-end encrypted. In other words, they're not safe ALL the time. If you use those programs, your email and texts can be hacked.

The Convoluted Maze of HIPAA-Compliant Email and How to Navigate It

Email could arguably be one of THE most misunderstood aspects of HIPAA. Part of the confusion stems from the fact that there is no ONE place in HIPAA that says "Do email like this." However, email is referenced - directly or indirectly - in a variety of places throughout the vast HIPAA documentation. What causes some of the misunderstanding is that people will find a guideline that pertains to email from ONE place in HIPAA and assume if they do that one thing, they're good. Unfortunately, that conclusion is not unlike what you get when several people with visual impairments are put in front of an elephant and asked to describe it. We may get a beautiful description of an elephant's trunk but to assume that's ALL an elephant is would be incorrect.

Good Faith Estimates and the “No Surprises Act”

Were you surprised when you first heard about the "No Surprises Act"? We were. I'd like to be able to tell you that we had been actively tracking and planning for this legislation since it was first issued on October 7, 2021. Unfortunately, that's not the case. However, we got lucky because we were already working on a new tool called Custom Forms which, when it launches (est. Feb 2022), will work beautifully in helping you comply with this bill in ways that are easy, HIPAA compliant, and give you a significant amount of automatic documentation and tracking.

Am I Required to Comply with HIPAA? ALL of It???

Not too long ago, I conducted a workshop on telehealth. During the Q & A period at the end, a woman said that she had been told she was exempt from HIPAA and wanted to check with me to see if that was true. I was caught off guard. I used to get that question a lot, but I hadn’t heard it for a while, so it took me a moment to gather my wits. Finally I said, “Do you only use landlines when talking with your patients?” She replied that she did. I continued, “And are they always only on landlines as well?” She assured me that they were. “And you’re not doing any video sessions, only in person?” That was true, too. My last question was, “And I assume you don’t take insurance at all, that you’re only private pay?” She was. I replied, “Ok, then yes, I guess you’re fine. No need to worry about HIPAA.”

She left relieved. I left unsure of my answer.