Remember what it's like to walk into a therapist's REAL waiting room? The virtual space in PSYBooks Connect where your clients wait is like that. Connect is the new, low-cost, HIPAA Compliant video option that's integrated into the PSYBooks EHR. The animated waiting rooms* not only allow you and your client(s) to test and adjust both audio and video, but also provide a relaxing atmosphere to gather your thoughts before the session.
EHRs can be a big help with HIPAA compliance. In fact, relying on stand-alone tools may make achieving HIPAA compliance difficult, if not impossible. The PSYBooks EHR & Portal is solidly based on HIPAA and has been since its inception.
The current "must have" feature on many therapists' wish list is customizable forms. If you're not familiar with the concept of a customizable form, it's an app, or a section of a larger app, that allows the therapist to create online forms to replace the paper forms they normally use in their practice: their intake forms, informed consents, HIPAA agreements, Good Faith Estimates, Depression Inventories - whatever they typically use. Once the digitized forms are created, they can be securely sent to their patients, who fill them out, esign them (if requested), and send them back to the therapist.
Behavioral health therapists have both legal and ethical guidelines pertaining to email. Some programs do an adequate job of one, but not the other. Even worse, some do neither and yet still claim to be HIPAA compliant. While that's probably a truthful statement, the part they're not telling you is that their programs aren't 100% end-to-end encrypted. In other words, they're not safe ALL the time. If you use those programs, your email and texts can be hacked.
Email could arguably be one of THE most misunderstood aspects of HIPAA. Part of the confusion stems from the fact that there is no ONE place in HIPAA that says "Do email like this." However, email is referenced - directly or indirectly - in a variety of places throughout the vast HIPAA documentation. What causes some of the misunderstanding is that people will find a guideline that pertains to email from ONE place in HIPAA and assume if they do that one thing, they're good. Unfortunately, that conclusion is not unlike what you get when several people with visual impairments are put in front of an elephant and asked to describe it. We may get a beautiful description of an elephant's trunk but to assume that's ALL an elephant is would be incorrect.
Were you surprised when you first heard about the "No Surprises Act"? We were. I'd like to be able to tell you that we had been actively tracking and planning for this legislation since it was first issued on October 7, 2021. Unfortunately, that's not the case. However, we got lucky because we were already working on a new tool called Custom Forms which, when it launches (est. Feb 2022), will work beautifully in helping you comply with this bill in ways that are easy, HIPAA compliant, and give you a significant amount of automatic documentation and tracking.
As a therapist, you can amass your digital tools one at a time or you can invest in a well-integrated bundled product. For example, let's say right now you're mostly looking for a video platform so you can do telehealth. There are companies that ONLY offer subscriptions to video platforms. But is that the best choice?
For example, what happens if, after you sign up for your standalone video product, you realize that you also need a way to collect your fees from your telehealth clients. And maybe you need encrypted email so you can contact people in a way that's secure. Or maybe now you need HIPAA-compliant file storage, as your clients begin to send you documents via their new encrypted email. Or perhaps a way to schedule clients online. Or maybe a way to efile and also to send statements and receipts digitally. That's a LOT of tools and we're just getting started!
Most of us have documents like a will, power of attorney and other estate planning instruments either already in place or at least on our “I’ll get to that eventually” list. Far fewer have given much thought to how we would want our clients to be taken care of in the case of our demise or anything else that would cause a sudden interruption in our ability to provide services.
Some people like to point out that encrypted email isn’t all it’s cracked up to be. “After all,” they warn, “as soon as someone has access to your username and password, it no longer matters whether your email is encrypted or not.” Well . . . yes. That’s an accurate statement. However, to use that line of reasoning would be like telling us not to bother locking our homes or cars. After all, as soon as someone gets access to your keys, those locks become useless.
PSYBooks’ email not only meets but actually surpasses the HIPAA specifications for encrypted email. HIPAA’s rules for email encryption are broad, giving developers the maximum amount of freedom. This is as it should be. Those who are responsible for writing and maintaining HIPAA/HITECH laws cannot also be expected to keep up with rapid changes in the world of technology the way developers do. Therefore, although HIPAA wisely states that email containing client PHI (Protected Health Information) should be encrypted, it doesn’t specify exactly how that should be done.