Practice Management System and Portal for Mental Health Professionals and their Clients
Facebook
Practice Management System and Portal for Mental Health Professionals and their Clients
Facebook

HIPAA Compliance & EHRs: Excellent Solutions to Thorny Problems

Home » HIPAA Compliance & EHRs: Excellent Solutions to Thorny Problems

HIPAA Compliance & EHRs: Excellent Solutions to Thorny Problems

I’ll let you in on a secret: Electronic Health Records (EHRs) can be a big help with HIPAA compliance. In fact, using stand-alone tools in your practice may make achieving HIPAA compliance difficult, if not impossible.

Here’s why:

By now, most mental health professionals are using at least one digital tool in their practice. Many have a video product for occasional or full-time telehealth sessions. To complement that, we have added digital tools for common tasks like accepting credit cards or sending digital statements. Some have acquired more advanced tools like apps for creating custom forms and collecting e-signatures. Others, aware of the importance of using encrypted email, texting and file storage, found stand-alone tools for each of those. In short, instead of an up-front investment in an integrated product, many of us amassed our tools one at a time as we saw the need. At this point, we might have a set of tools that includes some or all of these:

Stand-Alone Apps

This scenario is NOT HIPAA Compliant

Keep in mind that EACH of the above tools holds data that is part of the patients’ medical record, because they all store ePHI (electronic protected heath information). In other words, the medical record is not JUST the notes we keep on our patients. It’s also every email or text we exchange with or about them, billing statements and insurance claims, files we exchange or forms we ask them to sign – that’s all part of their medical record.

An integrated app like an EHR differs from the scenario above because it allows one secure application to store the patient’s complete medical record. That one app might offer all the same tools listed above, but it combines them into a single program, like this:

An Integrated Tool

How an integrated app helps with HIPAA Compliance

Previous posts have discussed some of the obvious advantages of the integrated approach (e.g., Integrated Products for Mental Health: Save Time, Money, Errors). However, an especially thorny, though not often discussed, issue with Stand-Alone apps is HIPAA compliance.

For example, consider these HIPAA standards which are all part of the Security Rule:

HIPAA Security Rule: Audit Controls45 CFR § 164.312

The Audit Controls technical safeguard standard is required, i.e., we all have to do it. There is no wiggle room. The Audit Controls standard means that we must have logging functions in place that allow us to monitor our system activity and usage. For those of us in private practice, “system activity and usage” refers to any app we use that comes in contact with PHI. We need to be able to show who accessed each of those software programs, what they did there and when they did it. Functions like this need to be automated from within the program to allow them to have a time/date stamp that is generated by the software itself.

If you are using standalone tools, such as any of the eight sample tools shown in the top image, you would have to find a way to produce a similar kind of log for each tool. Many – perhaps most – of those kinds of tools will not have a logging feature that meets the HIPAA standard. If you are using tools that do NOT provide you with audit tracking tools, you will not be in compliance with HIPAA. You might be able to find a product to log activity on your device itself, but such logs would only say that you accessed x software. It would not be able to provide information on what was done while you were inside the app.

How integrated tools help: Most EHRs have some kind of activity log report or feature that provides you with an Audit Control for the EHR. The screenshot below was taken from the Activity Log of the PSYBooks EHR and is for a fake client named Gobbledy Gook:

An activity log required for HIPAA Compliance

PSYBooks created this log automatically, behind the scenes, capturing all significant events this user did during this time frame. This tool makes meeting this HIPAA standard quite easy. Any time you need to prove what was done in the app and by whom, you just pull the log that PSYBooks has maintained for you. Every event has a time/date stamp so this is a record that should stand up in court, in addition to being acceptable to HIPAA. Most EHRs, but very few stand-alone tools, provide what you need to be in compliance with HIPAA’s Audit Controls standard.

HIPAA Security Rule: Integrity Controls45 CFR § 164.312(c)

Integrity Controls is another technical safeguard standard within HIPAA’s Security Rule. The objective of Integrity Controls is to protect ePHI from unauthorized modification, deletion, or corruption. Data in a medical record must be complete, unaltered, and accurate throughout its lifecycle. (“Lifecycle” refers to the amount of time we are required to keep a medical record – in most cases, 7 or more years.) This means that any healthcare apps you’re using would need to provide a way for you to prove that the integrity of the PHI stored by that tool is in tact. Many stand-alone tools do NOT provide you with a way to prove the integrity of the data, which, again, puts you in violation of HIPAA.

How integrated tools help: Most EHR systems offer a means to preserve all data within the record. You can archive, hide, or even “delete” items you no longer require. However, assuming the EHR is of high quality, it will always retain and make deleted data accessible for viewing. The screenshot below shows another portion of Gobbledy Gook’s PSYBooks Activity Log – this time, with an entry for a deleted note:

Clicking the link “Deleted note: Medical Record: 07/23/2023” opens a copy of the deleted note. The entire content of the original note is still in tact. EHRs with this feature, including PSYBooks, will take care of this HIPAA requirement behind the scenes with no extra work on your part:

Without an EHR, it would be up to you to make sure that each of the stand-alone apps you’re using meets this requirement. Again, most probably will not.

HIPAA Security Rule: Access Control 45 CFR § 164.312(a)(1)

HIPAA defines our “workforce” as anyone under our direct employ or supervision, even if we do not pay them. The Access Control technical safeguard standard can be handled most effectively with role-based controls. The aim is to tailor each individual’s access to only the portion of data they need to perform their job/role.

For example, a billing person usually has no need to see assessment results. A scheduler is unlikely to need to access to the billing person’s data. Even in cases where there’s only one employee for all roles, there should still be permissions. For example, an admin typically does not need access to the therapist’s notes.

This standard overlaps a bit with the Audit Controls standard in that assigning role-based permissions also allows you to see who accessed your system and when. It is never wise to allow a workforce member to use your username and password to access your apps. You need to be able to identify each person who accesses your ePHI.

How integrated tools help: Most EHRs have a way to assign role-based access to your workforce members. Additionally, within role types, you can specify the permissions you want each individual to have. Stand-alone tools often do not offer a way to assign roles or permissions so may make satisfying this requirement challenging.

Summary

The examples above are only a few of the HIPAA standards that are difficult or impossible to meet without an integrated product. The PSYBooks EHR & Portal is solidly based on HIPAA and has been since its inception. If you’re considering upgrading to integrated, we’d love to show you around with a free demo. If you’d rather snoop around on your own, sign up for a free trial. Use Promo Code HIPAA to expand your free trial to 60 days and also receive additional free, encrypted storage.

We’d love to have you!

By |2023-08-24T00:58:26-04:00August 24th, 2023|Current, Features, HIPAA/HITECH|Comments Off on HIPAA Compliance & EHRs: Excellent Solutions to Thorny Problems

Share This Story, Choose Your Platform!

FacebookTwitterRedditLinkedInWhatsAppTelegramTumblrPinterestVkXingEmail

About the Author:

Susan C. Litton, Ph.D. holds degrees in both psychology and IT. In addition to being the developer of the PSYBooks EHR & Portal, she's been a practicing clinical psychologist in Decatur, GA, since 1985.

Related Posts

Stay in touch!

Quick Links

General Terms of Service

Date of Last Revision: April 27, 2024

Welcome to our website (“Website”). These General Terms of Service (“Terms”) apply to visitors to this website, as well as registered users of any and all offerings provided by PSYBooks™. PSYBooks, LLC (“PSYBooks” or “we” or “our” or “us”) is a Georgia Limited Liability Company whose principal place of business is located at 2944 Blackwood Rd, Decatur, GA 30033.

PSYBooks is the owner and operator of this Website. PSYBooks, via our Website, provides an electronic health record (“EHR”) software-as-a-service (“Service”) offering specifically designed for mental health practices and may, in the future, offer other tools for those in the mental health professions.

  1. Introduction
    1. Your use of PSYBooks’ products, software, services, servers and Website (referred to collectively as our “Service” in this document) is subject to the terms and conditions of a binding and enforceable agreement (“Agreement”) between you and PSYBooks, as defined herein. By using our Service you acknowledge and agree that you have fully read and agree to be bound by the provisions of this Agreement.
    2. PLEASE READ THESE TERMS OF SERVICE CAREFULLY AS THEY CONTAIN IMPORTANT INFORMATION REGARDING A USER’S LEGAL RIGHTS, REMEDIES AND OBLIGATIONS. THESE INCLUDE VARIOUS LIMITATIONS AND EXCLUSIONS, AND A DISPUTE RESOLUTION CLAUSE THAT GOVERNS HOW DISPUTES WILL BE RESOLVED. IT ALSO CLEARLY SPECIFIES THE MANNER BY WHICH ACCEPTANCE OF THIS AGREEMENT OCURRS. THE LIMITATIONS AND EXCLUSIONS CONTAINED HEREIN FORM AN ESSENTIAL BASIS OF THE BARGAIN BETWEEN YOU AND PSYBOOKS.
  2. General Terms
    1. The terms and conditions provided herein (the “General Terms”) have two broad sections. The first section applies to all users of our Service, including the public at large (“Users”). The second section applies to that subset of Users who register on our Service as a practitioner (“Subscribers”). Subscribers will also be asked to accept a Subscriber Agreement at the time they actually register. For the purposes of these General Terms, a Subscriber is defined as mental health provider who has registered on our Service and paid the subscription fee. “You” means an individual member of the consuming public that is using our Website, whether or not they are a Subscriber.
    2. The General Terms contained herein are included by reference in subsequent agreements entered into between PSYBooks and a Subscriber (“Subscriber Agreement”), and constitute the minimum terms and conditions controlling use of our Service. The term Agreement, as used herein, refers to these General Terms and to any agreement entered into between a Subscriber and PSYBooks that includes these General Terms by reference.
    3. Our Service and Website include all pages on our Website’s domain (www.psybooks.com) and all pages on any related sub-domains, all of which are controlled by this Agreement.

General Terms for All Users

The following terms are for all Users of our Website, including the public at large and Subscribers.

  1. PSYBooks Grants a Limited License
    1. All content on our Service, except for User Generated Content (“UGC” ) and Protected Health Information (“PHI”) as defined herein, including designs, text, graphics, pictures, video, information, applications, software, music, sound and other files, and their selection and arrangement (the “Information”), are the property of PSYBooks or its licensors with all rights reserved.
    2. If you meet the requirements of Eligibility, and have properly gained access to our Service as provided for in this Agreement, then you are granted a limited license to use our Service and the Information, and to download and print a copy of any portion of the Information for non-commercial use, provided that you keep all copyright or other proprietary notices intact.
    3. As pertaining to all the Information, excluding UGC and a Subscriber’s protected health information (“PHI”), you may not make available, in any form and by any mechanism, said Information on any public or private website or incorporate the Information in any other database or compilation.
    4. Any use of the Information, other than as set forth herein, is strictly prohibited. This limited license allows you to use the Information only for lawful uses in accordance with the foregoing and does not allow you to sell the Information, use the Information for commercial use, or use any type of data mining, robots, or similar data gathering or extraction methods on our Service.
    5. Absent prior written consent from PSYBooks, you may not copy or imitate any elements of our Service, including but not limited to, graphics, digital images, logos, sounds, images, and buttons protected by trade dress and other laws. Absent prior written consent from PSYBooks, you may not use framing, metatags, or hidden text techniques in association with our logo, trademark or other copyrighted or proprietary information.
    6. Unless expressly stated in this Agreement, or in a subsequent agreement entered into by PSYBooks and a Subscriber, nothing herein shall be construed as conferring any license to intellectual property rights, in any form or by any mechanism.
    7. The PSYBooks limited license is revocable at any time without notice and with or without cause, except as provided for in our Subscriber Agreement.
  2. Transmissions
    1. As defined herein, transmissions (“Transmissions”) may take the form of submissions, questions, comments, suggestions, ideas, feedback, notes, messages, emails, postings, letters, or other written materials about, or concerning, our Service, provided by you to PSYBooks, excluding UGC and PHI. You acknowledge that Transmissions by you to and from our Service may be non-confidential, and that others may read and/or intercept such Transmissions.
    2. PSYBooks has the right, but not the obligation, at its sole discretion, to review any Transmissions submitted to our Service and to edit or delete any Transmissions that violate any part of this Agreement. You hereby consent to PSYBooks’ collection and use of such Transmissions in accordance with PSYBooks’ then current Privacy Policy and acknowledge that submitting Transmissions to our Service creates no financial or fiduciary relationship between you and PSYBooks.
    3. By using our Service, you thereby assign all right, title, and interest, including the copyright therein, in all Transmissions, to PSYBooks. Accordingly, PSYBooks shall own all intellectual property rights in the Transmissions and shall be entitled to unrestricted use of the Transmissions for any purpose, commercial or otherwise, without acknowledgment, compensation, or liability to you. By submitting such Transmissions to our Service, you irrevocably waive all “moral rights” in such Transmissions.
  3. Links
    1. Our Service may include hypertext links to other websites over which PSYBooks has no control. PSYBooks makes no representations of any kind regarding the content on such websites or the content on any website linked to such websites or to any changes or modifications made thereto.
    2. You hereby acknowledge that by using any such hypertext links, you irrevocably waive any and all claims against PSYBooks regarding such websites and must adhere to the usage and privacy policies governing such sites. PSYBooks’ usage of links does not imply our endorsement, or sponsorship, of any such websites.
  4. Intellectual Property Rights of Third Parties
    1. PSYBooks respects the intellectual property rights of others and requires Users of our Service to do likewise. PSYBooks prohibits Users from making available, in whatever form and by whatever mechanism, content on our Service that infringes upon any party’s intellectual property rights.
    2. PSYBooks has the right to terminate the Account of any infringing Subscriber and will take steps to do so immediately upon proper notification and in compliance with applicable law. You acknowledge and agree that a violation of the intellectual property rights of others on our Service triggers the Indemnification as provided for herein.
  5. Trademark
    1. All trademarks used on our Service are the property of their respective owners and may not be used without permission therefrom.
    2. Whether or not specifically designated as such, www.psybooks.com and all other colors, graphics, logos, sounds, images, icons and buttons displayed on our Service are, or may be, trademarks of PSYBooks or its affiliates.
    3. Absent prior written consent from PSYBooks, you may not copy, imitate, or use any portion of these marks.
  6. Copyright
    1. PSYBooks will strictly comply with the requirements of the Digital Millennium Copyright Act, Title 17, United States Code Section 512(c)(2) (“DMCA”). If you believe your copyright has been violated by any content on our Service then you may send a written notification of such infringement to our Designated Agent as set forth below.
    2. PSYBooks has designated an agent to the U.S. Copyright Office to receive notifications of alleged copyright infringement relating to our Service. You must submit all such notifications, in a manner consistent with the DMCA, to PSYBooks’ Designated Agent. Likewise, if you believe that your copyrighted content has been erroneously removed from our Service, you must send a counter notification to PSYBooks’ Designated Agent in a similar DMCA compliant manner.
    3. Send all DMCA compliant notifications to:

      DMCA Notification: PSYBooks, LLC

      Designated Agent: Susan Litton

      2944 Blackwood Rd

      Decatur, GA 30033

      Email: susan@psybooks.com

      Phone: 770-441-6361

  7. User Conduct Restrictions: Impermissible Use and Activities
    1. You agree not to use our Service to transmit data or code which: (1) is unlawful, threatening or abusive; (2) encourages criminal or other activity that would reasonably give rise to civil liability or otherwise violate any local, state, federal, or international law; (3) contains false or misleading information; (4) inhibits another User from use or enjoyment of our Service; (5) is defamatory, libelous or otherwise unlawful; (6) contains a virus or surreptitious code; (7) contains any type of commercial component or advertising; or (8) allows for the harvesting of email addresses or other contact information, or the harvesting of information of any kind.
    2. Furthermore, you agree not to use our Service to engage in the following kinds of activities: (1) transmit, upload, post, store, and share content of any kind, and by any other mechanism, that you are not the lawful owner or licensee of; (2) register for more than one Account or register an Account in the name of another; (3) impersonate a person or entity or make misrepresentations regarding affiliations of any kind; (4) engage in any kind of behavior that can reasonably be construed as SPAMMING; (5) engage in any behavior likely to cause harm to PSYBooks, our Service, its Users, or to the public at large; and (6) upload any UGC that is sexually explicitly or contains pornographic content, a determination that will be made at PSYBooks sole discretion.
  8. Data Collection
    1. Your Transmissions are subject to PSYBooks’ Privacy Policy. By using our Service you agree to review PSYBooks’ Privacy Policy and to be bound by its terms and conditions. From time to time PSYBooks may change its Privacy Policy without notice to you, other than that provided for in the Policy. Your continued use of our Service, after the posting of any changes to said Policy, shall constitute your agreement and acceptance of such changes.
    2. PSYBooks does not knowingly collect personally identifiable information (or information of any other kind) directly from anyone under the age of 18, with or without parental consent, for its own use. If you have a good faith belief that PSYBooks has inadvertently collected such information, please contact PSYBooks at support@psybooks.com. PSYBooks will take immediate steps to remove such information from our Service and from any databases under PSYBooks’ control.
  9. Governing Law
    1. The laws of the State of Georgia, United States of America, shall govern this Agreement, as well as PSYBooks’ Privacy Policy, notwithstanding any principles of conflicts of law.
    2. You agree that any action at law or in equity arising out of or relating to this Agreement, or PSYBooks’ Privacy Policy, other than those disputes or claims subject to Arbitration as enumerated below, shall be filed only in state or federal court located in the State of Georgia, in a venue sitting, or most proximate to, DeKalb County, and you hereby irrevocably and unconditionally consent and submit to the exclusive jurisdiction of such action.
  10. Arbitration
    1. Any claim or controversy arising among or between the parties hereto pertaining to our Service, or any claim or controversy arising out of, or with respect to, any matter contained in this Agreement, or any differences as to the interpretation or performance of this Agreement, other than those wherein either party has infringed or threatened to infringe the other party’s intellectual property rights, or wherein you have violated our User Conduct Restrictions, shall be settled by arbitration in the State of Georgia. Such arbitration shall be before three arbitrators of the American Arbitration Association (the “AAA”) under its then prevailing rules.
    2. Intellectual property rights, as defined herein, include patent, copyright, trademark or trade secrets. You and PSYBooks jointly acknowledge that arbitration is not an adequate remedy at law for actual or threatened infringement of either party’s intellectual property rights. Therefore, it is agreed that injunctive or other appropriate relief may be sought under these circumstances.
    3. In any arbitration involving this Agreement, the arbitrators shall not make any award that will alter, change, cancel or rescind any provision in this Agreement, and their award shall be consistent with the provisions of this Agreement. Any such arbitration must be commenced no later than one (1) year from the date such claim or controversy arose, or the claim is waived.
    4. The award of the arbitrators shall be final and binding and judgment may be entered thereon in any court of competent jurisdiction.
  11. Severability
    1. If any portion of this Agreement or of PSYBooks’ Privacy Policy is determined by a court of competent jurisdiction to be unlawful, void, or unenforceable, that portion will be deemed severable and will not affect the validity and enforceability of any remaining provisions hereof.
  12. Entire Agreement
    1. This Agreement contains all of the terms and condition agreed to by you and PSYBooks with respect your use of our Service. It supersedes all prior agreements, arrangements and communications between the parties dealing with same, whether oral or written.
  13. Definitions and Constructions
    1. Unless otherwise specified, the terms “includes,” “including,” “e.g.,”, “for example, and other similar terms are deemed to include the term “without limitation” immediately thereafter.

General Terms for Subscribers

The following Terms are for Subscribers to our Services. These Terms are in addition to the Terms in the Subscriber Agreement which must be accepted when you register.

  1. Acceptance and Modifications
    1. PSYBooks reserves the right to change or revise this Agreement at any time by posting a notification on our Website. PSYBooks, at its sole discretion, may provide a Subscriber notification via other mechanisms, but is not required to do so.
    2. You are required to affirmatively accept this Agreement when becoming a Subscriber by reading this Agreement and clicking “I Agree.” As a Subscriber, you are also required to affirmatively accept any future revisions to this Agreement in a similar manner. PSYBooks maintains a record of acceptance for each Subscriber, including the version of this Agreement accepted by you whenever you click “I Agree.”
    3. PSYBooks will notify you of revision dates to this Agreement by posting the “last revised date” preceding the first paragraph of this document. The revised Agreement will take effect immediately after it has been posted on our Website.
  2. Eligibility
    1. PSYBooks requires, and enforces, strict compliance with our eligibility (“Eligibility”) requirements, as defined herein. Our Service is not intended for individuals under the age of 18. It is intended solely for members of the consuming public that are of legal age and meet the definition of a qualified Subscriber. Registration on our Service is reserved for qualified Subscribers or their respective agents, and therefore, registration by any other person or entity is strictly prohibited, unauthorized, unlicensed, void, and in violation of this Agreement.
    2. By registering on our Service you assert and warrant that you are doing so for the purpose of using our Service as a qualified Subscriber. Registration for any other purpose violates this Agreement and is strictly prohibited. By registering on our Service you further assert and warrant that you are of legal age and possess the legal capacity to enter into this Agreement on behalf of the entity you represent.
  3. Account Registration
    1. As a Subscriber you are required to provide us accurate, current, reliable and otherwise valid data when completing the registration forms that establish your account (“Account”) on our Service and you agree that such data must be kept current and revised in a timely manner when events occur that may alter its validity.
    2. As a Subscriber you agree that you are solely responsible for the data and activities related to updating and maintaining your Account, notwithstanding the fact the PSYBooks may, for technical or other reasons, assist you in making changes to your Account at your direct request, and after proper authentication.
    3. Registration on our Service requires you to maintain security credentials that allow you access to your Account. These credentials include a user identifier and a corresponding password. You may also be required to establish additional credentials should PSYBooks deem them necessary to protect the integrity of our Service. You agree that you are responsible for maintaining the confidentiality of said credentials.
    4. You acknowledge and agree that PSYBooks is a Business Associate and that Subscriber is a Covered Entity as the terms are defined under 45 CFR §160.103 Definitions of the HIPAA regulations. You further agree that by registering to use our Service you will have to enter into a Business Associate Agreement (i.e. included as part of the Subscriber Agreement) with PSYBooks during the registration process.
  4. User Generated Content
    1. You retain all ownership rights to content of which you are a lawful owner or licensee (“User Generated Content” or “UGC”), including any protected health information as defined in CFR § 160.103 of the HIPAA regulations, and which you make available on our Service via whatever mechanism PSYBooks provides, excluding such items defined as Transmissions herein, and subject to any other rights granted to PSYBooks under this Agreement.
    2. By submitting UGC to our Service, you grant PSYBooks a nonexclusive, worldwide, transferable and fully paid license to copy, crop, reproduce, reformat, translate, publicly display, excerpt (in whole or in part) and distribute your UGC for any purpose, commercial or otherwise (“Limited UGC License”). In addition, the Limited UGC License you grant includes rights that allow PSYBooks to create derivative works, or incorporate your UGC into other works, as PSYBooks sees fit. The license granted PSYBooks herein does not permit PSYBooks to use the Covered Entity’s PHI in a manner that violates the HIPAA Privacy Rule or the Business Associate Agreement entered into between the parties.
    3. PSYBooks acknowledge and agrees that the Limited UGC License granted may only be used by PSYBooks within the context of its Service and consistent with the Business Associate Agreement entered into between the parties.
    4. The Limited UGC License expires when you remove your UGC from our Service. However, PSYBooks requires, and you acknowledge and agree, that PSYBooks may retain archived copies of said UGC in order to meet the requirements of applicable law and for other business reasons that PSYBooks may have to maintain such archives. You acknowledge and agree that this Limited UGC License does not terminate if you have shared your UGC with other Users and said Users have not deleted your UGC.
    5. You represent, warrant, and guarantee that you have the full right, ability, and authority to make available to our Service, by whatever mechanism PSYBooks provides, your UGC. You further represent, warrant, and guarantee that by making available any UGC on our Service, you are not violating any obligation owed by you to any third party, including without limitation, obligations of confidentiality, privacy, attribution or any intellectual property rights including, but not limited to, rights related to patent, trademark, copyright, or trade secrets.
  5. Indemnification
    1. You agree to defend, indemnify, and hold PSYBooks, its parents, subsidiaries, affiliates, officers, agents and employees, its suppliers and their respective affiliates and agents harmless from all claims, liabilities, damages, and expenses (including attorneys’ fees and expenses) arising out of or relating to your use of our Service, including but not limited to: (1) your submission to our Service of any Transmission; (2) your alleged breach of this Agreement; or (3) your infringement of any intellectual property or other right of any person or entity.
    2. PSYBooks acknowledges and agrees that the indemnification sought in 20.1 is limited to acts that are directly or indirectly under your control regarding your use of, or inability to use, our Service, and does not extend beyond that.
  6. Limitations of Liability
    1. IN NO EVENT SHALL PSYBOOKS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES RESULTING FROM YOUR USE OR INABILITY TO USE OUR SERVICE; OR FOR THE LOSS OF PROFITS OR DAMAGES THAT MAY RESULT FROM THEFT, DELAYS, OMISSIONS, INTERRUPTIONS, DELETION OF FILES, ERRORS, DEFECTS, VIRUSES, FAILURE OF PERFORMANCE, DESTRUCTION OR UNAUTHORIZED ACCESS TO OR ALTERATION OF YOUR TRANSMISSIONS, INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR LOSS OF USE, PROFITS, DATA OR OTHER INTANGIBLES WHETHER IN AN ACTION IN CONTRACT, TORT (INCLUDING BUT NOT LIMITED TO NEGLIGENCE); OR OTHERWISE, EVEN IF PSYBOOKS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    2. APPLICABLE LAW MAY NOT ALLOW THE LIMITATION OR EXCLUSION OF IMPLIED WARRANTIES OR EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES. IN SUCH CASES, THE ABOVE LIMITATION OF LIABILITY MAY NOT APPLY TO YOU. TO THAT EXTENT, PSYBOOKS’ TOTAL LIABILITY TO YOU FOR ALL LOSSES, DAMAGES, AND CAUSES OF ACTION SHALL NOT BE GREATER THAN THE TOTALITY OF PAYMENTS MADE BY YOU TO PSYBOOKS IN EXCHANGE FOR ALLOWING YOU TO USE OUR SERVICE DURING THE PAST THREE MONTHS PRIOR TO THE COMMENCEMENT OF ANY LEGAL ACTION OR PROCEEDING, OR $100.00 USD, WHICHEVER IS LESS.
  7. DISCLAIMER
    1. YOU ACKNOWLEDGE THAT OUR SERVICE AND THE INFORMATION THEREIN ARE PROVIDED ON AN “AS IS” BASIS AND THAT PSYBOOKS MAKES NO REPRESENTATIONS OR WARRANTIES, EITHER EXPRESS OR IMPLIED, REGARDING OUR SERVICE OR THE INFORMATION. PSYBOOKS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT.
    2. BY USING, OR ATTEMPTING TO USE, OUR SERVICE, YOU EXPRESSLY ACKNOWLEDGE THE FOLLOWING:
      1. THE INFORMATION COULD INCLUDE TECHNICAL INACCURACIES AND/OR TYPOGRAPHICAL ERRORS;
      2. PSYBOOKS DOES NOT REPRESENT OR WARRANT THE TIMELINESS, RELIABILITY, COMPLETENESS, OR ACCURACY OF THE INFORMATION; AND
      3. PSYBOOKS DOES NOT REPRESENT OR WARRANT THAT OUR SERVICE OR ANY RELATED SERVERS ON WHICH IT RESIDES ARE FREE OF ERRORS OR VIRUSES OR OTHER POTENTIALLY DAMAGING CONTENT.
    3. PSYBOOKS MAY PERIODICALLY MAKE CHANGES TO ANY SERVICE CONTENT, INFORMATION, FEATURES OR FUNCTIONS. PSYBOOKS RESERVES THE RIGHT TO IMPLEMENT SUCH CHANGES AT ANY TIME WITHOUT NOTICE TO YOU, OTHER THAN THAT WHICH IS SET FORTH IN THIS AGREEMENT.
    4. UNLESS SPECIFICALLY INDICATED IN WRITING TO THE CONTRARY, NO REFERENCE IN OUR SERVICE TO ANY PRODUCTS, PROCESSES, SERVICES OR OTHER INFORMATION BY TRADE NAME, TRADEMARK, MANUFACTURER, SUPPLIER, OR OTHERWISE, SHALL CONSTITUTE OR IMPLY PSYBOOKS’ ENDORSEMENT OR SPONSORSHIP THEREOF.
  8. Termination
    1. Either you or PSYBooks may terminate this Agreement. You may terminate this Agreement by destroying all materials obtained from our Service, except for UGC and, if you are a Subscriber, by providing a termination notice to PSYBooks at support@psybooks.com. PSYBooks may terminate this Agreement immediately, without notice for any reason, or no reason, other than as provided for in our Subscriber Agreement, and reserves the right to block or prevent your future access to our Service.
    2. Should you or PSYBooks decide to terminate this Agreement then PSYBooks will prevent access to your Account on our Service. PSYBooks agrees to make a good faith effort to resolve an outstanding dispute between PSYBooks and a Subscriber, if any exist, prior to termination. PSYBooks, at its sole discretion, may restore access to your Account if the dispute has been resolved to its satisfaction.
    3. You acknowledge and agree that termination of this Agreement by either party pertains solely to your use of our Service, and has no effect on other contractual obligations that may exist between the parties, which remain in full force and effect.

Privacy Policy

Date of Last Revision: April 27, 2024
  1. Introduction
    1. PSYBooks, LLC (collectively “PSYBooks” or “us” or “our” or “we”) is the owner and operator of www.psybooks.com and any related sub-domains (the “Service”). This privacy policy (“Privacy Policy” or “Policy”) applies to the Service in its entirety but does not apply to entities that PSYBooks does not own or control.
    2. PSYBooks is committed to the privacy and protection of information provided to us by our users. This includes any information provided to us through our Service, including any information submitted to us through various forms and through other mechanisms. By using our Service you are accepting the privacy practices contained in this Policy.
    3. The purpose of our Privacy Policy is to inform our users regarding the information that we collect, utilize, and share. If you have any questions about our Privacy Policy, or our privacy practices in general, please contact us using the contact information provided below:

    PSYBooks, LLC

    Privacy, c/o PSYBooks Privacy Officer

    2944 Blackwood Rd

    Decatur, GA 30033

    Email: susan@psybooks.com

    Phone: 770-441-6361

  2. Information Collected About You
    1. There are various types of information that PSYBooks collects about you when you register with, interact with, or otherwise use our Service. Some of this information is provided voluntarily by you and other information is provided through automated processes under PSYBooks’ control.
    2. Information Provided By You: In addition to personally identifiable information (“PII”) provided during the PSYBooks subscription process, you may also provide us PII during the following non-exhaustive list of representative classes of interactions on our Service:
      1. requesting customer support and sending PSYBooks similar communications;
      2. making payments to PSYBooks for various offerings;
      3. signing up for PSYBooks email alerts, newsletters, and similar special offers;
      4. responding to PSYBooks surveys and other special information requests; and
      5. communicating with PSYBooks regarding our compliance with applicable law.
    3. Information Provided By Automated Processes: PSYBooks may automatically collect non-PII pertaining to you when you use our Service including, but not limited to, when you use our Service via mobile and other access devices. PSYBooks may use cookies, web beacons, log files and similar methods to collect non-PII:
      1. A cookie is data stored in a small text file on your local access device that contains data about you. The information in the cookie is used to uniquely identify you and other users of our Service. The cookie may contain a token linked to our databases in order to provide you an enhanced feature set. It identifies a particular user at a particular point in time;
      2. A web beacon is used to enable communications with third parties. It is a small image in an HTML page with all dimensions set to one (1) pixel. Because of its insignificant size, it is not visible. It is used to pass certain non-PII anonymously to third-party sites, usually advertisers;
      3. A log file is a system created file that captures certain interactions between you and our Service.
    4. Non-PII Reservation of Rights: PSYBooks reserves the right to adopt alternative methods for collecting non-PII consistent with the provisions of this Policy and without providing further notification to you, other than what is contained herein.
  3. Implications Regarding Collected Information
    1. Consent Regarding Data Storage and Transfer: Your use of our Service implies your consent to have your PII and non-PII (“Data”) (i.e. any data provided by you to PSYBooks via our Service or through other mechanisms) stored, transferred and processed within the United States, or in any other country in which PSYBooks or its affiliates, subsidiaries or agents maintain facilities. By providing us with your Data and using our Service you consent to any such transfer of Data outside of your country of origin, at PSYBooks’ sole discretion.
    2. Control and Access to Data: PSYBooks respects both the need for you to control your Data and our users’ need for sharing it with us, especially regarding the protected health information (“PHI”) of patients. PSYBooks is diligent in ensuring that it has implemented appropriate administrative, technical, and physical safeguards to prevent the unauthorized or unlawful use of your Data, and to prevent any accidental loss, destruction, or damage to such information.
    3. Use of Data Collected: PSYBooks is the sole business owner of the Data (i.e. as represented by the aggregate content and arrangement of the information collected about you or your patients on our Service) and will not sell, rent or share the information collected in a manner that differs from what is disclosed in this Policy. PSYBooks collects this information in order to:
      1. accomplish the objectives of our Service;
      2. provide you with a high quality user experience on our Service;
      3. offer you a personalized feature set on our Service; and
      4. to improve our Service.
    4. Sharing of Data in General: PII or PHI provided by you will not be shared with third parties, without your permission, for any purpose other than those enumerated below. PSYBooks, in its sole discretion, reserves the right to share with third parties aggregated non-PII for the purpose of compiling information that is relevant to our business interests. PSYBooks, in its sole discretion, reserves the right to disclose any information that it obtains through our Service to appropriate governmental or regulatory authorities or governmental agencies, if required by law. PSYBooks, in its sole discretion, may share any information collected, stored and processed, if it has a good faith belief that to do so is reasonably necessary to:
      1. enforce our Terms of Use;
      2. detect, investigate and otherwise address fraud, security or technical breaches or related matters; or
      3. protect against imminent harm to the rights, property, or safety of PSYBooks, its users, or the public at large, as required or permitted by law.
    5. Sharing of Payment Data: PSYBooks may share transaction information with our third party payment processor (“Payment Processor”) when you pay for or renew your Subscription to our Service. The information shared with our Payment Processor is limited to the information required by our Payment Processor to complete the payment transaction. PSYBooks does not capture or store the financial information provided by you to our Payment Processor. PSYBooks only stores the results of said transactions as provided via notifications from our Payment Processor to us upon the completion of a payment transaction.
    6. Sharing of Data with Other Third Parties: In addition to disclosing information to our Payment Processor, PSYBooks may disclose your personal information or PHI to other third-party service providers (“Providers”) who perform services on our behalf. Examples of such Providers may include, but are not limited to, data storage and web hosting companies, as well as consultants we may engage for various reasons. PSYBooks requires Providers to use and protect your personal information consistent with the provisions of this Policy. PHI will only be shared with business partners with whom PSYBooks has a Business Associate Agreement, as required by applicable law.
  4. Security of Information
    1. Any information sent by you to PSYBooks through Internet email or through our Service may not be secure and is therefore done on a non-confidential basis and at your own risk. Once such information is received, PSYBooks takes appropriate security safeguards to prevent its unauthorized use, alteration, disclosure or destruction. These safeguards include periodic review of our internal processes, and benchmarking of same with industry best practices.
    2. Access to PII or PHI is restricted to PSYBooks employees, contractors, and agents on a need to know basis. Such individuals are generally bound by confidentiality agreements and may be subject to termination and criminal prosecution should they fail to comply as required by said agreements and/or with the contents of this Policy.
  5. Data integrity
    1. PSYBooks processes PII only for the purposes for which it was collected and in accordance with the provisions in this Policy. Reasonable steps are taken to ensure the quality of the PII that PSYBooks collects, processes, and stores. PSYBooks depends on its users to keep their PII current and accurate. PSYBooks conducts periodic reviews to ensure that only the PII required by our Service is captured and used consistent with the provisions of this Policy. The maintenance of data integrity is a joint collaborative effort between PSYBooks and our users.
    2. PSYBooks may delete Data, from time to time, upon the request of an individual user. PSYBooks requires that a user present proper credentials for authentication before honoring all such requests. Good faith attempts are made to work with individual users regarding Data related issues. PSYBooks reserves the right to refuse such requests when they prove unduly burdensome and/or are impractical. PSYBooks will not delete Data required to be kept by applicable law or Data otherwise required by PSYBooks for legitimate business reasons.
  6. Choices Regarding PII
    1. Should PSYBooks decide to use PII or PHI other than for the purpose originally collected, PSYBooks will do so only with your consent. You will be given the opportunity to opt out of any such use. Should PSYBooks become involved in a sale, acquisition, or any form of transfer of some or all of its assets, then PSYBooks will provide notice to you before your PII or PHI is subject to a new or different privacy policy.
    2. You always have the option of contacting PSYBooks should you have questions regarding your PII or PHI. Please contact PSYBooks using the contact information provided above.
  7. Protecting Children

    PSYBooks restricts the use of our Service to individuals of legal age and above. PSYBooks does not knowingly collect or solicit PII from anyone under the age of 18, with or without parental consent.

  8. Links

    Our Service may contain hyperlinks to third-party websites that may collect or solicit information. Our Privacy Policy does not cover information collected or solicited by these third-party websites. PSYBooks is not responsible for the privacy practices of such sites. PSYBooks users are encouraged to pay attention when they leave our Service and to read the respective privacy policies of each website that collects personally identifiable information. This Policy only applies to information provided by you to PSYBooks via our Service or through other mechanisms.

  9. Enforcement

    Because we are committed to protecting our users’ PII and PHI, PSYBooks conducts periodic reviews of our internal processes to ensure that we remain in compliance with this Policy. We will cooperate with the appropriate authorities to resolve any user complaints regarding the transfer of PII or PHI. PSYBooks will initially try to resolve the complaint with the individual user. Formal complaints should be sent to PSYBooks using the contact information provided above.

  10. Policy Changes

    In the future, we may make changes to our Privacy Policy to reflect changes in our privacy practices and/or changes to our Service. PSYBooks’ goal is to keep our users aware of what information we collect, use, and under what circumstances, if any, we disclose it. When changes are made to this Policy the “last updated date” will be modified accordingly. If changes are made to our Privacy Policy then PSYBooks will provide notification on our Website. In addition, further notification will be provided to users that have registered with our Service.

Business Agreement

Date of Last Revision: April 27, 2024
  1. Introduction
    1. PSYBooks, LLC (collectively “PSYBooks” or “us” or “our” or “we”) is the owner and operator of www.psybooks.com and any related sub-domains (the “Service”). This privacy policy (“Privacy Policy” or “Policy”) applies to the Service in its entirety but does not apply to entities that PSYBooks does not own or control.
    2. PSYBooks is committed to the privacy and protection of information provided to us by our users. This includes any information provided to us through our Service, including any information submitted to us through various forms and through other mechanisms. By using our Service you are accepting the privacy practices contained in this Policy.
    3. The purpose of our Privacy Policy is to inform our users regarding the information that we collect, utilize, and share. If you have any questions about our Privacy Policy, or our privacy practices in general, please contact us using the contact information provided below:

    PSYBooks, LLC

    Privacy, c/o PSYBooks Privacy Officer

    2944 Blackwood Rd

    Decatur, GA 30033

    Email: susan@psybooks.com

    Phone: 770-441-6361

  2. Information Collected About You
    1. There are various types of information that PSYBooks collects about you when you register with, interact with, or otherwise use our Service. Some of this information is provided voluntarily by you and other information is provided through automated processes under PSYBooks’ control.
    2. Information Provided By You: In addition to personally identifiable information (“PII”) provided during the PSYBooks subscription process, you may also provide us PII during the following non-exhaustive list of representative classes of interactions on our Service:
      1. requesting customer support and sending PSYBooks similar communications;
      2. making payments to PSYBooks for various offerings;
      3. signing up for PSYBooks email alerts, newsletters, and similar special offers;
      4. responding to PSYBooks surveys and other special information requests; and
      5. communicating with PSYBooks regarding our compliance with applicable law.
    3. Information Provided By Automated Processes: PSYBooks may automatically collect non-PII pertaining to you when you use our Service including, but not limited to, when you use our Service via mobile and other access devices. PSYBooks may use cookies, web beacons, log files and similar methods to collect non-PII:
      1. A cookie is data stored in a small text file on your local access device that contains data about you. The information in the cookie is used to uniquely identify you and other users of our Service. The cookie may contain a token linked to our databases in order to provide you an enhanced feature set. It identifies a particular user at a particular point in time;
      2. A web beacon is used to enable communications with third parties. It is a small image in an HTML page with all dimensions set to one (1) pixel. Because of its insignificant size, it is not visible. It is used to pass certain non-PII anonymously to third-party sites, usually advertisers;
      3. A log file is a system created file that captures certain interactions between you and our Service.
    4. Non-PII Reservation of Rights: PSYBooks reserves the right to adopt alternative methods for collecting non-PII consistent with the provisions of this Policy and without providing further notification to you, other than what is contained herein.
  3. Implications Regarding Collected Information
    1. Consent Regarding Data Storage and Transfer: Your use of our Service implies your consent to have your PII and non-PII (“Data”) (i.e. any data provided by you to PSYBooks via our Service or through other mechanisms) stored, transferred and processed within the United States, or in any other country in which PSYBooks or its affiliates, subsidiaries or agents maintain facilities. By providing us with your Data and using our Service you consent to any such transfer of Data outside of your country of origin, at PSYBooks’ sole discretion.
    2. Control and Access to Data: PSYBooks respects both the need for you to control your Data and our users’ need for sharing it with us, especially regarding the protected health information (“PHI”) of patients. PSYBooks is diligent in ensuring that it has implemented appropriate administrative, technical, and physical safeguards to prevent the unauthorized or unlawful use of your Data, and to prevent any accidental loss, destruction, or damage to such information.
    3. Use of Data Collected: PSYBooks is the sole business owner of the Data (i.e. as represented by the aggregate content and arrangement of the information collected about you or your patients on our Service) and will not sell, rent or share the information collected in a manner that differs from what is disclosed in this Policy. PSYBooks collects this information in order to:
      1. accomplish the objectives of our Service;
      2. provide you with a high quality user experience on our Service;
      3. offer you a personalized feature set on our Service; and
      4. to improve our Service.
    4. Sharing of Data in General: PII or PHI provided by you will not be shared with third parties, without your permission, for any purpose other than those enumerated below. PSYBooks, in its sole discretion, reserves the right to share with third parties aggregated non-PII for the purpose of compiling information that is relevant to our business interests. PSYBooks, in its sole discretion, reserves the right to disclose any information that it obtains through our Service to appropriate governmental or regulatory authorities or governmental agencies, if required by law. PSYBooks, in its sole discretion, may share any information collected, stored and processed, if it has a good faith belief that to do so is reasonably necessary to:
      1. enforce our Terms of Use;
      2. detect, investigate and otherwise address fraud, security or technical breaches or related matters; or
      3. protect against imminent harm to the rights, property, or safety of PSYBooks, its users, or the public at large, as required or permitted by law.
    5. Sharing of Payment Data: PSYBooks may share transaction information with our third party payment processor (“Payment Processor”) when you pay for or renew your Subscription to our Service. The information shared with our Payment Processor is limited to the information required by our Payment Processor to complete the payment transaction. PSYBooks does not capture or store the financial information provided by you to our Payment Processor. PSYBooks only stores the results of said transactions as provided via notifications from our Payment Processor to us upon the completion of a payment transaction.
    6. Sharing of Data with Other Third Parties: In addition to disclosing information to our Payment Processor, PSYBooks may disclose your personal information or PHI to other third-party service providers (“Providers”) who perform services on our behalf. Examples of such Providers may include, but are not limited to, data storage and web hosting companies, as well as consultants we may engage for various reasons. PSYBooks requires Providers to use and protect your personal information consistent with the provisions of this Policy. PHI will only be shared with business partners with whom PSYBooks has a Business Associate Agreement, as required by applicable law.
  4. Security of Information
    1. Any information sent by you to PSYBooks through Internet email or through our Service may not be secure and is therefore done on a non-confidential basis and at your own risk. Once such information is received, PSYBooks takes appropriate security safeguards to prevent its unauthorized use, alteration, disclosure or destruction. These safeguards include periodic review of our internal processes, and benchmarking of same with industry best practices.
    2. Access to PII or PHI is restricted to PSYBooks employees, contractors, and agents on a need to know basis. Such individuals are generally bound by confidentiality agreements and may be subject to termination and criminal prosecution should they fail to comply as required by said agreements and/or with the contents of this Policy.
  5. Data integrity
    1. PSYBooks processes PII only for the purposes for which it was collected and in accordance with the provisions in this Policy. Reasonable steps are taken to ensure the quality of the PII that PSYBooks collects, processes, and stores. PSYBooks depends on its users to keep their PII current and accurate. PSYBooks conducts periodic reviews to ensure that only the PII required by our Service is captured and used consistent with the provisions of this Policy. The maintenance of data integrity is a joint collaborative effort between PSYBooks and our users.
    2. PSYBooks may delete Data, from time to time, upon the request of an individual user. PSYBooks requires that a user present proper credentials for authentication before honoring all such requests. Good faith attempts are made to work with individual users regarding Data related issues. PSYBooks reserves the right to refuse such requests when they prove unduly burdensome and/or are impractical. PSYBooks will not delete Data required to be kept by applicable law or Data otherwise required by PSYBooks for legitimate business reasons.
  6. Choices Regarding PII
    1. Should PSYBooks decide to use PII or PHI other than for the purpose originally collected, PSYBooks will do so only with your consent. You will be given the opportunity to opt out of any such use. Should PSYBooks become involved in a sale, acquisition, or any form of transfer of some or all of its assets, then PSYBooks will provide notice to you before your PII or PHI is subject to a new or different privacy policy.
    2. You always have the option of contacting PSYBooks should you have questions regarding your PII or PHI. Please contact PSYBooks using the contact information provided above.
  7. Protecting Children

    PSYBooks restricts the use of our Service to individuals of legal age and above. PSYBooks does not knowingly collect or solicit PII from anyone under the age of 18, with or without parental consent.

  8. Links

    Our Service may contain hyperlinks to third-party websites that may collect or solicit information. Our Privacy Policy does not cover information collected or solicited by these third-party websites. PSYBooks is not responsible for the privacy practices of such sites. PSYBooks users are encouraged to pay attention when they leave our Service and to read the respective privacy policies of each website that collects personally identifiable information. This Policy only applies to information provided by you to PSYBooks via our Service or through other mechanisms.

  9. Enforcement

    Because we are committed to protecting our users’ PII and PHI, PSYBooks conducts periodic reviews of our internal processes to ensure that we remain in compliance with this Policy. We will cooperate with the appropriate authorities to resolve any user complaints regarding the transfer of PII or PHI. PSYBooks will initially try to resolve the complaint with the individual user. Formal complaints should be sent to PSYBooks using the contact information provided above.

  10. Policy Changes

    In the future, we may make changes to our Privacy Policy to reflect changes in our privacy practices and/or changes to our Service. PSYBooks’ goal is to keep our users aware of what information we collect, use, and under what circumstances, if any, we disclose it. When changes are made to this Policy the “last updated date” will be modified accordingly. If changes are made to our Privacy Policy then PSYBooks will provide notification on our Website. In addition, further notification will be provided to users that have registered with our Service.