Practice Management System and Portal for Mental Health Professionals and their Clients
Facebook
Practice Management System and Portal for Mental Health Professionals and their Clients
Facebook

The Convoluted Maze of HIPAA-Compliant Email and How to Navigate It

Home » The Convoluted Maze of HIPAA-Compliant Email and How to Navigate It

The Convoluted Maze of HIPAA-Compliant Email and How to Navigate It

Email could arguably be one of THE most misunderstood aspects of HIPAA. Part of the confusion stems from the fact that there is no ONE place in HIPAA that says “Do email like this.” However, email is referenced – directly or indirectly – in a variety of places throughout the vast HIPAA documentation. What causes some of the misunderstanding is that people will find a guideline that pertains to email from ONE place in HIPAA and assume if they do that one thing, they’re good. Unfortunately, that conclusion is not unlike what you get when several people with visual impairments are put in front of an elephant and asked to describe it. We may get a beautiful description of an elephant’s trunk but to assume that’s ALL an elephant is would be incorrect.

A great illustration of this point is the following: There’s a section in the HIPAA Privacy Policy that discusses our obligation to use unencrypted email should a patient request it. If you’re only looking at that section of HIPAA, it would be easy to say, “Great! I’ll just include a line in my Informed Consent asking people if they want to opt-out of encrypted email and then I’ll be all set!” Well . . . no. Both the HIPAA Security Policy and the HITECH Act make it clear that our first and foremost responsibility around Protected Health Information – which includes most email – is to safeguard it with encryption. That reference in the Privacy Policy is meant to be an exception. For example, a patient might let us know that they’re having difficulty using our encrypted email system and ask us to use their Gmail account instead. At that point, our job is to send a release for them to sign that also educates them about the problems with unencrypted email – how it’s sometimes trolled to collect information that might be sold to other businesses, etc. However, assuming they sign the release, then yes. HIPAA DOES require us to make reasonable accommodations and send unencrypted email to the account the patient requested. Again, though, that’s the exception. It should not be a question you routinely ask patients on your intake documentation, but rather, an accommodation you make for those individuals who request it.

An error in the opposite direction would be to require ALL patients to use your encrypted email. Although that’s certainly the safest approach to email, it doesn’t adequately account for patients that might have difficulty accessing your system for some reason.

Another complication is that although the authors of HIPAA implied that our communications with patients should be encrypted, they did not specify the type of encryption. This is generally considered a wise move, in that the legislators who wrote HIPAA weren’t tech-savvy; they couldn’t have been expected to know which types of encryption might be best. Also, technology changes so often that even among tech-savvy folks, today’s “best encryption” may not be tomorrow’s ideal. For both of those reasons, the authors of HIPAA left that up to us. “Us” in this case includes both developers of healthcare software and the healthcare providers using those products.

Unfortunately, the lack of specificity about the type of encryption required can lead to misleading consequences. For example, some commercial products can accurately claim that they are in compliance with HIPAA despite the fact that their products are only encrypted part of the time and/or in certain, specific situations. Most healthcare professionals are unlikely to dig deeply enough to uncover the truth, which is, that if they use those products and their email DOES get breached in some way, it’s the healthcare professional who will be held responsible for that breach. They can get fined and have other sanctions imposed. The software company in this case, will NOT be fined because they provided an encrypted product – and usually, if you dig deeply enough in their documentation, you’ll find disclosures where they’ve explained the circumstances under which their products are NOT encrypted. Whether you agree with those kinds of business practices or find them appalling, that’s the way the laws around this are at this point.

The final concern about email is that, since it’s considered part of the patient’s medical record, we’re required to keep it for however many years our state and professional organizations require. This includes all patient emails to you as well as your responses back to them. Systems that don’t provide threaded email, i.e., that only keep records of what a patient sent you or you sent them aren’t sufficient.

So what do we do? The good news is that, although HIPAA email compliance is challenging to understand, it is NOT difficult to implement. In general, if BOTH parties must use a unique password and log in to their email system to send and/or read their email, that system is probably safe. Email products that don’t require that are more suspect. Personally, I tend to favor healthcare Portals over systems that are primarily only offering email for these reasons:

  • With Portals – assuming that product is integrated with an EHR/EMR – all emails will be kept with everything else in that patient’s medical record. The entire chart is in one place – not scattered among several programs and/or filing cabinets.
  • Portals make us look more professional. These days, people are getting used to their medical professionals having Portals and are beginning to expect the same from their mental health professionals.

If you’re looking for a good encrypted email product, the free email that is provided with each PSYBooks EHR/Portal subscription checks all the boxes. Both parties must log in, emails are threaded – keeping both your patients’ emails to you and your response to them in one place, and you can keep them for as long as required. You won’t find any disclaimers about the type of encryption we use with our email because it’s designed with 100% end-to-end encryption both “in motion” (as emails are sent and received) and “at rest” (when emails are just sitting in your inbox, a patient folder, etc.)

If you’d like to try it for yourself, you can sign up for a 30-day free trial and/or schedule a free demo with our support staff. We’re very proud of our email and would love to share it with you.

By |2022-05-16T16:18:42-04:00March 27th, 2022|Current, Features, HIPAA/HITECH|Comments Off on The Convoluted Maze of HIPAA-Compliant Email and How to Navigate It

Share This Story, Choose Your Platform!

FacebookTwitterRedditLinkedInWhatsAppTelegramTumblrPinterestVkXingEmail

About the Author:

Susan C. Litton, Ph.D. holds degrees in both psychology and IT. In addition to being the developer of the PSYBooks EHR & Portal, she's been a practicing clinical psychologist in Decatur, GA, since 1985.

Related Posts

Stay in touch!

Quick Links

General Terms of Service

Date of Last Revision: April 19, 2024

Welcome to our website (“Website”). These General Terms of Service (“Terms”) apply to visitors to this website, as well as registered users of any and all offerings provided by PSYBooks™. PSYBooks, LLC (“PSYBooks” or “we” or “our” or “us”) is a Georgia Limited Liability Company whose principal place of business is located at 2944 Blackwood Rd, Decatur, GA 30033.

PSYBooks is the owner and operator of this Website. PSYBooks, via our Website, provides an electronic health record (“EHR”) software-as-a-service (“Service”) offering specifically designed for mental health practices and may, in the future, offer other tools for those in the mental health professions.

  1. Introduction
    1. Your use of PSYBooks’ products, software, services, servers and Website (referred to collectively as our “Service” in this document) is subject to the terms and conditions of a binding and enforceable agreement (“Agreement”) between you and PSYBooks, as defined herein. By using our Service you acknowledge and agree that you have fully read and agree to be bound by the provisions of this Agreement.
    2. PLEASE READ THESE TERMS OF SERVICE CAREFULLY AS THEY CONTAIN IMPORTANT INFORMATION REGARDING A USER’S LEGAL RIGHTS, REMEDIES AND OBLIGATIONS. THESE INCLUDE VARIOUS LIMITATIONS AND EXCLUSIONS, AND A DISPUTE RESOLUTION CLAUSE THAT GOVERNS HOW DISPUTES WILL BE RESOLVED. IT ALSO CLEARLY SPECIFIES THE MANNER BY WHICH ACCEPTANCE OF THIS AGREEMENT OCURRS. THE LIMITATIONS AND EXCLUSIONS CONTAINED HEREIN FORM AN ESSENTIAL BASIS OF THE BARGAIN BETWEEN YOU AND PSYBOOKS.
  2. General Terms
    1. The terms and conditions provided herein (the “General Terms”) have two broad sections. The first section applies to all users of our Service, including the public at large (“Users”). The second section applies to that subset of Users who register on our Service as a practitioner (“Subscribers”). Subscribers will also be asked to accept a Subscriber Agreement at the time they actually register. For the purposes of these General Terms, a Subscriber is defined as mental health provider who has registered on our Service and paid the subscription fee. “You” means an individual member of the consuming public that is using our Website, whether or not they are a Subscriber.
    2. The General Terms contained herein are included by reference in subsequent agreements entered into between PSYBooks and a Subscriber (“Subscriber Agreement”), and constitute the minimum terms and conditions controlling use of our Service. The term Agreement, as used herein, refers to these General Terms and to any agreement entered into between a Subscriber and PSYBooks that includes these General Terms by reference.
    3. Our Service and Website include all pages on our Website’s domain (www.psybooks.com) and all pages on any related sub-domains, all of which are controlled by this Agreement.

General Terms for All Users

The following terms are for all Users of our Website, including the public at large and Subscribers.

  1. PSYBooks Grants a Limited License
    1. All content on our Service, except for User Generated Content (“UGC” ) and Protected Health Information (“PHI”) as defined herein, including designs, text, graphics, pictures, video, information, applications, software, music, sound and other files, and their selection and arrangement (the “Information”), are the property of PSYBooks or its licensors with all rights reserved.
    2. If you meet the requirements of Eligibility, and have properly gained access to our Service as provided for in this Agreement, then you are granted a limited license to use our Service and the Information, and to download and print a copy of any portion of the Information for non-commercial use, provided that you keep all copyright or other proprietary notices intact.
    3. As pertaining to all the Information, excluding UGC and a Subscriber’s protected health information (“PHI”), you may not make available, in any form and by any mechanism, said Information on any public or private website or incorporate the Information in any other database or compilation.
    4. Any use of the Information, other than as set forth herein, is strictly prohibited. This limited license allows you to use the Information only for lawful uses in accordance with the foregoing and does not allow you to sell the Information, use the Information for commercial use, or use any type of data mining, robots, or similar data gathering or extraction methods on our Service.
    5. Absent prior written consent from PSYBooks, you may not copy or imitate any elements of our Service, including but not limited to, graphics, digital images, logos, sounds, images, and buttons protected by trade dress and other laws. Absent prior written consent from PSYBooks, you may not use framing, metatags, or hidden text techniques in association with our logo, trademark or other copyrighted or proprietary information.
    6. Unless expressly stated in this Agreement, or in a subsequent agreement entered into by PSYBooks and a Subscriber, nothing herein shall be construed as conferring any license to intellectual property rights, in any form or by any mechanism.
    7. The PSYBooks limited license is revocable at any time without notice and with or without cause, except as provided for in our Subscriber Agreement.
  2. Transmissions
    1. As defined herein, transmissions (“Transmissions”) may take the form of submissions, questions, comments, suggestions, ideas, feedback, notes, messages, emails, postings, letters, or other written materials about, or concerning, our Service, provided by you to PSYBooks, excluding UGC and PHI. You acknowledge that Transmissions by you to and from our Service may be non-confidential, and that others may read and/or intercept such Transmissions.
    2. PSYBooks has the right, but not the obligation, at its sole discretion, to review any Transmissions submitted to our Service and to edit or delete any Transmissions that violate any part of this Agreement. You hereby consent to PSYBooks’ collection and use of such Transmissions in accordance with PSYBooks’ then current Privacy Policy and acknowledge that submitting Transmissions to our Service creates no financial or fiduciary relationship between you and PSYBooks.
    3. By using our Service, you thereby assign all right, title, and interest, including the copyright therein, in all Transmissions, to PSYBooks. Accordingly, PSYBooks shall own all intellectual property rights in the Transmissions and shall be entitled to unrestricted use of the Transmissions for any purpose, commercial or otherwise, without acknowledgment, compensation, or liability to you. By submitting such Transmissions to our Service, you irrevocably waive all “moral rights” in such Transmissions.
  3. Links
    1. Our Service may include hypertext links to other websites over which PSYBooks has no control. PSYBooks makes no representations of any kind regarding the content on such websites or the content on any website linked to such websites or to any changes or modifications made thereto.
    2. You hereby acknowledge that by using any such hypertext links, you irrevocably waive any and all claims against PSYBooks regarding such websites and must adhere to the usage and privacy policies governing such sites. PSYBooks’ usage of links does not imply our endorsement, or sponsorship, of any such websites.
  4. Intellectual Property Rights of Third Parties
    1. PSYBooks respects the intellectual property rights of others and requires Users of our Service to do likewise. PSYBooks prohibits Users from making available, in whatever form and by whatever mechanism, content on our Service that infringes upon any party’s intellectual property rights.
    2. PSYBooks has the right to terminate the Account of any infringing Subscriber and will take steps to do so immediately upon proper notification and in compliance with applicable law. You acknowledge and agree that a violation of the intellectual property rights of others on our Service triggers the Indemnification as provided for herein.
  5. Trademark
    1. All trademarks used on our Service are the property of their respective owners and may not be used without permission therefrom.
    2. Whether or not specifically designated as such, www.psybooks.com and all other colors, graphics, logos, sounds, images, icons and buttons displayed on our Service are, or may be, trademarks of PSYBooks or its affiliates.
    3. Absent prior written consent from PSYBooks, you may not copy, imitate, or use any portion of these marks.
  6. Copyright
    1. PSYBooks will strictly comply with the requirements of the Digital Millennium Copyright Act, Title 17, United States Code Section 512(c)(2) (“DMCA”). If you believe your copyright has been violated by any content on our Service then you may send a written notification of such infringement to our Designated Agent as set forth below.
    2. PSYBooks has designated an agent to the U.S. Copyright Office to receive notifications of alleged copyright infringement relating to our Service. You must submit all such notifications, in a manner consistent with the DMCA, to PSYBooks’ Designated Agent. Likewise, if you believe that your copyrighted content has been erroneously removed from our Service, you must send a counter notification to PSYBooks’ Designated Agent in a similar DMCA compliant manner.
    3. Send all DMCA compliant notifications to:

      DMCA Notification: PSYBooks, LLC

      Designated Agent: Susan Litton

      2944 Blackwood Rd

      Decatur, GA 30033

      Email: susan@psybooks.com

      Phone: 770-441-6361

  7. User Conduct Restrictions: Impermissible Use and Activities
    1. You agree not to use our Service to transmit data or code which: (1) is unlawful, threatening or abusive; (2) encourages criminal or other activity that would reasonably give rise to civil liability or otherwise violate any local, state, federal, or international law; (3) contains false or misleading information; (4) inhibits another User from use or enjoyment of our Service; (5) is defamatory, libelous or otherwise unlawful; (6) contains a virus or surreptitious code; (7) contains any type of commercial component or advertising; or (8) allows for the harvesting of email addresses or other contact information, or the harvesting of information of any kind.
    2. Furthermore, you agree not to use our Service to engage in the following kinds of activities: (1) transmit, upload, post, store, and share content of any kind, and by any other mechanism, that you are not the lawful owner or licensee of; (2) register for more than one Account or register an Account in the name of another; (3) impersonate a person or entity or make misrepresentations regarding affiliations of any kind; (4) engage in any kind of behavior that can reasonably be construed as SPAMMING; (5) engage in any behavior likely to cause harm to PSYBooks, our Service, its Users, or to the public at large; and (6) upload any UGC that is sexually explicitly or contains pornographic content, a determination that will be made at PSYBooks sole discretion.
  8. Data Collection
    1. Your Transmissions are subject to PSYBooks’ Privacy Policy. By using our Service you agree to review PSYBooks’ Privacy Policy and to be bound by its terms and conditions. From time to time PSYBooks may change its Privacy Policy without notice to you, other than that provided for in the Policy. Your continued use of our Service, after the posting of any changes to said Policy, shall constitute your agreement and acceptance of such changes.
    2. PSYBooks does not knowingly collect personally identifiable information (or information of any other kind) directly from anyone under the age of 18, with or without parental consent, for its own use. If you have a good faith belief that PSYBooks has inadvertently collected such information, please contact PSYBooks at support@psybooks.com. PSYBooks will take immediate steps to remove such information from our Service and from any databases under PSYBooks’ control.
  9. Governing Law
    1. The laws of the State of Georgia, United States of America, shall govern this Agreement, as well as PSYBooks’ Privacy Policy, notwithstanding any principles of conflicts of law.
    2. You agree that any action at law or in equity arising out of or relating to this Agreement, or PSYBooks’ Privacy Policy, other than those disputes or claims subject to Arbitration as enumerated below, shall be filed only in state or federal court located in the State of Georgia, in a venue sitting, or most proximate to, DeKalb County, and you hereby irrevocably and unconditionally consent and submit to the exclusive jurisdiction of such action.
  10. Arbitration
    1. Any claim or controversy arising among or between the parties hereto pertaining to our Service, or any claim or controversy arising out of, or with respect to, any matter contained in this Agreement, or any differences as to the interpretation or performance of this Agreement, other than those wherein either party has infringed or threatened to infringe the other party’s intellectual property rights, or wherein you have violated our User Conduct Restrictions, shall be settled by arbitration in the State of Georgia. Such arbitration shall be before three arbitrators of the American Arbitration Association (the “AAA”) under its then prevailing rules.
    2. Intellectual property rights, as defined herein, include patent, copyright, trademark or trade secrets. You and PSYBooks jointly acknowledge that arbitration is not an adequate remedy at law for actual or threatened infringement of either party’s intellectual property rights. Therefore, it is agreed that injunctive or other appropriate relief may be sought under these circumstances.
    3. In any arbitration involving this Agreement, the arbitrators shall not make any award that will alter, change, cancel or rescind any provision in this Agreement, and their award shall be consistent with the provisions of this Agreement. Any such arbitration must be commenced no later than one (1) year from the date such claim or controversy arose, or the claim is waived.
    4. The award of the arbitrators shall be final and binding and judgment may be entered thereon in any court of competent jurisdiction.
  11. Severability
    1. If any portion of this Agreement or of PSYBooks’ Privacy Policy is determined by a court of competent jurisdiction to be unlawful, void, or unenforceable, that portion will be deemed severable and will not affect the validity and enforceability of any remaining provisions hereof.
  12. Entire Agreement
    1. This Agreement contains all of the terms and condition agreed to by you and PSYBooks with respect your use of our Service. It supersedes all prior agreements, arrangements and communications between the parties dealing with same, whether oral or written.
  13. Definitions and Constructions
    1. Unless otherwise specified, the terms “includes,” “including,” “e.g.,”, “for example, and other similar terms are deemed to include the term “without limitation” immediately thereafter.

General Terms for Subscribers

The following Terms are for Subscribers to our Services. These Terms are in addition to the Terms in the Subscriber Agreement which must be accepted when you register.

  1. Acceptance and Modifications
    1. PSYBooks reserves the right to change or revise this Agreement at any time by posting a notification on our Website. PSYBooks, at its sole discretion, may provide a Subscriber notification via other mechanisms, but is not required to do so.
    2. You are required to affirmatively accept this Agreement when becoming a Subscriber by reading this Agreement and clicking “I Agree.” As a Subscriber, you are also required to affirmatively accept any future revisions to this Agreement in a similar manner. PSYBooks maintains a record of acceptance for each Subscriber, including the version of this Agreement accepted by you whenever you click “I Agree.”
    3. PSYBooks will notify you of revision dates to this Agreement by posting the “last revised date” preceding the first paragraph of this document. The revised Agreement will take effect immediately after it has been posted on our Website.
  2. Eligibility
    1. PSYBooks requires, and enforces, strict compliance with our eligibility (“Eligibility”) requirements, as defined herein. Our Service is not intended for individuals under the age of 18. It is intended solely for members of the consuming public that are of legal age and meet the definition of a qualified Subscriber. Registration on our Service is reserved for qualified Subscribers or their respective agents, and therefore, registration by any other person or entity is strictly prohibited, unauthorized, unlicensed, void, and in violation of this Agreement.
    2. By registering on our Service you assert and warrant that you are doing so for the purpose of using our Service as a qualified Subscriber. Registration for any other purpose violates this Agreement and is strictly prohibited. By registering on our Service you further assert and warrant that you are of legal age and possess the legal capacity to enter into this Agreement on behalf of the entity you represent.
  3. Account Registration
    1. As a Subscriber you are required to provide us accurate, current, reliable and otherwise valid data when completing the registration forms that establish your account (“Account”) on our Service and you agree that such data must be kept current and revised in a timely manner when events occur that may alter its validity.
    2. As a Subscriber you agree that you are solely responsible for the data and activities related to updating and maintaining your Account, notwithstanding the fact the PSYBooks may, for technical or other reasons, assist you in making changes to your Account at your direct request, and after proper authentication.
    3. Registration on our Service requires you to maintain security credentials that allow you access to your Account. These credentials include a user identifier and a corresponding password. You may also be required to establish additional credentials should PSYBooks deem them necessary to protect the integrity of our Service. You agree that you are responsible for maintaining the confidentiality of said credentials.
    4. You acknowledge and agree that PSYBooks is a Business Associate and that Subscriber is a Covered Entity as the terms are defined under 45 CFR §160.103 Definitions of the HIPAA regulations. You further agree that by registering to use our Service you will have to enter into a Business Associate Agreement (i.e. included as part of the Subscriber Agreement) with PSYBooks during the registration process.
  4. User Generated Content
    1. You retain all ownership rights to content of which you are a lawful owner or licensee (“User Generated Content” or “UGC”), including any protected health information as defined in CFR § 160.103 of the HIPAA regulations, and which you make available on our Service via whatever mechanism PSYBooks provides, excluding such items defined as Transmissions herein, and subject to any other rights granted to PSYBooks under this Agreement.
    2. By submitting UGC to our Service, you grant PSYBooks a nonexclusive, worldwide, transferable and fully paid license to copy, crop, reproduce, reformat, translate, publicly display, excerpt (in whole or in part) and distribute your UGC for any purpose, commercial or otherwise (“Limited UGC License”). In addition, the Limited UGC License you grant includes rights that allow PSYBooks to create derivative works, or incorporate your UGC into other works, as PSYBooks sees fit. The license granted PSYBooks herein does not permit PSYBooks to use the Covered Entity’s PHI in a manner that violates the HIPAA Privacy Rule or the Business Associate Agreement entered into between the parties.
    3. PSYBooks acknowledge and agrees that the Limited UGC License granted may only be used by PSYBooks within the context of its Service and consistent with the Business Associate Agreement entered into between the parties.
    4. The Limited UGC License expires when you remove your UGC from our Service. However, PSYBooks requires, and you acknowledge and agree, that PSYBooks may retain archived copies of said UGC in order to meet the requirements of applicable law and for other business reasons that PSYBooks may have to maintain such archives. You acknowledge and agree that this Limited UGC License does not terminate if you have shared your UGC with other Users and said Users have not deleted your UGC.
    5. You represent, warrant, and guarantee that you have the full right, ability, and authority to make available to our Service, by whatever mechanism PSYBooks provides, your UGC. You further represent, warrant, and guarantee that by making available any UGC on our Service, you are not violating any obligation owed by you to any third party, including without limitation, obligations of confidentiality, privacy, attribution or any intellectual property rights including, but not limited to, rights related to patent, trademark, copyright, or trade secrets.
  5. Indemnification
    1. You agree to defend, indemnify, and hold PSYBooks, its parents, subsidiaries, affiliates, officers, agents and employees, its suppliers and their respective affiliates and agents harmless from all claims, liabilities, damages, and expenses (including attorneys’ fees and expenses) arising out of or relating to your use of our Service, including but not limited to: (1) your submission to our Service of any Transmission; (2) your alleged breach of this Agreement; or (3) your infringement of any intellectual property or other right of any person or entity.
    2. PSYBooks acknowledges and agrees that the indemnification sought in 20.1 is limited to acts that are directly or indirectly under your control regarding your use of, or inability to use, our Service, and does not extend beyond that.
  6. Limitations of Liability
    1. IN NO EVENT SHALL PSYBOOKS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES RESULTING FROM YOUR USE OR INABILITY TO USE OUR SERVICE; OR FOR THE LOSS OF PROFITS OR DAMAGES THAT MAY RESULT FROM THEFT, DELAYS, OMISSIONS, INTERRUPTIONS, DELETION OF FILES, ERRORS, DEFECTS, VIRUSES, FAILURE OF PERFORMANCE, DESTRUCTION OR UNAUTHORIZED ACCESS TO OR ALTERATION OF YOUR TRANSMISSIONS, INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR LOSS OF USE, PROFITS, DATA OR OTHER INTANGIBLES WHETHER IN AN ACTION IN CONTRACT, TORT (INCLUDING BUT NOT LIMITED TO NEGLIGENCE); OR OTHERWISE, EVEN IF PSYBOOKS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    2. APPLICABLE LAW MAY NOT ALLOW THE LIMITATION OR EXCLUSION OF IMPLIED WARRANTIES OR EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES. IN SUCH CASES, THE ABOVE LIMITATION OF LIABILITY MAY NOT APPLY TO YOU. TO THAT EXTENT, PSYBOOKS’ TOTAL LIABILITY TO YOU FOR ALL LOSSES, DAMAGES, AND CAUSES OF ACTION SHALL NOT BE GREATER THAN THE TOTALITY OF PAYMENTS MADE BY YOU TO PSYBOOKS IN EXCHANGE FOR ALLOWING YOU TO USE OUR SERVICE DURING THE PAST THREE MONTHS PRIOR TO THE COMMENCEMENT OF ANY LEGAL ACTION OR PROCEEDING, OR $100.00 USD, WHICHEVER IS LESS.
  7. DISCLAIMER
    1. YOU ACKNOWLEDGE THAT OUR SERVICE AND THE INFORMATION THEREIN ARE PROVIDED ON AN “AS IS” BASIS AND THAT PSYBOOKS MAKES NO REPRESENTATIONS OR WARRANTIES, EITHER EXPRESS OR IMPLIED, REGARDING OUR SERVICE OR THE INFORMATION. PSYBOOKS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT.
    2. BY USING, OR ATTEMPTING TO USE, OUR SERVICE, YOU EXPRESSLY ACKNOWLEDGE THE FOLLOWING:
      1. THE INFORMATION COULD INCLUDE TECHNICAL INACCURACIES AND/OR TYPOGRAPHICAL ERRORS;
      2. PSYBOOKS DOES NOT REPRESENT OR WARRANT THE TIMELINESS, RELIABILITY, COMPLETENESS, OR ACCURACY OF THE INFORMATION; AND
      3. PSYBOOKS DOES NOT REPRESENT OR WARRANT THAT OUR SERVICE OR ANY RELATED SERVERS ON WHICH IT RESIDES ARE FREE OF ERRORS OR VIRUSES OR OTHER POTENTIALLY DAMAGING CONTENT.
    3. PSYBOOKS MAY PERIODICALLY MAKE CHANGES TO ANY SERVICE CONTENT, INFORMATION, FEATURES OR FUNCTIONS. PSYBOOKS RESERVES THE RIGHT TO IMPLEMENT SUCH CHANGES AT ANY TIME WITHOUT NOTICE TO YOU, OTHER THAN THAT WHICH IS SET FORTH IN THIS AGREEMENT.
    4. UNLESS SPECIFICALLY INDICATED IN WRITING TO THE CONTRARY, NO REFERENCE IN OUR SERVICE TO ANY PRODUCTS, PROCESSES, SERVICES OR OTHER INFORMATION BY TRADE NAME, TRADEMARK, MANUFACTURER, SUPPLIER, OR OTHERWISE, SHALL CONSTITUTE OR IMPLY PSYBOOKS’ ENDORSEMENT OR SPONSORSHIP THEREOF.
  8. Termination
    1. Either you or PSYBooks may terminate this Agreement. You may terminate this Agreement by destroying all materials obtained from our Service, except for UGC and, if you are a Subscriber, by providing a termination notice to PSYBooks at support@psybooks.com. PSYBooks may terminate this Agreement immediately, without notice for any reason, or no reason, other than as provided for in our Subscriber Agreement, and reserves the right to block or prevent your future access to our Service.
    2. Should you or PSYBooks decide to terminate this Agreement then PSYBooks will prevent access to your Account on our Service. PSYBooks agrees to make a good faith effort to resolve an outstanding dispute between PSYBooks and a Subscriber, if any exist, prior to termination. PSYBooks, at its sole discretion, may restore access to your Account if the dispute has been resolved to its satisfaction.
    3. You acknowledge and agree that termination of this Agreement by either party pertains solely to your use of our Service, and has no effect on other contractual obligations that may exist between the parties, which remain in full force and effect.

Privacy Policy

Date of Last Revision: April 19, 2024
  1. Introduction
    1. PSYBooks, LLC (collectively “PSYBooks” or “us” or “our” or “we”) is the owner and operator of www.psybooks.com and any related sub-domains (the “Service”). This privacy policy (“Privacy Policy” or “Policy”) applies to the Service in its entirety but does not apply to entities that PSYBooks does not own or control.
    2. PSYBooks is committed to the privacy and protection of information provided to us by our users. This includes any information provided to us through our Service, including any information submitted to us through various forms and through other mechanisms. By using our Service you are accepting the privacy practices contained in this Policy.
    3. The purpose of our Privacy Policy is to inform our users regarding the information that we collect, utilize, and share. If you have any questions about our Privacy Policy, or our privacy practices in general, please contact us using the contact information provided below:

    PSYBooks, LLC

    Privacy, c/o PSYBooks Privacy Officer

    2944 Blackwood Rd

    Decatur, GA 30033

    Email: susan@psybooks.com

    Phone: 770-441-6361

  2. Information Collected About You
    1. There are various types of information that PSYBooks collects about you when you register with, interact with, or otherwise use our Service. Some of this information is provided voluntarily by you and other information is provided through automated processes under PSYBooks’ control.
    2. Information Provided By You: In addition to personally identifiable information (“PII”) provided during the PSYBooks subscription process, you may also provide us PII during the following non-exhaustive list of representative classes of interactions on our Service:
      1. requesting customer support and sending PSYBooks similar communications;
      2. making payments to PSYBooks for various offerings;
      3. signing up for PSYBooks email alerts, newsletters, and similar special offers;
      4. responding to PSYBooks surveys and other special information requests; and
      5. communicating with PSYBooks regarding our compliance with applicable law.
    3. Information Provided By Automated Processes: PSYBooks may automatically collect non-PII pertaining to you when you use our Service including, but not limited to, when you use our Service via mobile and other access devices. PSYBooks may use cookies, web beacons, log files and similar methods to collect non-PII:
      1. A cookie is data stored in a small text file on your local access device that contains data about you. The information in the cookie is used to uniquely identify you and other users of our Service. The cookie may contain a token linked to our databases in order to provide you an enhanced feature set. It identifies a particular user at a particular point in time;
      2. A web beacon is used to enable communications with third parties. It is a small image in an HTML page with all dimensions set to one (1) pixel. Because of its insignificant size, it is not visible. It is used to pass certain non-PII anonymously to third-party sites, usually advertisers;
      3. A log file is a system created file that captures certain interactions between you and our Service.
    4. Non-PII Reservation of Rights: PSYBooks reserves the right to adopt alternative methods for collecting non-PII consistent with the provisions of this Policy and without providing further notification to you, other than what is contained herein.
  3. Implications Regarding Collected Information
    1. Consent Regarding Data Storage and Transfer: Your use of our Service implies your consent to have your PII and non-PII (“Data”) (i.e. any data provided by you to PSYBooks via our Service or through other mechanisms) stored, transferred and processed within the United States, or in any other country in which PSYBooks or its affiliates, subsidiaries or agents maintain facilities. By providing us with your Data and using our Service you consent to any such transfer of Data outside of your country of origin, at PSYBooks’ sole discretion.
    2. Control and Access to Data: PSYBooks respects both the need for you to control your Data and our users’ need for sharing it with us, especially regarding the protected health information (“PHI”) of patients. PSYBooks is diligent in ensuring that it has implemented appropriate administrative, technical, and physical safeguards to prevent the unauthorized or unlawful use of your Data, and to prevent any accidental loss, destruction, or damage to such information.
    3. Use of Data Collected: PSYBooks is the sole business owner of the Data (i.e. as represented by the aggregate content and arrangement of the information collected about you or your patients on our Service) and will not sell, rent or share the information collected in a manner that differs from what is disclosed in this Policy. PSYBooks collects this information in order to:
      1. accomplish the objectives of our Service;
      2. provide you with a high quality user experience on our Service;
      3. offer you a personalized feature set on our Service; and
      4. to improve our Service.
    4. Sharing of Data in General: PII or PHI provided by you will not be shared with third parties, without your permission, for any purpose other than those enumerated below. PSYBooks, in its sole discretion, reserves the right to share with third parties aggregated non-PII for the purpose of compiling information that is relevant to our business interests. PSYBooks, in its sole discretion, reserves the right to disclose any information that it obtains through our Service to appropriate governmental or regulatory authorities or governmental agencies, if required by law. PSYBooks, in its sole discretion, may share any information collected, stored and processed, if it has a good faith belief that to do so is reasonably necessary to:
      1. enforce our Terms of Use;
      2. detect, investigate and otherwise address fraud, security or technical breaches or related matters; or
      3. protect against imminent harm to the rights, property, or safety of PSYBooks, its users, or the public at large, as required or permitted by law.
    5. Sharing of Payment Data: PSYBooks may share transaction information with our third party payment processor (“Payment Processor”) when you pay for or renew your Subscription to our Service. The information shared with our Payment Processor is limited to the information required by our Payment Processor to complete the payment transaction. PSYBooks does not capture or store the financial information provided by you to our Payment Processor. PSYBooks only stores the results of said transactions as provided via notifications from our Payment Processor to us upon the completion of a payment transaction.
    6. Sharing of Data with Other Third Parties: In addition to disclosing information to our Payment Processor, PSYBooks may disclose your personal information or PHI to other third-party service providers (“Providers”) who perform services on our behalf. Examples of such Providers may include, but are not limited to, data storage and web hosting companies, as well as consultants we may engage for various reasons. PSYBooks requires Providers to use and protect your personal information consistent with the provisions of this Policy. PHI will only be shared with business partners with whom PSYBooks has a Business Associate Agreement, as required by applicable law.
  4. Security of Information
    1. Any information sent by you to PSYBooks through Internet email or through our Service may not be secure and is therefore done on a non-confidential basis and at your own risk. Once such information is received, PSYBooks takes appropriate security safeguards to prevent its unauthorized use, alteration, disclosure or destruction. These safeguards include periodic review of our internal processes, and benchmarking of same with industry best practices.
    2. Access to PII or PHI is restricted to PSYBooks employees, contractors, and agents on a need to know basis. Such individuals are generally bound by confidentiality agreements and may be subject to termination and criminal prosecution should they fail to comply as required by said agreements and/or with the contents of this Policy.
  5. Data integrity
    1. PSYBooks processes PII only for the purposes for which it was collected and in accordance with the provisions in this Policy. Reasonable steps are taken to ensure the quality of the PII that PSYBooks collects, processes, and stores. PSYBooks depends on its users to keep their PII current and accurate. PSYBooks conducts periodic reviews to ensure that only the PII required by our Service is captured and used consistent with the provisions of this Policy. The maintenance of data integrity is a joint collaborative effort between PSYBooks and our users.
    2. PSYBooks may delete Data, from time to time, upon the request of an individual user. PSYBooks requires that a user present proper credentials for authentication before honoring all such requests. Good faith attempts are made to work with individual users regarding Data related issues. PSYBooks reserves the right to refuse such requests when they prove unduly burdensome and/or are impractical. PSYBooks will not delete Data required to be kept by applicable law or Data otherwise required by PSYBooks for legitimate business reasons.
  6. Choices Regarding PII
    1. Should PSYBooks decide to use PII or PHI other than for the purpose originally collected, PSYBooks will do so only with your consent. You will be given the opportunity to opt out of any such use. Should PSYBooks become involved in a sale, acquisition, or any form of transfer of some or all of its assets, then PSYBooks will provide notice to you before your PII or PHI is subject to a new or different privacy policy.
    2. You always have the option of contacting PSYBooks should you have questions regarding your PII or PHI. Please contact PSYBooks using the contact information provided above.
  7. Protecting Children

    PSYBooks restricts the use of our Service to individuals of legal age and above. PSYBooks does not knowingly collect or solicit PII from anyone under the age of 18, with or without parental consent.

  8. Links

    Our Service may contain hyperlinks to third-party websites that may collect or solicit information. Our Privacy Policy does not cover information collected or solicited by these third-party websites. PSYBooks is not responsible for the privacy practices of such sites. PSYBooks users are encouraged to pay attention when they leave our Service and to read the respective privacy policies of each website that collects personally identifiable information. This Policy only applies to information provided by you to PSYBooks via our Service or through other mechanisms.

  9. Enforcement

    Because we are committed to protecting our users’ PII and PHI, PSYBooks conducts periodic reviews of our internal processes to ensure that we remain in compliance with this Policy. We will cooperate with the appropriate authorities to resolve any user complaints regarding the transfer of PII or PHI. PSYBooks will initially try to resolve the complaint with the individual user. Formal complaints should be sent to PSYBooks using the contact information provided above.

  10. Policy Changes

    In the future, we may make changes to our Privacy Policy to reflect changes in our privacy practices and/or changes to our Service. PSYBooks’ goal is to keep our users aware of what information we collect, use, and under what circumstances, if any, we disclose it. When changes are made to this Policy the “last updated date” will be modified accordingly. If changes are made to our Privacy Policy then PSYBooks will provide notification on our Website. In addition, further notification will be provided to users that have registered with our Service.

Business Agreement

Date of Last Revision: April 19, 2024
  1. Introduction
    1. PSYBooks, LLC (collectively “PSYBooks” or “us” or “our” or “we”) is the owner and operator of www.psybooks.com and any related sub-domains (the “Service”). This privacy policy (“Privacy Policy” or “Policy”) applies to the Service in its entirety but does not apply to entities that PSYBooks does not own or control.
    2. PSYBooks is committed to the privacy and protection of information provided to us by our users. This includes any information provided to us through our Service, including any information submitted to us through various forms and through other mechanisms. By using our Service you are accepting the privacy practices contained in this Policy.
    3. The purpose of our Privacy Policy is to inform our users regarding the information that we collect, utilize, and share. If you have any questions about our Privacy Policy, or our privacy practices in general, please contact us using the contact information provided below:

    PSYBooks, LLC

    Privacy, c/o PSYBooks Privacy Officer

    2944 Blackwood Rd

    Decatur, GA 30033

    Email: susan@psybooks.com

    Phone: 770-441-6361

  2. Information Collected About You
    1. There are various types of information that PSYBooks collects about you when you register with, interact with, or otherwise use our Service. Some of this information is provided voluntarily by you and other information is provided through automated processes under PSYBooks’ control.
    2. Information Provided By You: In addition to personally identifiable information (“PII”) provided during the PSYBooks subscription process, you may also provide us PII during the following non-exhaustive list of representative classes of interactions on our Service:
      1. requesting customer support and sending PSYBooks similar communications;
      2. making payments to PSYBooks for various offerings;
      3. signing up for PSYBooks email alerts, newsletters, and similar special offers;
      4. responding to PSYBooks surveys and other special information requests; and
      5. communicating with PSYBooks regarding our compliance with applicable law.
    3. Information Provided By Automated Processes: PSYBooks may automatically collect non-PII pertaining to you when you use our Service including, but not limited to, when you use our Service via mobile and other access devices. PSYBooks may use cookies, web beacons, log files and similar methods to collect non-PII:
      1. A cookie is data stored in a small text file on your local access device that contains data about you. The information in the cookie is used to uniquely identify you and other users of our Service. The cookie may contain a token linked to our databases in order to provide you an enhanced feature set. It identifies a particular user at a particular point in time;
      2. A web beacon is used to enable communications with third parties. It is a small image in an HTML page with all dimensions set to one (1) pixel. Because of its insignificant size, it is not visible. It is used to pass certain non-PII anonymously to third-party sites, usually advertisers;
      3. A log file is a system created file that captures certain interactions between you and our Service.
    4. Non-PII Reservation of Rights: PSYBooks reserves the right to adopt alternative methods for collecting non-PII consistent with the provisions of this Policy and without providing further notification to you, other than what is contained herein.
  3. Implications Regarding Collected Information
    1. Consent Regarding Data Storage and Transfer: Your use of our Service implies your consent to have your PII and non-PII (“Data”) (i.e. any data provided by you to PSYBooks via our Service or through other mechanisms) stored, transferred and processed within the United States, or in any other country in which PSYBooks or its affiliates, subsidiaries or agents maintain facilities. By providing us with your Data and using our Service you consent to any such transfer of Data outside of your country of origin, at PSYBooks’ sole discretion.
    2. Control and Access to Data: PSYBooks respects both the need for you to control your Data and our users’ need for sharing it with us, especially regarding the protected health information (“PHI”) of patients. PSYBooks is diligent in ensuring that it has implemented appropriate administrative, technical, and physical safeguards to prevent the unauthorized or unlawful use of your Data, and to prevent any accidental loss, destruction, or damage to such information.
    3. Use of Data Collected: PSYBooks is the sole business owner of the Data (i.e. as represented by the aggregate content and arrangement of the information collected about you or your patients on our Service) and will not sell, rent or share the information collected in a manner that differs from what is disclosed in this Policy. PSYBooks collects this information in order to:
      1. accomplish the objectives of our Service;
      2. provide you with a high quality user experience on our Service;
      3. offer you a personalized feature set on our Service; and
      4. to improve our Service.
    4. Sharing of Data in General: PII or PHI provided by you will not be shared with third parties, without your permission, for any purpose other than those enumerated below. PSYBooks, in its sole discretion, reserves the right to share with third parties aggregated non-PII for the purpose of compiling information that is relevant to our business interests. PSYBooks, in its sole discretion, reserves the right to disclose any information that it obtains through our Service to appropriate governmental or regulatory authorities or governmental agencies, if required by law. PSYBooks, in its sole discretion, may share any information collected, stored and processed, if it has a good faith belief that to do so is reasonably necessary to:
      1. enforce our Terms of Use;
      2. detect, investigate and otherwise address fraud, security or technical breaches or related matters; or
      3. protect against imminent harm to the rights, property, or safety of PSYBooks, its users, or the public at large, as required or permitted by law.
    5. Sharing of Payment Data: PSYBooks may share transaction information with our third party payment processor (“Payment Processor”) when you pay for or renew your Subscription to our Service. The information shared with our Payment Processor is limited to the information required by our Payment Processor to complete the payment transaction. PSYBooks does not capture or store the financial information provided by you to our Payment Processor. PSYBooks only stores the results of said transactions as provided via notifications from our Payment Processor to us upon the completion of a payment transaction.
    6. Sharing of Data with Other Third Parties: In addition to disclosing information to our Payment Processor, PSYBooks may disclose your personal information or PHI to other third-party service providers (“Providers”) who perform services on our behalf. Examples of such Providers may include, but are not limited to, data storage and web hosting companies, as well as consultants we may engage for various reasons. PSYBooks requires Providers to use and protect your personal information consistent with the provisions of this Policy. PHI will only be shared with business partners with whom PSYBooks has a Business Associate Agreement, as required by applicable law.
  4. Security of Information
    1. Any information sent by you to PSYBooks through Internet email or through our Service may not be secure and is therefore done on a non-confidential basis and at your own risk. Once such information is received, PSYBooks takes appropriate security safeguards to prevent its unauthorized use, alteration, disclosure or destruction. These safeguards include periodic review of our internal processes, and benchmarking of same with industry best practices.
    2. Access to PII or PHI is restricted to PSYBooks employees, contractors, and agents on a need to know basis. Such individuals are generally bound by confidentiality agreements and may be subject to termination and criminal prosecution should they fail to comply as required by said agreements and/or with the contents of this Policy.
  5. Data integrity
    1. PSYBooks processes PII only for the purposes for which it was collected and in accordance with the provisions in this Policy. Reasonable steps are taken to ensure the quality of the PII that PSYBooks collects, processes, and stores. PSYBooks depends on its users to keep their PII current and accurate. PSYBooks conducts periodic reviews to ensure that only the PII required by our Service is captured and used consistent with the provisions of this Policy. The maintenance of data integrity is a joint collaborative effort between PSYBooks and our users.
    2. PSYBooks may delete Data, from time to time, upon the request of an individual user. PSYBooks requires that a user present proper credentials for authentication before honoring all such requests. Good faith attempts are made to work with individual users regarding Data related issues. PSYBooks reserves the right to refuse such requests when they prove unduly burdensome and/or are impractical. PSYBooks will not delete Data required to be kept by applicable law or Data otherwise required by PSYBooks for legitimate business reasons.
  6. Choices Regarding PII
    1. Should PSYBooks decide to use PII or PHI other than for the purpose originally collected, PSYBooks will do so only with your consent. You will be given the opportunity to opt out of any such use. Should PSYBooks become involved in a sale, acquisition, or any form of transfer of some or all of its assets, then PSYBooks will provide notice to you before your PII or PHI is subject to a new or different privacy policy.
    2. You always have the option of contacting PSYBooks should you have questions regarding your PII or PHI. Please contact PSYBooks using the contact information provided above.
  7. Protecting Children

    PSYBooks restricts the use of our Service to individuals of legal age and above. PSYBooks does not knowingly collect or solicit PII from anyone under the age of 18, with or without parental consent.

  8. Links

    Our Service may contain hyperlinks to third-party websites that may collect or solicit information. Our Privacy Policy does not cover information collected or solicited by these third-party websites. PSYBooks is not responsible for the privacy practices of such sites. PSYBooks users are encouraged to pay attention when they leave our Service and to read the respective privacy policies of each website that collects personally identifiable information. This Policy only applies to information provided by you to PSYBooks via our Service or through other mechanisms.

  9. Enforcement

    Because we are committed to protecting our users’ PII and PHI, PSYBooks conducts periodic reviews of our internal processes to ensure that we remain in compliance with this Policy. We will cooperate with the appropriate authorities to resolve any user complaints regarding the transfer of PII or PHI. PSYBooks will initially try to resolve the complaint with the individual user. Formal complaints should be sent to PSYBooks using the contact information provided above.

  10. Policy Changes

    In the future, we may make changes to our Privacy Policy to reflect changes in our privacy practices and/or changes to our Service. PSYBooks’ goal is to keep our users aware of what information we collect, use, and under what circumstances, if any, we disclose it. When changes are made to this Policy the “last updated date” will be modified accordingly. If changes are made to our Privacy Policy then PSYBooks will provide notification on our Website. In addition, further notification will be provided to users that have registered with our Service.