Clinician’s Guide to HIPAA Privacy

The clinician is responsible to obtain the patient's informed consent before using our programs and services. When you create a new patient, there are only two minimum necessary general identifiers: gender and estimated age. These patient identifiers are needed for the accurate functionality of our programs. The newly created patient is assigned with a random patient id number. It is your responsibility to maintain a separate and secured list of your patients by their patient id number at VP.

VP provides the clinician with additional security measures. In the Account Manager security section, you can set a two-step verification to add a security question when you log in to the VP computing environment. Other security measures are validating your account by adding a valid payment method and a recovery email address. Both methods will help us to identify you in case you contact us. If you feel that your VP account has been compromised in any way you should contact us immediately at security@virtualpsychology.com.

Most likely, all the personal information that you use and share in your daily duties is covered under HIPAA for treatment purposes. These include performing diagnostic process and diagnostic tests. For treatment purposes, you are not limited by HIPAA in terms of the information you can provide to other providers or caregivers, as long as the patient has not requested to restrict the sharing of his or her information. If this were the case, a patient’s record would reflect this request. While "treatment purposes" allows you a broader scope for sharing information, you will still want to be aware of "minimum necessary" and "the need to know" standards. HIPAA requires healthcare professionals to make their best efforts to protect patient's privacy by sharing the least amount of information necessary to provide care.

Disclosure of PHI is allowed provided that the other healthcare professional has a direct treatment relationship with the patient, and has informed the patient of their privacy policy.

Computers

Computers allow access to a vast amount of patient information that must be secured. Be vigilant about your computer use, following these guidelines:

• Computers should be set up so that the screens are not easily visible to the public or the patient.

• The computer user should "log off" when finished with the computer, so the screen is not left "on" and "visible" to others.

• Each computer user should have their own password so that each person using the computer and the screens they go to can be identified.

• Do not share your password with others.

Emails Regarding Patients

Each organization will have specific guidelines but you are likely to see some or all of the following included:

• Do not put the patient’s name or ID in the "subject line."

• Be certain you have the correct email address (watch for varying endings like .net, .com, .att, .edu, etc.).

• Only send necessary information in the email.

• Your facility may have a standard disclaimer at the end of each email sent.

• All emails must be "encrypted," in other words, coded as they are transmitted and then decoded at the receiving end. Encryption is fairly standard for email transmissions in healthcare settings.

Clinician’s Responsibilities

Clinician’s Responsibilities