The security mission of Virtual Psychology (VP) is to prevent an association of our records with a specific person. To secure patient privacy, three parties sharing the responsibility: VP, the clinician using our services, and the infrastructure providers of our services and products.
When the clinician creates a new patient there are only two required minimum necessary general identifiers: gender and estimated age. We need these identifiers for the accuracy of our reports. The newly created patient is assigned a random patient id number. It is the clinician's responsibility to maintain a separate and secured list of here/his patients by their patient id number at VP. The clinician is also responsible to obtain the patient's informed consent before using the VP programs.
On top of these strict measures to protect patient privacy, VP provides its users with a HIPAA compliant computing environment. We have a contractual business association agreement (BAA) with our infrastructure providers. These BAAs define the shared responsibilities of the infrastructure providers and VP, to set and maintained a secured HIPAA compliant computing environment.
NOTE: HIPAA Compliance Software Vs. HIPAA Compliant Software:
The terms “HIPAA compliant software” and “HIPAA compliance software” are frequently used interchangeably by some software vendors, although the two terms mean something quite different.
“HIPAA compliance software” is more often than not an app or service that guides a business through its compliance efforts. This type of software can either help with specific elements of HIPAA compliance (i.e. Security Rule risk assessments) or provide a total solution for every element of HIPAA compliance.
HIPAA compliant software is usually an app or service for healthcare organizations that includes all the necessary privacy and security safeguards to meet the requirements of HIPAA, for instance, secure messaging solutions, hosting services, and secure cloud storage services. HIPAA compliant software does not guarantee compliance. It is the responsibility of users of the software solutions to ensure the software is used in a HIPAA-compliant manner.