Paubox blog: HIPAA compliant email made easy

Is TherapyAppointment HIPAA compliant?

Written by Caitlin Anthoney | June 29, 2024

TherapyAppointment is a practice management software tailored for mental health professionals, offering tools for scheduling, client management, billing, documentation, and telehealth. 

Is TherapyAppointment HIPAA compliant? Yes, TherapyAppointment can be HIPAA compliant.

 

Will TherapyAppointment sign a business associate agreement (BAA)?

Yes, TherapyAppointment will sign a business associate agreement, which can be reviewed under their terms of service.

 

What does the TherapyAppointment BAA cover?

The TherapyAppointment BAA covers the use and disclosure of protected health information (PHI), ensuring compliance with HIPAA regulations. 

More specifically, their terms state, “Subscriber may not use the Service in any way that is illegal, fraudulent, or violates the provisions of the Health Insurance Portability and Accountability Act of 1996 and its later extensions and modifications, including the Health Information Technology for Economic and Clinical Health Act (collectively ‘HIPAA’).”

Their BAA covers:

  • Protection of PHI
  • Notifications of security incidents
  • Individual right of access requests
  • Individual accounting requests
  • Destruction of data
  • Sale, assignment or change of control
  • Law enforcement, legal process, and emergency situations
  • Use of non-personally identifiable information

 

What does the TherapyAppointment BAA exclude?

The TherapyAppointment BAA does not cover the relationship with any third-party agents or entities that a subscriber may link with. So, subscribers must have separate BAAs with any agents they link to their TherapyAppointment account. 

Additionally, “subscribers are responsible for setting and maintaining the roles and permissions for Agent access within their practice. Subscriber is also responsible for severing the link with an Agent Account when appropriate."

 

Conclusion

TherapyAppointment signs a BAA and is therefore HIPAA compliant. However, subscribers must have separate BAAs with any third-party agents they integrate with the platform to maintain compliance.

 

FAQs

What is a business associate agreement?

A business associate agreement (BAA) is a legally binding contract establishing a relationship between a covered entity under the Health Insurance Portability and Accountability Act (HIPAA) and its business associates. The purpose of this agreement is to ensure the proper protection of personal health information (PHI) as required by HIPAA regulations.

 

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) sets national standards for protecting the privacy and security of certain health information, known as protected health information (PHI). HIPAA is designed to protect the privacy and security of individuals’ health information and to ensure that healthcare providers and insurers can securely exchange electronic health information. Violations of HIPAA can result in significant fines and penalties for covered entities.

 

Who does HIPAA apply to?

HIPAA applies to covered entities, which include healthcare providers, health plans, and healthcare clearinghouses. It also applies to business associates of these covered entities. These are entities that perform certain functions or activities on behalf of the covered entity.

Learn more: Improving mental healthcare through HIPAA compliant email marketing