Group Practice Office Hours
On Demand Streaming Consultation Sessions
HIPAA and Teletherapy Support for Mental Health Professionals and Practicing Clinicians in leadership within Group Practices and Agencies. Rather see Office Hours for Solo Practioners?
Get a taste of how Group Practice Office Hours can help your practice. These are real questions from real group practice leaders:
Should I keep couple therapy notes in three different silos?
Answering the Question: Let’s imagine I’m seeing a couple. [Go ahead, I’ll wait.] Ok, now let’s say I see each of them separately, as many therapists have the custom to do. Should I keep notes in three different silos – couple’s notes, Bob’s notes, and Mary’s notes? (In this example, Bob and Mary are the members of the couple. You probably figured that out.) As opposed to having one folder or document where I keep all the notes and mark some as both, some as Bob, and some as Mary? Because ostensibly Mary should be able to get the records for her individual visits without Bob’s approval, and he should not be able to see them at all without a release from her. Right?
PCT+ GOH 42 q9
Evan: Here’s a recent clip from group practice office hours. Stay till the end for a special offer. PCT only uses clips, which don’t identify the asker or when we get their permission to share the clip. Good question.
Roy: Okay. Let’s imagine I’m seeing a couple. Okay. I’m imagining. Okay, go ahead. Oh, wait. Oh, okay. I’m imagining.
Okay. Okay. Now let’s say I see each of them separately is may therapists have the customer. No subsystem work. Should I keep notes in three different silos? Couple’s notes, Bob’s notes and Mary’s notes. And this example of Bob and Mary of the members of the couple, you’ve probably figured that out. I did.
Thanks as opposed to having one folder, a document where I keep all the notes and marks some as both, some as Bob and someone’s married because ostensibly Mary should be able to get the records for individual visits. The boss allows approval and he should be able to, we should not go to see them all at all with a release from her, right?
Oh, this, because in this one, Mary is the identified right. Or doing that thing. Um, it it’s something Mary should be able to get the record and get the records for a neutral visits with Bob’s approval. And he should not be able to see them at all. Oh, no, sorry. No, nevermind. Scratch that. I was misreading. Um, I wouldn’t do it that way.
I would be like the individual visits are part of the couples therapy and are part of the, are in the record that belongs to me. That’s that’s like typically how that’s done, uh, in my experience. And it doesn’t have to be like, I mean, certainly there are places that don’t do it that way, but, um, the, what you’re talking about is a real big conundrum, uh, that we get into.
If we try to make the, you know, the sub system sessions be confidential from the other members of the system. So like, like at that point, it’s, it’s really difficult to do it that way. Um, generally, I mean, I’m sure there are like family therapists, a couple of therapists who do, maybe it keeps some separate, I’m sure it’s out there.
Um, I don’t recommend it for this exact reason, right. That like, like, I mean, certainly you need to make that clear upfront and make sure that sign off that everyone understands that the subsystem sessions are part of the main record and are available to both members of the. Uh, on the request, um, because otherwise you’re having to keep this separation you’re talking about, and that’s just really complicated and difficult to do, uh, and prone to error.
Um, that’s my opinion. Um, but if you decide you want to have a separate stream, right. Uh, then yes, you’re. Yeah, you’re right now, ostensibly Mary, you should be able to get the records for individual Isabelle’s approval. He should not be able to do them all at once out a release from her. Um, I imagine you’re right about that.
Um, but at that point, I think the problem is I’m trying to channel Eric, Eric Strom, our attorney. I feel like Eric’s going to say something about state law, um, because. It there’s, uh, there is always the possibility of that state law has something to say about this, in fact. Yeah. And I think what I’m like, yeah, this is definitely an area where state law may have a specific instruction requirement, uh, around this.
Um, because some states do some states don’t, uh, in terms of HIPAA, um, it really comes down to how the, they understand their access. I mean, like if you, if you arrange with them at the beginning that those individual ones are part of a different record, because it has to be a different record. Like, it’s not in the same record.
Like there is, there’s a couples record and then there’s a bar record and then there’s a Mary record. Right. So at that point I’m like, huh? No. Okay. That’s what you’re talking about. That seems problematic. Well, then it becomes
Liath: an, a right to the access item. So then are you, um, And it also matters on whether or not you are billing insurance or if this is private pay.
Roy: Let’s put that aside for now, but like, yeah, I know what you mean. I know what you mean, but. We can talk, let’s talk about that at the end. Let’s analyze it as if we don’t have the identified patient issue going on. Um, it as if like the couple is the, the, the patient or the client, right. Uh, like, which would probably mean this is a cash pay.
Was this pretend it’s a cash pay. Right. And so like at that point, the thing is, is okay. It’s really okay if you want Bob and Mary to have records that are private from each other, those become different records. Like he wouldn’t have pieces in their collective record that are private from one and not from the other, like the whole record is accessible to someone or not accessible to them.
Right. That’s that’s, that’s not, I’m just remembering this. That’s what that is. So if you want it to be able to have notes that are not accessible to the other, you need to have like this, I start an individual record for that person, which means separate, informed consent. They get all those intake stuff.
Right. Um, so that’s what you would need to do. And that was certainly make it clear to them that these is either separate things. Are only accessible to that individual. I’m not sure that’s really what you want to do. I mean, with a couple, that’s not usually the desired outcome, right. Let’s not use it, what you’re, you’re trying for.
Um, but I’m pretty confident that if you do want a situation where they can’t see each other’s records, they’re private from each other, they have to be separate. Right. Uh, which means separate, informed consent, which makes sense anyways, because exactly who has access to what records is a part of informed consent, you know, and certainly something that you need to have there.
Yeah. That’s what I think. Um, should we forward this for the next Eric Day? Just to get Eric’s opinion, to be sure. I mean, we should actually really shit. I mean, it’s a, it’s a specific privacy question. So that’s what Eric is around for. Uh, we can only have one. Basically semi expert opinions on privacy.
Liath: so we’ll, we will have Eric address this in his July session, which will be on July 23rd. Uh, so, um, yes, that, that should be helpful there. And then, uh, actually in the meantime, I would like to know if this is a private pay couple or if insurance is being built, because that will. Inform Eric’s guidance on this, uh, as well as what current, uh, consents and disclosures have been made related to rights of access.
Roy: Yeah. Yeah. That that’s true. That’ll help Eric. Yeah. Yeah. I’m really, I feel like 60% sure. Maybe 70%. So an attendee has also voted for Tosca to Eric. So yes. Thank you. Okay. It has been seconded. We shall toss it to Eric. We’re going to kick the can down the road. All right.
Evan: Thanks. Watching. Use the coupon code PC T plus all one word to get one month free with a year long subscription to group office hours.
You might also be interested in:
CE Credit Hours Events
Couples, Minors, Insurance Billing, and Legal Rights of Access to Records
Unravelling the complexities of who has access to what records and how to inform clients of these rights.
Plus: How to reconcile the medical model with family systems models for providing care so as to ensure that couples and family therapy provided within the context of managed care remains legal and ethical
Do I need a BAA with our accountant, or is a confidentiality agreement ok?
Answering the Question: Our accountant is sometimes accidentally exposed to PHI that didn’t get removed from documents I send them (over encrypted email). Do I need a BAA with them, or is a confidentiality agreement ok? They’re not explicitly handling PHI on our behalf, only incidental contact.
PCT+ GOH 41 q7
Evan: Here’s a recent clip from group practice office hours. Stay till the end for a special offer. PCT only uses clips, which don’t identify the asker or when we get their permission to share the clip.
Eric: Great. Okay.
Roy: We’re going way over everybody, but it’s a great session. Okay. Question seven. Our accountant is sometimes accidentally exposed to Phi that didn’t get removed from document yes agreement. Okay. They’re not exposed to handling PhD on our behalf.
This is a, this is a great question. And, and from my perspective, it’s great because there’s no nuance. Yes. They’re a business associate. You need a business associate.
Roy: Oh, really? Okay. Even though their contact is only incidental or accidental.
Eric: Yeah. Are you, are you positive? Can you guarantee that it’s only incidental?
I don’t know. How are they accidentally exposed to Phi? I mean, why not get a BI and if, and if that’s not plausible, then you make sure you’re not giving your accountant PHS. Right
Roy: this because I agree. And I want to differentiate why I agree with this, but I don’t necessarily agree that like an it person has always a, B businesses.
Right. Good. And that’s also around the incidental or accidental contact issue. So like, in this case, you’re sending them information about clients sessions and payments. Basically you’re sending them information that normally contains, okay. And then you’d have to redact it before sending it. And so that, that corporate information is like, it is the purpose of the accountant to work with that Corpus of information.
And if you don’t redact it, they are exposed to Phi. I, that does not sound to me like incidental or accidental. Like the, the cleaning crew, when they come through, it should be in a normal operational day when they are cleaning and the context in which they clean, they shouldn’t be seeing Phi. Right. So if they happen to run into something, it should be incidental or accidental.
Eric: Here’s the incidental or Occidental in this context is your accountants. I cannot understand why your QuickBooks isn’t working the way it’s supposed to work. This doesn’t make any sense to me. Let me give me, give me access for, to your desktop for a second. Let me, let me fix this for you. And then down below is a document.
That’s a says Roy Huggins crying, right? And they’re like, Ooh, do you want to close that document? Right. Yeah. That’s incidental or accidental and no, that’s, that’s, that’s fine. This implies to me. And I don’t know that this is really what the question is saying. So I’m not imputing this to the question to ask her.
But the thing that is interesting to me that implies to me is this kind of happens on a regular basis, right? That’s not incidental or accidental. That’s, that’s not restricting the Phi that’s being provided. That means you need to be a right.
Roy: Yeah. Yeah. Yeah. Like, like Verizon, I was gonna say it first. I needed a cleaning crew.
Cause a little click. Like if the cleaning crew is able to come after hours, when you closed up the cabinets and closed up the computers and like all that kind of stuff and made it an environment where when third parties come in, they’re not exposed to Phi. And you know, there’s a client, who’s doing a late session and they stuck around and then the cleaning crew runs into them on accident.
That’s an accidental, right? Because the way you said ranged it, they really shouldn’t be running on the clients. And the reason why they shouldn’t be in this case, I have to agree that what it is is it’s an issue of failing to redact. Yep. Um, and which is not the same as incidental or accidental.
Evan: For watching use the coupon code PC T plus all one word to get one month free with a year-long subscription to group office hours.
Can we talk about the Psychology Today issue?
Answering the Question: Can we talk about the Psychology Today issue?
PCT+ GOH 40 q5
Evan: Here’s a recent clip from group practice office hours stay till the end for a special offer. PCT only uses clips, which don’t identify the asker or when we get their permission to share the clip.
Roy: Sweet. There we go. The psychology issue. Um, so like, um, in that case, they’re actually taking the, uh, the, the message of the potential client rights or whoever’s at your profile.
Whatever they are, right. Is actually being collected by psychology too. And so their system and then they email as you.
Liath: So it was kind of funny email.
Roy: Yeah. It’s kind of a double whammy. Like, first of all, they collect it and hold onto it without a business associate agreement. And then they send you an email, which is a conventional potentially on non-secure way of communicating Phi.
Um, if we ask psychology today about it, they’d probably make some BS claim about. Uh, oh, it’s just for initial contact. There’s no clinician client relationship yet, but clinician, client relationship is not that the concept doesn’t come up anywhere in hippos definitions of Phi. It’s not, not discussed anywhere in the HIPAA rules.
Um, and we’re not making this up. This is from conversations with several HIPAA attorneys, all of whom agree that it doesn’t make sense, uh, that, uh, That initial contact is somehow not Phi, right? So there are a lot
Liath: to do ethics issue as well, where like under the ACA code of ethics, you must treat a potential clients information, safeguard their information, um, to the same degree that you do for existing clients.
Roy: Right. It is both protect. It says protect their confidentiality and it says respect their privacy. Yeah. It has both things. Right. So, yeah. Um, yeah, there’s a lot of problems there. I mean, I think the, the challenge of psychology today here is that it’s not just that they disagree on the legal issue or something is that, they’re just a very honest.
Liath: Right. I mean, the Sussex directories that makes psychology today, uh, they are headquartered in the Cayman islands, which is, you know, a bit of an indicator. And, uh, they, you may be thinking well, Last year psychology today released sessions, their video platform. Um, and they’ll do it BAA for that. Wouldn’t that cover these other items as well?
No, it does not. But even though the BAA itself has no limitations, it doesn’t specify the parameters of what it applies to. Because it’s actually like a verbatim copy of the sample, BAA from HHS, um, which was a whole
Liath: a whole whole issue. But psychology today was very emphatic when pressed that no, that absolutely does not apply to the email me, uh, functionality.
Um, so that is not covered. And that to me is also a good indicator that they, their unwillingness to have the BAA, that they are executing with people for another aspect of their services, that they don’t want it to apply to that functionality, that they must have some understanding that they aren’t able to have the necessary safeguards in place within that system.
So, uh, all of that brings us to the fact that, um, if you are utilizing psychology today that you need to disable the email, me button functionality. Um, so that. Psychology today, isn’t acting as your business associate in that regard. And the, I put a Lincoln for a great little tutorial that Evan made on how to opt out of the, um, Email me functionality.
And then what we like to do so that we are as closely replicating that functionality as possible is to then have the URL that your website button is, uh, connected to have that be to the page on your website that contains your secured contact. And then there are no additional clicks in order to be able to textually communicate with you.
The user experience different than comes from a new tab or new window opening when they click your website button, as opposed to the modal popping up. Uh, when they click the, the email me button, then our other guidance there is too. Add a message within your profile itself, letting people know that if they just click your website button, they’ll be taken to your secure contact form and can send you a message that way I recommend having that included in the profile so that people can.
I think that because there isn’t that email me button that their only option is to contact you by phone, because we know in the modern era waist calls aren’t everyone’s cup of tea, and we don’t want there to be a barrier to initiating contact with you.
Evan: Yeah. By the
Roy: way, we should, we should, uh, make this page more known.
Liath: well, that’s, that’s one that, uh, I’ve been sharing with folks after doing their services assessment, especially right. And having to have the psychology today conversation, right?
Roy: Yes. The psychology, the conversation. Yes. Right, right. Good call. So, yeah. Which of course is why when we referenced that in question four and I asked her is like, excuse me, what, tell me about this.
Like, yes, yes. Like that, it’s very fair that we should probably explain the whole thing. Right.
Liath: Right. And then I know Keeley wrote a whole piece about the phone tracking. Component, uh, not yet made a tutorial with regards to the phone tracking piece.
Roy: Okay. Uh, but yeah, if you want to see the Keeley Combs did a presentation on social media ethics a couple of months back, uh, and our course courses available in our marketplace under, um, you know, CE and services.
Um, and that can be columns, of course. The one of the top experts on that particular area. Um, Ian there, their courses available. It’s
Evan: uh, go down
Roy: now I’ll go on the singles. Yeah. It’s like, I may not be in one of the slates. Right.
Evan: do we
Roy: have a lot of courses,
courses we have.
is it not in here? Okay.
Roy: Right. Um, Hmm.
Evan: Mainly due
Roy: to due
Evan: to, uh, it is, Hm. Oh, it
Liath: used to be, it was our featured card. Yeah. For sometime, but there was also supposed to be a single for it.
Roy: Uh, do you remember the, the skew?
Evan: Um, my mentor.
Roy: Ah, yes. Okay.
Evan: I’ll just think of that.
Roy: Social media management.
Evan: Thanks for watching. Use the coupon code PC T plus all one word to get one month free with a year-long subscription to group office hours.
Be sure to check out this resource:
Protecting Clinical Boundaries and Your Practice on Social Media, an Ethical Approach
Join us as highly lauded social media ethics expert, Dr. Keely Kolmes, teaches about maintaining ethical professional boundaries in the highly porous world of social media.
2 legal ethical CE credit hours
Is there a benefit to having an ONC-EHR?
Answering the Question: We are considering changing from one EHR to another. Is there a benefit to having an ONC-EHR? For example, we are looking at Simple Practice but they are not an ONC-EHR. Will there be a movement to require groups to have an ONC-EHR?
pct+ goh s33 q8
Roy: Here’s a recent clip from group practice office hours. Stay till the end for a special offer. PCT only uses clips, which don’t identify the asker or when we get their permission to share the clip. Okay. Um, all right. So they’re saying we are considering changing from one EHR to another you and a lot of other people.
Okay. Is there a benefit to having an ONC certified EHR system? For example, we’re looking at simple practice, but they’re not NLST certified HR system. Well, there’ll be a movement to require groups to have an ONC certified age care system. Wow. That is exactly what our presentation in three weeks is about.
Um, but I, I, I can definitely give you. I can definitely answer your question. I don’t, we don’t have to wait for that. Um, I thought you would just paste it all in info. Okay. So I just think I on the slides. Okay. Okay. Um, so a little, a little catch-up on what these things mean. Help give some context, right?
So electronic health record that phrase EHR actually is technically a jargon term. Um, that pretty much always means ONC certified EHR just inherently, but we’ve been using the term to generically talk about electronic record systems, especially online electronic record systems. Um, that’s the, that’s the only difference.
So like, um, but that’s just kind of an aside just to let you guys know. So an ONC certified HR would be one that is made by a software provider. Like a company could be an individual, but it’ll usually be a company. Um, that is actually registered with the ONC, which, and the ONC is an agency of health and human services.
And there they are specifically there to guide and, and regulate health information technology. That’s what they do, right? This is not the HIPAA people. The HIPAA people are like next door and they talk to each other all the time, but they’re not the HIPAA people. Well, the ONC says something as a certain way.
That is not the authority of the HIPAA people, that the HIPAA people are a different group, just so you know. Right. Okay. So that also means that when the ONC says you commissions have to follow our rule, it’s not a HIPAA thing. So being a HIPAA covered entity has nothing to do with it. Right? So for example, in my practice, I’m not a HIPAA covered entity.
I made sure of that. And I continue to make sure of that. But the information blocking rule still applies to me. Right. Separate from HIPAA. Right. If I it’s all of us and made sure that that there’s no exceptions. Right. Okay. So that’s that? So an ONC certified DHR is one that’s made by a software company that has registered with the ONC registration system, like their program.
For re for certified, uh, E for certified software developers. Um, and they make what’s called modules, which, uh, you know, being modules of software that get explicitly certified or not by ONC, right. And those modules would be for anything involving what EHR does such as, you know, holding records, you know, where you type your records and they could help.
Right. A module for e-prescribing for example, like you actually cannot do electronic prescribing in less, your e-prescribing software is an ONC certified software module. Like that’s the one part of like our practice management systems that if we want to use them has to be ONC certified is the part that does the e-prescribing.
Right. But not necessarily the record keeping. So like your record keeping regarding the prescriptions can be. In a non ONC certified system, while you use any ONC certified module to just a, your e-prescribing, you can have them separated. Right. Which is, it’s an interesting point, which may start to come up later.
Okay. Um, I’m like, I can say no more. Um, other modules can be things like, um, The modules that do the entire operation, you know, that like can actually go out and look for, you know, where else does this patient have records and like goes and retrieves those records from those places, uh, that’s called the entire operation.
Um, so all of these are ONC certified modules. So when you’ve got an LNC certified EHR, which, you know, is that the modules that has, are gonna follow the ONC rules, right. And one of those ONC rules, and this is the reason why a lot of people are saying, maybe I don’t want to know once you certified EHR.
One of those ONC rules is that, uh, it has to have a module in the patient portal, port part, the part where you have like a client portal or a patient portal, that part has to basically let a person just go right in and check out all of their past records unless the clinician has hidden them for reasons of the harm exception or some other exception.
Right. Um, so basically that is usually why people are switching away. I’m guessing for you ask her, that’s why you’re switching away, right? Is that you’re like, whoa, that’s intense and definitely is not meeting our needs very well. And just like where he was ranting about in the last question, the ONC didn’t do a very good job of thinking about health providers here, especially not mental health providers.
Um, so that’s legit, right? So if you go to a system that’s not ONC certified, they don’t have to do that. All right. What’s the penalty for them not doing that. Uh, they can’t be ONC certified. That’s the penalty, right? The information blocking rule only applies to software providers who are making OSU certified modules.
Right. That’s where it applies. And actually really just applies to the ONC certified module. If the software company makes a module, that’s not certified, that’s fine. They can do whatever they want. It doesn’t have to follow information blocking. Like the downside they get is that it’s not ONC certified.
That’s the downside. Okay. So why do you care? You know, why would a software company want to know NC certified module for you? Like I, they gonna lose your business if it’s not ONC certified? Well, they might because a huge swaths of the healthcare industry, which are not us, right. Basically huge flaws industry, which, uh, one person characterize it as all the professions that prescribed medications.
Right. They all have incentives, mostly under Medicare, but also under various other programs at this point to use ONC certified EHR systems, right. In some states like those, those incentives may actually even be seen as requirements depending on the kind of environment in which they operate. Right. But none of them, except for certain very specific exceptions, those very specific states.
None of them apply to us, us being mental health providers who are not psychiatric. So we’re not psychiatric nurse practitioners or psychiatrists. Like we’re not medical providers. So psychologists clinical, social workers, counselors, MFTs addiction, specialist, rehab counselors, you know, school counselors, all of us like, like we’re not prescribers, we’re not in those incentive programs.
Um, which was actually a really big frustration back in 2009 when that started, because it meant that there was no money for us to adopt the electronic records. And because there wasn’t, there wasn’t this requirement. We, we started seeing this huge ecosystem built around us of practice management systems, like simple practice, but one that you’re fighting right now.
Right. So my practice has a number of competitors who are in that same space, like therapy notes, or a therapy appointment or thoroughness, or am I missing any of the ones I should make sure to shout out to, um, Anybody
Liath: take you
Roy: relatively new, right? Yeah. Like right. You know, those are not ONC certified.
And with that and that, and they grew up that way because their customers, which is us, because they’re specifically made for us, they’re not made for psychiatric or general medical they’re made for us. They decided there’s no value in going ONC certified. Right. Because it costs a lot of money to do that.
And our customers don’t need it. And, and so that means we can actually skip all that work and expense and also not charge our customers as much. So the system is often less expensive or if it costs the same, it just does more things like it does like simple practice does billing extremely well. Right.
Um, so I know talking to developers of some of these systems, some of them are actually ready to go to become ONC certified if the need arises. Uh, but they’ve been ready for years and it had just hasn’t arisen. Right. Um, there’s some other details we know about that I can’t reveal. Um, but they all kind of align with what I’ve already told you.
Right. So like that’s cool. Um, so what I’m saying to you is the only reason you would care about the ONC certified, anything at this stage, what would be, if you have a medical provider who needs to do e-prescribing. But you can actually get any prescribing modules separate from your practice management system.
And the only thing it does is the e-prescribing right. It doesn’t do any record keeping. So there isn’t a record to immediately expose to the client. And if it was, it would just be a record of what the prescriber prescribed, which they already know anyways. Right. Um, like, uh, Surescripts. Yeah. Surescripts will actually supply that.
Um, there’s also a good medical EHR called charm, like cha RM. That’s when my wife uses, uh, charmy HR, um, you can set up charmy HR and only use it for the e-prescribing. And the reason people like charm is that. Charm builds you based on how much you use it, not how many users you have. So all your prescribers can have an account on your term accounts and you’ll only be paying accordingly.
Well, now you do pay a fee for the e-prescribing it’s like $10 a month per prescriber, and then you pay fees on usage. Like how many patients they give a prescription to that kind of thing. Uh, so that’s why the people like using charm for this, because it’ll, the costs will increase based on volume or decrease based on volume.
Um, and then other than that, you use. No simple practice with therapy notes, or therapy appointment or thoroughness or something like that. Right. Like, uh, and that works just fine. Um, trying to think, uh, yeah, other questions. Okay. Well, there’ll be a movement to require group practices to have an ONC certified EHR.
That is the million dollar question, isn’t it? Uh, and that’s actually why we’re doing our thing in three weeks. I’m going to vet you if there is, it has not started yet. So therefore it probably won’t be for quite a while. Um, if you’re asking what’s interesting, is that you’re asking, will there be a movement for group practices to be required to do this?
Which makes me wonder, I would love for you to, to reply here in the questions box and tell me if I’m right. It makes me wonder, are you in Minnesota?
I was like, Ooh, are you in Minnesota? Right? Uh, the reason Vancouver, Washington, man, I’m completely off. Sorry. My fact, oh, you’re looking right in here by it. Hey, welcome to office.
Like, uh, the, um, that happened in Minnesota. Or something like that happened in Minnesota. Uh, back in 2014, like 2015 was going to be the deadline. There was a state law in Minnesota that all healthcare providers had to start basically using their health information exchange system, a system for sending records around, which is a main goal of interoperability in EHR systems.
So they can exchange records between each other. Um, and, uh, there was, you know, a lot of lobbying against that, but they did end up requiring that any practice with more than one clinician. Did have to do that. And if you’re a solo clinician, you didn’t, um, but that still isn’t requiring you to use an ONC HR, like a lot of the practices that achieved that, that achieved that rule by having some other module that just lets them securely send records.
When they’re requested through the state system, North Carolina has, um, one that’s thorough across all, all practitioners that they have to use a health information exchange. What that means is they have to do inter operation. They have to exchange records around. It doesn’t mean it has to be ONC certified.
Like that’s the kicker. Like they don’t have to be ONC certified to use that. And in fact, we know that, um, at least one of the practice management systems that I’ve mentioned, uh, yeah, immediately set up to work with that North Carolina health information exchange. No problem. And it’s not ONC certified, right?
Because the entire operation does not require you to certify. It just requires you to know how to talk to the exchanges. Right. Uh, I don’t know how much the extra tech information is helping, but I’m trying to like give some understanding of where ONC stands and all this, the main driver to use ONC certified systems is being in the healthcare sector where you get the incentives or where you have either incentives or penalties for not using OSU certified systems so far at the federal level that has never come close to touching anybody.
Who’s not a prescriber. And unless you work in a hospital or agency with prescribers, uh, because our primary concern has been around e-prescribing, uh, the information blocking rule applies to all the ONC certified modules. So if you do not use an LNC certified module, it does not have to follow the software developer side of the information blocking rule for a lot of us, that is reason enough to switch.
Right. Um, the big thing we’ve been getting feedback from people on is that care paths is an ONC certified EHR system and care paths is one of the systems that is more for us. It was designed for us, but it happens to be ONC certified. Uh, I know that was a big deal back in 2014 when people hoped that maybe they’ll get some incentives, like look at the payment incentives for switching to an OSU certified HR system that did not end up happening.
Right. So caravan being ONC certified didn’t end up helping our, our community, uh, and now care paths have to reveal notes immediately to clients. And they have a tab in the client portal where clients just go boom, and then see all their notes. Um, and so a lot of our community is going, Ooh, I don’t think, I don’t think it’s gonna be appropriate for my practice to be using this at least not yet.
Right. So I feel very, I feel for care paths. I really feel for them. That’s um, they certainly have been trying to do right by us, uh, in the way they do things. And unfortunately in this situation they’re putting, uh, not the best situation. Um, so the more direct answer to your question after all that analysis, right.
Um, is I don’t see any specific reason and like, unless you have prescribers and actually let me back up, let me ask real quick. Do you have prescribers, are there medical providers in your practice or is it all like the nonmedical mental health?
not at this point, but possibly looking to have in the future. Okay. Yeah. I can’t imagine a specific reason why you wouldn’t go ahead and switch if you’re really not liking using the ONC certified EHR based on all that analysis. My usual thing is like, if you feel that, you know, the. The exposition of notes and such is, is interrupted enough to be worth the, the cost and energy, the monetary and energy cost of switching, which is pretty big.
If that’s worth it to you to not have that exposure, then yeah, you should probably just go ahead and do it. You should make your switch, right. That, that makes sense. A lot of sense to me. Um, Right. But remember that if you ended up getting a mental health nurse practitioner, which is, yeah, that’s often, you know, bringing them psychiatric nurse practitioner, which is great.
Um, you can usually give that person prescribing ability, all the cart you don’t necessarily have to be using. You don’t have to have it in the practice management system. Um, may I recommend with what you just said? And I can’t tell you why. I know it’s weird. I can’t tell you why. Uh, but based on what you just said, may I recommend that you take a very serious look at therapy notes rather than simple practice?
Unfortunately, I can’t tell you why. Um, but it may stand on its own as more interesting to you. If you really look at how it handles a group practice as compared to how simple practice handles a group practice, just FYI. Yes.
Liath: Um, and you, because. Making a switch is a onerous process. There’s no, no way around that.
You do want to really be confident and pleased with the system that you were moving to. Um, so it’s worthwhile to take the time to use the test account, you know, the free trial periods that most practice management systems offer, um, to really take it for a test drive and make sure that the functionalities that are most important to the population that you work with, your just your own internal operations as a practice, that the system that you select does those.
Most important functionalities in a workable way, preferably a way that feels relatively intuitive compared to the way those features work in other systems.
Roy: I should probably go ahead and ask you right now. Um, are your, are the clinicians in your practice, employees of the breakfast or are they contractors who work with the practice?
I figured, you know, if we’re making recommendations, let’s, let’s ask them, but that’s a good differentiator. Employees. Yeah. Therapy notes. Perfect. Yeah. Um, the other one, you might also want to just look at his therapy appointment. Um, just because there are people in it’s very thorough. It covers a lot like covers needs really well, but so is therapy notes.
So, uh, cause this is just more expensive. Oh, is it okay? That’s good to know. Okay.
Liath: Decent chunk. Okay. And, and another option, uh, just feature-wise is Rob Reinhardt who w basically be co-presenting on the 21st on the. One session on this very topic. He is an expert in practice management systems and EHR, specifically looking at their feature and functionality components.
Like we will look at them primarily through the security lens. Rob’s lens is primarily the feature and functionality like quality lens. Rob has great reviews. And he also has an EHR matching service. So for folks who are considering making this monumental switch, it’s worthwhile to at least per ruse, the resources that Rob has compiled around this.
Um, and also it potentially even consider his, his service
Roy: on that front too. Yeah. Yeah. I mean, yeah. And let me just echo it last just said, cause I was reading rather than listening, so I want to make sure I say it too is, um, yeah. Rob has pretty thorough reviews of like quality and features with the different systems and it’s you definitely want to make sure you at least look through those before choosing and
Liath: it, Rob also does note, uh, in the reviews themselves too, which ones are better designed for group practices.
Right. So some, some of the reviews they’ll say not good, not a good fit for a group practice, right?
Roy: Yeah. Yeah. It’s very, it, it really is like, it’s definitely one of those things where if you’re choosing a system, make sure you at least look at Rod’s reviews before you make your choices. Yeah. But you’ll also find that a recommendation of therapy notes comes up pretty high.
And I want to make sure everyone who’s looking at a new here, um, where we don’t. Usually we’re usually actually very agnostic about practice management system. It’s rare that we say, oh, you should use this one. We have a particular reason in this particular case for recommending therapy notes. And we just can’t tell you what it is yet.
Right. Right. Okay. Um, and now that mysterious note, Joey and the session, thanks for watching. Use the coupon code PCTPLUS all one word to get one month free with a year long subscription to group office hours.
Be sure to check out this resource:
The “Open Notes” Rule and Your EHR Choice: Legal Compliance and Client Safety Now and in The Future
Listen to a wealth of experts in security, digital ethics and EHR platforms in order to answer the question on every practice owner’s mind:
“Should I switch our EHR system?”
2 legal ethical CE credit hours
How important is Google Data Loss Prevention to our HIPAA security?
PCT+ GOH Session 35 q2
Evan: Here’s a recent clip from group practice office hours stay till the end for a special offer. PCT only uses clips, which don’t identify the asker or when we get their permission, share the clip
Roy: too. Okay. How important is Google data loss prevention to our HIPAA security? We currently have the Google business plus plus level of service, which provides us the minimal services necessary.
Right? To add the data loss prevention feature. It would hypothetically double our Google workspace costs. Whew. As a worthy investment. All right. Leah is our product experts, but this does say.
Liath: Uh, my verdict on this has been that the having vault in place is sufficient for meeting your needs for complying with the availability standard.
And provides what we’re looking for in practical terms of being able to relatively easily manage when a team member departs the practice, but we need to retain all of the data that they created and their access and usage logs and so on. So the, uh, DLP is not necessary for HIPAA for meeting HIPAA compliance requirements.
Roy: And I usually think of when I think of DLP in general, I usually think of a system that’s external, like that, that, that backs up your data in another system. So like, I would think of the HIPAA, the Google DLP as something you use to like backup your practice management system or something, unless Google has its own self DLP situation going on, uh, which it could, I just haven’t looked into it.
So my apologies if I’m kind of just like yammering, but like, but that’s usually what a DLP is for is that it’s like a third party system whose job is to back up another system that you use whose data is so vital that you really can’t lose it. Um, and we don’t just mean that your ability principle of HIPAA, we mean like your business is, is Afton.
You’re gonna lose tons of money or people could get hurt or something. Uh, if it goes down, if you lose that data for even just a few hours and so you have a DOP system and to make sure absolutely that the data is never lost or something like that, um, or you’re just a big enough company that it makes sense to use a DLP.
In addition to your normal backups, like DLP is like extra backup is the idea. Um, which yeah, we don’t see. We’ve not seen any historical reason to think that any of these cloud services we talk about, um, have that have like, have kind of losses of like data losses that you need to be thinking about. And generally our experience with practices is that the business continuity urgency is not so high that you need a DLP.
So like, like if you suddenly can’t get to your Google data for a day, Hey, that would be strange. I’ve never, Google’s never had a failure like that as far as I know. Um, but if he did, most of us could survive like that the business would fall apart and no one would get hurt. And that’s one of the reasons why we never really evaluated that.
You know, we think of DLP is as a part of our general framework.
Liath: Right, right. I was going to say that I have not. Investigated Google’s DLP specifically because, uh, to date there hasn’t been a need for doing so because we’ve thoroughly investigated vault and how vault functions. And that, that is, it has been perfectly sufficient, uh, for all the needs of our practice clients and for meeting the applicable security bull standards.
Roy: Yeah, exactly. Right. Yeah. I don’t know Google had a deal P thing, probably because it’s so high tier. We’re just like, eh,
Liath: they, uh, probably are doing their best to try and get you up to the enterprise tier.
Roy: Yeah. They’re like, oh, HIPAA, we want you on the enterprise tier. And you’re like, no, I don’t, I don’t want me on the enterprise here.
Evan: Thanks for watching. Use the coupon code P C T plus all one word to get one month free with a year-long subscription to group office hours.
Be sure to check out this resource:
Designing a Group Practice’s Tech Setup for Success: Effectiveness, HIPAA Compliance, Client Safety, and Efficiency
Join Roy Huggins, LPC NCC and Liath Dalton as they discuss how to select a great set of technical tools and service to help your group practice thrive.
1 legal-ethical CE credit hour plus 45 minute workshop
Can/should member clinicians use forms that have the main group’s logo/branding?
Answering the Question:
I am structuring my group practice using PCT’s recommended reverse contractor model and I am wondering what you’re experience is as PCT and your thoughts on whether the member clinicians’ practices should have their own names (guessing they’ll do since they have their own LLCs), and if so how we can brand and share a website together without creating confusion.
Would it work to put their names and pictures in a “Clinicians” section and then when you click on someone you go to a section that has information about their specific practice?
Can/should member clinicians use forms that have the main group’s logo/branding? or should their own forms have their own branding? They will have their own silo-ed EHR access and their own state-specific, tailored-to-them forms, even though I’ll be providing sample forms as a starting point.
PCT+ GOH 43 q1
Roy: Here’s a recent clip from group practice office hours. Stay till the end for a special offer. PCT only uses clips,
Asker: which don’t identify the asker or when we get their permission to share the clip.
Roy: Okay. I am structuring my group practice using PCT is recommended reverse contractor model. And I’m wondering what your experience is as PCT and your thoughts on whether the members, member conditions practices should have their own names, uh, guessing they’ll do since they have their own LLCs. So yeah, I probably will.
And if so, how can we brand and share our website together without creating confusion? Right. Um, when it worked to put their names and pictures in a clinician section, and then when you click on someone to go to a section that has information about their specific practice can share member clinicians use forms that have the main groups logo slash branding, uh, or should their own forms have their own branding.
They’ll have their own silo, DHR access and their own state specific tailored to them forum. Even though I’ll be providing simple forms as a starting point, you know, I’m not, I feel like I could go all over the place on this one. To be honest. Do you have any more specific thoughts on this?
Liath: Well, uh, this asker is also on, so one give them that option to, um, dialogue with us directly.
If you don’t mind being un-muted in your voice, being on the recording. Cause I think that could lend itself to making this consideration and discussion more, more fruitful. Awesome.
Roy: Yes, we gave you the option to yourself. I’m muting. Now you have to unmute yourself. That’s the go-to webinar way.
Liath: I mean, it’s good because it doesn’t just make you unmute someone and then
Roy: right. We just suddenly make your voice audible. All right.
Asker: You there. Yes, I am here. Can you hear me? I’m in a car, so it might be really bad audio.
That’s fine. That’s totally fine.
Roy: All right.
Liath: Well, I mean, we’ve seen this done kind of both, both ways, both ways. I mean, one option is that to the client side, there is really no, um, distinction between the individual contractor, clinicians. Practice individual practices and practice entities and that of the umbrella group practice, uh, where you are.
Well providing services to them. But part of that includes the, you know, marketing intake, um, and client support for logistics and administrative processes. So then on the other end of the spectrum is the practice serving kind of as a hub. And from that hub, it linking in the way you described in the middle paragraph of having the clinician.
You know, the, each of their profiles, when you click into them containing more information, including, um, You know, their practice name, whatever branding they’re creating for their practice. So it is kind of a consideration of what do you want to build and, and have as the, the feel of the practice. And what is your sense of what clinicians.
The kind of clinicians that you’re working with and wanting to attract would find valuable, um, because there isn’t a legal reason that. They have to be, you know, marketing their individual practices and practice entities, um, on the, on the website in that way. So it w it does come down to preference in terms of what you, as a business owner want to have in place.
And what you think is plenty of be. Supportive for the clinicians that you’re working with and serving and in turn their clients?
Asker: No, no,
Roy: you’re breaking up. I’m sorry. We can’t hear you.
Did you go through a time?
Asker: She sounds
Liath: exactly like I sound apparently, um, now that I put that T-Mobile SIM card in my phone and
Asker: okay, let me pause this now.
Yes. Okay. I’m here. Um, I’m looking to attract later career professionals.
Roy: Um, I mean his last year, her later career professionals though, I mean that’s oh, it got Remuda you accidentally muted yourself or something.
Liath: I’m wondering if the rest of the sentence is later career professionals with a lot of experience and an established
Well, I think I’m back. Um, some of them, yeah, some of them may have an established brand and established caseload’s even, but they’re leaving international work where they worked with these people in person, and they’re moving back to a us to take care of family or because they’re choosing for a career change to leave the organization that they used to work with.
But my, my business is focused on serving kids, but I’m not sure that that’s the only thing my clinicians are gonna want to do. So that’s something I’m trying to sales for.
Roy: Right. I think the one, the one thing I worry about from a risk management point of view is whether or not, and only to ask your lawyer what they think of this, um, whether or not making all the clinicians appear to be under your practice umbrella, whether that would be seen as misleading to clients business wise.
Um, I certainly would imagine, like there needs to be something that indicates that they are a separate LLC. They have an LLC and they’re a separate business, but I don’t know. I don’t know that necessarily has to be a problem. Excuse me. Do you want on your website to like for everyone’s profiles to emphasize the work?
Cause when I it’s it’s addictive or, um, all right. Um, do you, do you want your website to be focused on what they do with children? Like their profile on your site? Should it be focused on how they work with you?
Asker: Yeah, I think so. And then they, you know, if it’s like Betty’s counseling the door to her counseling room from my website is the door the kids enter.
And, but she might have a different door that adults come through. But I don’t know if that’s different, if those different adults are going to use the same forms. It, I don’t know about the inconvenience for her. If there’s branding on the forms that have to have my. Good focused name on them. That might not, I’m not sure about how the ink about the inconvenience of that and how that would get structured within an EHR where the forms are automatic.
Like the intake, right? The basic permission forms are a certain set that go to every, every client when they create a profile on the platform.
Roy: Right. Yeah, that’s a really good question right there. Yeah. The marketing part is pretty easy to do because I don’t think it’s unreasonable that the, each, each clinician’s kind of profile.
I think of it like that, like a profile page in your website is focused on work with children and then they may have their own website separate that has a more narrow stuff. Right. But then, right. So the idea though, is that. You’re supplying them with the EHR, which includes supplying them with a uniform intake forms.
So that like, so the European, your, your group, your company can actually then manage it, administer all of that, including making sure people get their intake forms and submit their intake forms and things like that. Is that, is that correct to say,
Asker: well, the it’s going to be pretty siloed, so we’re, we don’t right now have a centralized.
We don’t have a centralized support staff because this is going to be all online. So the, the way that the way the jar is set up, each clinician has a batch of intake forms that when the client sets up a profile there, they’re just sort of the HR hands, them, their clinicians forums.
Roy: So if the, um, pardon me?
It’s that sneeze. So does, um, so there’s no reason why each condition can’t have variations in their intake forms, right?
Asker: Yeah. I don’t, I think it’s possible. I don’t know how easy the functionality is within the EHR to tell it. Okay, now I’m inviting an adult client. I want you to give them the adult form set, or now I’m inviting a child.
I want you to give them the child form. Well, subsets of their forms vary.
Roy: Uh, that would be, they can, cause I know I had different forms for individuals, couples, for example. Um, but there must be a way to do it. Probably. I was also just thinking maybe each clinician, their forms are all the same for other clients, but each clinicians forms look differently.
Like can each clinician’s forms have like your logo and their logo.
Asker: Yeah, I think each clinician can have their own, they can have their own way, their forms look
Roy: okay. Because I’m wondering, I want to then like, you know, cause you probably do want it to have your logo there. Um, and then like maybe if both logos are present, then it’s not so confusing, you know?
Cause certainly people see like, you know, if someone comes in from, you know, from the, that condition’s owned or not through your door, Then they see, you know, they see like, this is clearly their clinician and there’s also another logo on it. They’re, you know, they’re finishing and say to them, you know, this is, I also work with this other organization and that’s, you know, we use the same forms then I personally would not be too confused or thrown off by that.
As long as the clinic brand is clearly on there.
Asker: Right. They might even want to put on their own website, uh, some explanation of that, or even just like. See over here from my work with teenagers or whatever.
Roy: Yeah. Precisely. Yeah. Certainly if the EHR can deliver different forms based on like, I would hope it will be nice. It curse to me, not all the PA practice management systems or HRS can do that, but that would certainly be nice.
Cause I know in my case, like I don’t use one, so. Uh, I haven’t encountered this myself. Uh, certainly I’ll ha I have different intake forms depending on if someone’s individual client or couple’s client. And if I was working with minors, it would be another separate set of forms. Certainly.
Asker: Yeah, they have, you can have as many different forms as you want.
You can have unlimited forms. It’s a matter of the, uh, I don’t, I don’t think you can have multiple, multiple different branded form.
Roy: Got it. Okay. That makes sense. Okay.
Liath: Right. And then though the way that most EHR and practice management systems work is that you select a set of what forms clients should be getting as part of their intake.
Like you have your, your forms list and say, this client gets these particular forms.
Asker: Yes. Um,
Liath: so that should be, uh, PO uh, functionality that will facilitate having this kind of setup. And I like the idea of having both brand like both logos and branding on, on the forms, because I think that is really in keeping with the spirit of the service that you are providing, um, and mean transparent as well.
So it’s not, yeah. In any way, misleading to clients and it still is supporting the providers, being able to use those forms and have their own brand for the other components of their practice that are distinct from the most connected piece of the work with teenagers that kind of reliant upon there.
Relationship with, with your practice. Um, but all of the materials that you were providing for that are still useful for their own practice, which is very much in keeping with the spirit of what the contractor model really is designed to provide for
Asker: them. Right. Yeah. It’s supposed to be about, I guess I see.
Clientele is what the clinicians, and of course the clients in different ways, but for the clinicians, I want to create a platform and a community of professionals doing this international work. Cause it hasn’t songs special trickiness to it. And it’s, um, cultural kind of cultural, cultural competency niche as well.
That grill internationally mobile families. Which contained both adults and children, but the, um, the, the particular website that I’m working on right now is going to be niched towards the teenage crowd support what I’m offering them a space on that for any advertising they want to do towards that group.
And then they can do their own websites if they want to do other types of branded and, um, advertise their couples counseling stuff.
Roy: Makes sense, by the way, since I got here, if this is totally off topic, but just to make sure. Are you familiar with the international therapist directory? Have you seen that one?
Asker: Both personally and professionally. Oh,
Roy: okay. You, you know, Josh. Yeah.
Asker: From from a while ago. Yeah. That’s really good.
Roy: I just wanna make sure, like, make sure you put people in that that would be,
Asker: yeah, I know people are not in that, unfortunately that shouldn’t be yeah,
Roy: they should. Right. Okay, cool.
Asker: Nice. Yeah.
Liath: And then feel like a, a good solution and kind of way of. Serving the identified priorities and purpose.
Asker: Yeah. Yeah. I think that should do it. That’s kind of what I was leaning towards, but, uh, it sounded a little bit complex to me, so I wanted to make sure it made sense to other people.
Roy: Oh, totally. It is. It is complex, I think.
Liath: I think it can be managed in a way that doesn’t make the complexity problematic.
Liath: and I think that, uh, cause I’m, I’m also foreseeing that potentially you might have a clinician who does not want to do additional work. Right. And, and this still serve them. They would have their needs met for the work they’re doing, that’s related to the purpose of your organization.
Um, and that wouldn’t be. Like incomplete without them having these other aspects, if they don’t have that set up.
Asker: Right. And I have been approached by somebody who wants to work with international teenagers specifically, and that’s great. But then if they get advanced in their career a few years and wanted to start, it realized, oh, I would really also like to work with couples or something.
Cause I’ve got, you know, then they wouldn’t be stopped from doing it.
Liath: Right, right. I think that may come up, uh, depending on the clinicians that you’re working with is that some may not have, you know, a separate website or separate logo developed yet. Um, and so figuring out kind of. Before for folks that fit into that category, how their profiles will appear or, um, maybe a resource for logo generation so that they can have their branding.
And it doesn’t look incomplete in comparison to the other profiles might be, um, a useful
Asker: component as well. Right. Like, it might make sense of the, I was thinking that to keep it, to keep it from looking that way to have, um, at least on, at least on the teen facing website, their picture sorta is their brand for that website’s purposes.
And then when they’re, when it takes them to, when it takes you to their own page, you’re not necessarily. Added to two side by side, you know, it’s not like a row of logos and then one is missing. Um, but, but I do like the idea of them, even if they’re, even if they. Have so much of a company identity or practice identity, they could at least get a logo.
That’s their initials or something like that. Like maybe
Roy: just have a generic one. That’s just like the name of their company in a particular font or something. Yeah, yeah. Right. Yeah. Kind of like a initials, like you’re saying. Yeah. Right.
Asker: Okay. Cool.
Roy: All right. Anything else we’ll help you with on this question?
Asker: I think I’ve got it for now. And I just skipped to talk to the EHR about, uh, about how they are able to do branding different princes.
Roy: Okay. Sounds good. All right. So.
Liath: we will meet you for you. Thanks. Thanks for joining us and for the really great question as well. Yeah.
Roy: Yeah, totally. Thanks for watching.
Use the coupon code P C T plus all one word to get one month free with a year-long subscription to group office hours.
Be sure to check out this resource:
Privacy Ethics and HIPAA Fundamentals for Mental Health Professionals in the Agency or Group Practice Context
Mental health clinicians working in a group practice or agency context have a variety of security and privacy concerns to be aware of. They need to ensure that their behaviors maintain the practice’s HIPAA compliance as well as ensuring that they, themselves, act in accordance with the ethical standards of their own professions.
This introductory-level course is for counselors, clinical social workers, marriage and family therapists, and clinical and counseling psychologists working as staff in a group practice or agency context. It will cover fundamental security and privacy standards defined in HIPAA and contextualized for the group practice/agency setting. Those organizational security and privacy concepts will also be compared and contrasted with professional mental/behavioral health ethics in order to ensure that learners understand the security and privacy standards relevant to their work.
2 legal-ethical CE credit hours
What program do you recommend for HIPAA-compliant share drives for employees?
Answering the Question: Shared Drives: We use Hushmail as our encrypted email in our group practice. We are just starting with Therapy Notes as a practice management software. I would like to add some kind of shared drive for employees to access – it would need to be HIPAA compliant as it may contain PHI, ie triage forms of calls that come in and tracking those calls; tracking sessions for shared clients (one provider sees individual, the other provider sees couple) on a shared auth, etc. Are there any programs that would work best or integrate into what we already use or are there components of what we already use that can be used as a shared drive?
PCT+ GOH 39 q4
Evan: Here’s a recent clip from group practice office hours stay till the end for a special offer. PCT only uses clips, which don’t identify the asker or when we get their permission to share the clip.
Roy: Absolutely. Okay. Question four. I pre-read this question. What’s funny. As I thought the person was implying that they already know what our answer is.
No, I don’t think they do. It’s kind of funny. So I’m like, okay. Uh, cause it, luckily there’s, there’s a, there’s actually an easy answer to this, so, okay. Uh, shared drives. Oh, okay. Okay. So like, uh, you’ll, you’ll understand when we give you the answer, why I go, why I laugh at that moment? Okay. We just Hushmail is our encrypted email and our group practice.
Nice. We’re just starting with therapy notes as a practice management software, the choice, I would like to add some kind of shared drive for employees to access. We need to be HIPAA compliant, so we need to be HIPAA hunky-dory or HIPAA friendly. As we like to say, as it may contain Phi, they almost certainly.
Right. Uh, I E triage forms of calls that come in and tracking those calls. Definitely Phi definitely. Right. So tracking sessions for Sherri clients. Yeah. One provider sees individual, the other providers who’s coupled definitely Phi and I share it off, et cetera. Are there any programs that would work best or integrate into what we already use or other components of what we already use that can be used as a shared drive?
I’m laughing because the, I mean, I’m sure all of our answer is to use the Google workspace shared drive. It’s called shared drive. I was laughing. I’m like, oh, it’s the name of the feature is shared drive. Um, so I initially thought you were asking about Google chair drives. So, um, that’s why I left. Um, but I mean, the downside is you’re also talking about situations where you want to have something that is accessible to certain providers, but not the whole team.
It sounds like you’re saying, um, my understanding of shared drive is like access to everybody. Correct?
Liath: Yes, but in Google workspace, you also have your own drives, which you then can share selectively. So things, the documents that should live on the shared drive are documents that everyone within your practice, um, that has a user account.
Within your Google workspace organization should have access to that. Their access basically is authorized. Um, anything that is on a more limited authorized access basis. So maybe not all your clinical staff, but the two involved providers that should be kept on the someone’s individual drive and then shared with the other party or parties.
Roy: Yeah, exactly. Yeah. And what’s interesting is like Google, basically a Google drive with the shared drive access, which I think is a slightly higher tier of, of workspace. Is that right?
Liath: Well, it’s on the, uh, business plus tier, so
Roy: it’s on the, okay. It’s on the tier you need anyways. That’s great. Okay, cool.
Right. Yeah. So, I mean, it has everything you’re talking about. Like you can have a, you know, someone can set up a spreadsheet and share it with just the, the clinician who’s doing. Um, I was working with. Or vice versa or there’s an administrator, or maybe there’s an administrative staff member. Who’s actually doing the tracking and it’s in their account and they share it with the two clinicians.
They should be able to see it. Right. Um, there’s actually a lot of cool tricks you can do there if you really need to. Um, but you can also have a shared drive that everybody accesses. Um, and in fact, you might even not want to do it that way and be talking about like triage forms and tracking calls and stuff.
You might just want to give that access to administrator. You know, administrators and admin staff, and then that might be what you want to do. And you can arrange that, uh, using Google drive because you can share it with whoever you want to share with, uh, if you get more advanced, I assume when you set up a group, you can share with just a group.
Is that right? Evan. Okay. Yeah. Yeah.
Evan: Yeah. You can definitely do either by organizational units or go in and manually add people per sharing. Uh, there’s different. There’s a lot of different concepts. The way Google
Roy: can do it. Right. Yeah. There you go. So like, you can have a, you can set up a group, not a Google group, not like the mailing list just does a group.
You can just make groups of people who are on your staff inside Google workspace. You can have a group called like the administrators or like the intake people or something. Um, and like have certain files that are shared with that. Yeah. So that means if someone, you know, someone like you got to take on someone new who enters that group, you just add them to the group and now they have access to all these files or someone leaves that and goes to something else in your practice.
You just take them out of the group and now they don’t have access to those files. Like there’s a lot of power there that I think will be exactly what you’re looking for. Uh, if you’re not already using Google workspace, uh, you can, you can get it with a business associate agreement. You will find that this is one of many things it can do that will help with your practice efficiency.
Evan: The asker was commenting that they’re trying to avoid adding another thing. Can they just use school shared drive? And the rub is that it’s very affordable. It’s great. It comes with a ton of other tools, but if you buy a single use tool, say like doc Dropbox or some other sort of online drive, it’s very expensive and doesn’t let you have, I have that much control over sharing.
So yeah. It’s not a
Roy: better fit. Yeah. I can’t think of how to do that with the tools you described, having. Um, and, um, yeah, I mean, you could, you could ask therapy notes if there’s some way that they’re able to accommodate that. But I don’t think there is like, I, I, my understanding of therapy notes doesn’t have any such feature.
Um, the, but yeah, I mean, like, yeah, the thing is it’s like a Dropbox for business account would be just as expensive as getting Google workspace accounts forever. Um, and, and it would only be the Dropbox. You wouldn’t have all the granular permissions and you wouldn’t have email and a calendar and jam boards and Google meet, and like all the bazillion things you get from the Google workspace
Since that ask her is on, um, how many team members do you have in your practice?
Roy: Because I’m also, um, one of the askers wants to speak. I think there’s someone who probably has some good advice here.
Liath: Yeah. One of the other let’s
Roy: we’re going to unmute you.
Hey guys, this is.
Asker: Hey guys. Uh, so I’m sorry. I kinda got in halfway through the question. So forgive me if I don’t get it quite correct, but I do use therapy notes. And so they’re talking about some type of shared drive in therapy notes does have a file section for the different therapists to be able to access files there within therapy notes.
Roy: Okay, great. Awesome. Are you able to get granular access via like only these people can access this?
Asker: Oh, gosh, I don’t use it that often. So, uh, let me see here. I’m trying to see if I can pull it up real fast.
Roy: Awesome. Six total.
Asker: I’m not sure about the granular access, but I think everyone that has an account on therapy notes can, can pull from that file section.
Roy: Great. I assume it’s just like they can download the file, right?
Asker: Correct. Yeah. Yeah. We have, it’s like some, some intake forms, you know, paper versions of intake forms and stuff like that. People can print out,
Liath: but you can’t collaborate on documents in the same way that you can in Google drive, right?
Asker: No, no, there’s not really any collaboration capabilities.
It’s more just kind of like a basic shared drive.
Roy: Yeah. So, so basically therapy notes has a little Dropbox in it. Yes. Yeah. It’s actually really nice to know. That’s actually very useful. Yeah.
Asker: It’s a call that, oh, here I am looking at it. I’m sorry. It took me a minute. It’s called the library. That’s what’s called in therapy notes. And so then you can have, um, few different forms here.
Uh, access, you know, I might be wrong, actually. It does have some permission settings. Okay. Okay. Thank you. Can just give your administration access to it or clinical access. But other than that, that’s, there’s not much more permission settings available.
Roy: Got it. Okay. So based on that, so I’m going to talk through some things there are you, let me know if this makes sense of what you were saying and thank you by the way, my code for doing this.
Um, the, so it’s not, it’s not, um, like with Google drive, you’re actually, you’re, you’re actually coordinating you’re editing files. Like, if you go access the file, you’re accessing it in an editor mode and you can update it and look at it. And like multiple people can even be updating it at the same time.
Um, whereas in the library there, what it is is they can download the file, edit it and then re upload it. Yes. Okay. Right. So that’s a big difference, but you can say, uh, okay. Only the admin team has access to these files. Yes.
Asker: And even, um, and even, I think you can set permissions on if, if someone can actually edit it or if they can just download it, you know, you’re talking about like download, edited, uploaded, or do they just have permission just to download it?
Like they can’t upload it back up.
Roy: Got it. That that’s good. That makes sense. Yeah. Great. Yeah. So like, so like, if you want to do this, this kind of scheme, you need to have editing permission. So basically write permission. Uh, for the admin team so that they could download a file. Let’s say it’s like an Excel file or something like, and download it, make their edits and then upload it again.
Um, do you see if someone, like, for example, if you’re talking about tracking sessions, um, between two clinicians, is there possible to make a repository where only two particular clinicians can access that repository?
Asker: I don’t see that ability now.
Liath: Yeah. And that the asker also just clarified that they’re really looking more for sharing live documents, things that would constantly change.
Asker: Yeah. I don’t think it would, it would serve that function. Yeah.
Roy: Okay, thank you so much. We really appreciate you doing that real time. That’s very helpful to us. Yeah,
Asker: no problem.
Roy: Cool. All right. Cool. Um, yeah, so I mean, that, that’s super helpful because I think it just reinforces that like, I mean, the, the only solution that does, what you ask for is asking for is one of the, you know, online office collaboration tools, which is either Google or the Google or Microsoft 360.
Liath: Which is going to be way more expensive.
Roy: Yeah. Cause those are the ones that we’ll do. HIPAA business associate agreements and the Microsoft 365, one’s a lot more expensive and we find a lot less easy to use. And also it’ll also still be feature rich. I mean, basically you have to buy the whole suite. You can’t just get like the, the one, like the drives and be done.
Um, but also honestly, the co the pricing on the Google. The pricing on Google workspace is so low that I don’t imagine why. I don’t imagine they would really reduce the price much for you because like, you know, competitor, like, it’s actually kind of a challenge for people who want to make software tools out there that Google workspace is so inexpensive because it contains so much stuff.
Um, for less than a D then a small company, it might charge for just the one thing. And that’s kind of where we’re going to run into there is if you find a competitor that just does like document collaboration online with good permissions, and that’s the only thing you’re getting from them, it’s pretty unlikely that they’ll be able to sell it to you for less than it would cost to just go get Google workspace accounts for everybody.
That’s the thing, that’s why I’m saying it doesn’t seem likely that you’re going to find a better alternative. Uh, but you can, for example, get, um, like for example, you can either sign up for a lower tier, a Google workspace, and then just add on vault, for example, like, do you want to actually discuss that last or cause I might be in the wrong direction there,
Liath: so it’s not really going to be cheaper.
Roy: Yeah. Okay.
Liath: And would it be dollar cheaper? Cause the next tier is 12 a year per user, per month. And the Balt add on is $5, but then you don’t get the shared drive, but you need the, um, business plus tier anyway. Right. In this instance, in order to have both shared drive and the goo, uh, Google bald plus, uh, that tier includes a lot of device management functionality, which is, uh, quite useful for the vast majority of practices.
We’re actually. Qualify that further by saying it has utility in application for every practice, whether or not it’s been leveraged yet. Isn’t isn’t necessarily across the board, but most, most practices that are utilizing Google workspace do use some of the device management capability, even at a very low level, but still has big benefits.
Roy: All right. Uh, so here’s a question. Uh, if you use Google workspace to have to switch their email, or can I just use all the other features? Uh, you don’t have to know. I mean, you, everyone, all your people need to have an account. And so they’ll have an email account with it, but you don’t have to.
Liath: Right. You, you could set it up so that you have a.
Subduing and you set up the, um, Google workspace organization under the sub domain, uh, for your website and keep Hushmail handling the primary domain. However, um, you’re almost at a size where I would recommend considering. Switching your email from, and this always pains me to say, but I’m going to do it anyway.
Switching here, your email service provider from Hushmail to Google workspace, and then getting luck sized, secure connector. As an add on that integrates into the Gmail email and gives you secure email functionality,
Roy: right? Yeah, right. So one thing, uh, I’m sort of covering all the possible caveats or, or concerns with the asker.
I’m trying to anticipate some of them, what I might anticipate is Google workspace is a big suite full of stuff, and they they’re just trying to do one thing. And then maybe like, I don’t want to do a big reorganization of my practice. I just want this one thing. Right. And so the, um, is totally fine to just do it.
Like you can set up your Google workspace to be just there so that you can use Google drive basically. Um, and then you can over time, I’m sure you will discover, Hey, we need something that does this. Oh, workspace already does that. Great. We already have it. Like, I think over time, as you want to expand into it, I’m sure you will, because you’ll start to discover how there’s something you’re doing a different way that works better with your workspace account or you realize you need it.
And you go, oh wait, Google workspace where he does that, you know, you will start to find that there’s lots of things you need to do that you just already have because you have Google workspace. Right. But in the meantime, right, if you just want to use it for, you know, being able to have collaborative documents, like spreadsheets and docs and the word documents and slides and all those kinds of things, and you want to have that in a nice environment that lets you like really control who gets what access to what?
Yeah. Google drive is probably your best. In terms of the functionality you need with HIPAA business associate agreement, it’s actually going to be the best bet for the cost. And it’s gonna be the best bet for it being easy for people to use.
Liath: Exactly. And, um, you know, and if the decision is for now that all you want, if that particular functionality, um, and you don’t want to make any other system changes or transitions away from Hushmail, you absolutely could just create a subdomain.
Set up the workspace under that and use it just for drive functionality now. And that wouldn’t preclude you from later on down the road, if you wanted. Um, to at that point in time, transition from Hushmail over to Google workspace for email
Asker: as well. Yeah. So the
Liath: opting to go one way now, doesn’t, doesn’t prevent you from being able to kind of further, further build on that.
Now you don’t have to commit to one path or another.
Roy: The other thing I’ll say there is, um, I think it’s really important to note given how often we talk about workspace and advise it. We get no kickbacks and we could, like, we could do an affiliate program where like, we have a link you follow and you get a discount and then we get a kickback.
We do not. No. And like very, especially because we’re constantly are recommending workspace. We need you to know that you can trust that we’re doing it purely because we know what’s going to work best for you. Not because we’re going to get a kickback from it. Yeah. We could be kickbacks and we don’t good people when you’re good people, you can trust us
Liath: even when it’s
Yeah, sure thing. It’s like, right? Yeah. Like when you put it that way life not yet. Okay. That’s true. Okay.
Evan: Thanks for watching. Use the coupon code PC T plus all one word to get one month free with a year long subscription to group office hours.
You might also be interested in:
CE Credit Hours Events
Smooth and Secure Use of Phone, Text, Email, and Video to Meet Modern Clients Where They Are: Legal-Ethical and Real-World Considerations
Therapists then find themselves having to balance client-centered approaches to connecting with clients vs. making those connections secure, legal, and ethical.
Join Roy Huggins, LPC NCC and Liath Dalton as they discuss the legal-ethical considerations of modern communication channels and context of real world practice and client needs.