HIPAA Basics for Online Therapists
Psychotherapists and mental health counselors must maintain HIPAA Compliance. JournalOwl facilitates HIPAA Compliance on a feature-by-feature basis to ensure that everyone’s data is protected. Our platform utilizes stringent security procedures to help you achieve compliance within all four technical safeguards under HIPAA’s Security Rule. Outlined herein is how JournalOwl fulfills each security safeguard.
HIPAA Security Rule Technical Safeguard 1: Access Control
The definition of this safeguard is, “…the ability or means necessary to read, write, modify, or communicate data/information or otherwise use any system resource.” JournalOwl is a two-sided platform that serves both journalers (individuals) and coaches (therapists), also known as Owls. Journalers from around the world use JournalOwl daily to express their innermost thoughts, desires, and goals. Our platform has AI (artificial intelligence) and ML (machine learning) algorithms built-in that automatically classify journal entries by sentiment and tonality.
The sentiment and tonality of a journal entry can suggest many different cognitive distortions, a fundamental principle of Cognitive Behavioral Therapy (CBT). CBT is a psycho-social intervention that aims to improve mental health. The practice focuses on challenging and changing unhelpful cognitive distortions (e.g., thoughts, beliefs, attitudes) and behaviors, improving emotional regulation. At JournalOwl, our AI and machine learning technology can detect up to 14 different distortions in an individual’s writing to provide them with immediate and actionable suggestions of challenging or changing their perspective to improve mental health. Some examples of distortions that our AI engine can detect include the following:
- All-or-Nothing Thinking. “If I fail this exam, my life is ruined.”
- Overgeneralization. “Everyone dislikes me.”
- Filtering Out Positives. “Nothing good happened to me today.”
- Jumping to Conclusions. “She didn’t say hi, therefore she hates me.”
- Mind Reading. “He doesn’t want to talk to me.”
- Fortune-Telling. “I’ll fail my exam.”
- Magnification of the Negative. “This job loss is like death.”
- Minimization of the Positive. “That compliment was fake.”
- Catastrophizing. “What if a nuclear war erupts with China?”
- Emotional Reasoning. “I feel insecure and dumb, therefore I must be.”
- Should / Must Statements. “I should have done this, or I should have done that.”
- Labeling. “I’m a total loser.”
- Self-blaming. “This is my fault.”
- Other-blaming. “This is their fault.”
Journalers must opt into our AI and machine learning analysis by enabling the CBT Wizard. If a Journaler opts into the CBT Wizard, JournalOwl provides automatic suggestions (based on the detected distortion) to help an individual reframe their line of thinking to help overcome specific emotional challenges. To create long-term change, Journalers also have the option of connecting with Owls (trained Psychotherapists or Life Coaches). Information is communicated in the following ways:
- Expressively writing it out in their password-protected and encrypted journals
- Securely recording an eVideo journal
- Knowingly sharing information with public or private channels
- Communicating directly with Owls via secure messaging, SMS Texting, Live Chat, Phone, or Secure Video.
Each of these communication channels are secured with role-based user permissions. For example, a Journaler can choose whether to share their journal entries with an Owl, a friend, or confident. They can briefly share a journal entry electronically with a friend, or an Owl, and then later choose to retract the information, or set the sharing to expire within a pre-specified time.
Owls are never given rights to a Journalers private health information without electronic consent. In addition, we encourage every Owl to obtain the necessary authorization & release forms from any individual they are coaching on the platform.
HIPAA Security Rule Technical Safeguard 2: Audit Controls
The definition of this safeguard is, “…implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected information.” JournalOwl facilitates safeguarding rule #2 with audit trails, role-based user permissions, and messaging retention rules.
HIPAA Security Rule Technical Safeguard 3: Integrity Controls
The definition of this safeguard is, “…implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected information.” JournalOwl facilitates safeguarding rule #3 with automated file retention, data backup, and role-based user permissions.
HIPAA Security Rule Technical Safeguard 4: Transmission Security
The definition of this safeguard is to, “…implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.” JournalOwl facilitates transmission security with SSL, Multifactor Authentication, and other best-in-class procedures to protect data transmission.
HIPAA Compliance Privacy Rule
JournalOwl Vault satisfies the technological requirements set forth for confidentiality codes and practices in healthcare for the HIPAA compliance Privacy Rule. According to HIPAA, protected health information should not be used or disclosed when it is not necessary to satisfy a particular purpose or carry out a function. Protected Health Information (PHI) includes demographic data that relates to the individuals past, present, or future health or condition; in addition to the provision of healthcare provided to the individual in the past, present, or future. JournalOwl satisfies the HIPAA Compliance Privacy Rule with Vault.
JournalOwl assumes no responsibility for how you use any information, services, products, or documents provided through this platform. Nothing contained on the platform shall constitute professional advice for medical diagnosis or treatment. Nothing contained on this platform shall constitute supervision or coaching advice. None of the information available on this platform shall be construed as an endorsement, guarantee, representation of warranty with respect to any medical practitioner or medical treatment. Use this platform at your own risk. This platform is provided 'As-is'; we disclaim all warranties -- expressed, implied, or statutory, including, but not limited to, implied warranties of merchantability and fitness for a particular purpose.
You agree to defend, indemnify, and hold harmless JournalOwl LLC, its representatives, officers, directors, and employees from all liabilities, claims, costs, and expenses, including attorney's fees, that arise from your use of the platform, the platform's blog, products, programs, services, your postings, downloading or transmission of communications or material on this platform, or from the violation of applicable law.