HIPAA Basics for Online Therapists
Psychotherapists and mental health counselors must maintain HIPAA Compliance. JournalOwl facilitates HIPAA Compliance on a feature-by-feature basis to ensure that everyone’s data is protected. Our platform utilizes stringent security procedures to help you achieve compliance within all four technical safeguards under HIPAA’s Security Rule. Outlined herein is how JournalOwl fulfills each security safeguard.
HIPAA Security Rule Technical Safeguard 1: Access Control
The definition of this safeguard is, “…the ability or means necessary to read, write, modify, or communicate data/information or otherwise use any system resource.” JournalOwl is a two-sided platform that serves both journalers (individuals) and coaches (therapists), also known as Owls. Journalers from around the world use JournalOwl daily to express their innermost thoughts, desires, and goals. Our platform has AI (artificial intelligence) and ML (machine learning) algorithms built-in that automatically classify journal entries by sentiment and tonality.
The sentiment and tonality of a journal entry can suggest many different cognitive distortions, a fundamental principle of Cognitive Behavioral Therapy (CBT). CBT is a psycho-social intervention that aims to improve mental health. The practice focuses on challenging and changing unhelpful cognitive distortions (e.g., thoughts, beliefs, attitudes) and behaviors, improving emotional regulation. At JournalOwl, our AI and machine learning technology can detect up to 14 different distortions in an individual’s writing to provide them with immediate and actionable suggestions of challenging or changing their perspective to improve mental health. Some examples of distortions that our AI engine can detect include the following:
- All-or-Nothing Thinking. “If I fail this exam, my life is ruined.”
- Overgeneralization. “Everyone dislikes me.”
- Filtering Out Positives. “Nothing good happened to me today.”
- Jumping to Conclusions. “She didn’t say hi, therefore she hates me.”
- Mind Reading. “He doesn’t want to talk to me.”
- Fortune-Telling. “I’ll fail my exam.”
- Magnification of the Negative. “This job loss is like death.”
- Minimization of the Positive. “That compliment was fake.”
- Catastrophizing. “What if a nuclear war erupts with China?”
- Emotional Reasoning. “I feel insecure and dumb, therefore I must be.”
- Should / Must Statements. “I should have done this, or I should have done that.”
- Labeling. “I’m a total loser.”
- Self-blaming. “This is my fault.”
- Other-blaming. “This is their fault.”
Journalers must opt into our AI and machine learning analysis by enabling the CBT Wizard. If a Journaler opts into the CBT Wizard, JournalOwl provides automatic suggestions (based on the detected distortion) to help an individual reframe their line of thinking to help overcome specific emotional challenges. To create long-term change, Journalers also have the option of connecting with Owls (trained Psychotherapists or Life Coaches). Information is communicated in the following ways:
- Expressively writing it out in their password-protected and encrypted journals
- Securely recording an eVideo journal
- Knowingly sharing information with public or private channels
- Communicating directly with Owls via secure messaging, SMS Texting, Live Chat, Phone, or Secure Video.
Each of these communication channels are secured with role-based user permissions. For example, a Journaler can choose whether to share their journal entries with an Owl, a friend, or confident. They can briefly share a journal entry electronically with a friend, or an Owl, and then later choose to retract the information, or set the sharing to expire within a pre-specified time.
Owls are never given rights to a Journalers private health information without electronic consent. In addition, we encourage every Owl to obtain the necessary authorization & release forms from any individual they are coaching on the platform.
HIPAA Security Rule Technical Safeguard 2: Audit Controls
The definition of this safeguard is, “…implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected information.” JournalOwl facilitates safeguarding rule #2 with audit trails, role-based user permissions, and messaging retention rules.
HIPAA Security Rule Technical Safeguard 3: Integrity Controls
The definition of this safeguard is, “…implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected information.” JournalOwl facilitates safeguarding rule #3 with automated file retention, data backup, and role-based user permissions.
HIPAA Security Rule Technical Safeguard 4: Transmission Security
The definition of this safeguard is to, “…implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.” JournalOwl facilitates transmission security with SSL, Multifactor Authentication, and other best-in-class procedures to protect data transmission.
HIPAA Compliance Privacy Rule
JournalOwl Vault satisfies the technological requirements set forth for confidentiality codes and practices in healthcare for the HIPAA compliance Privacy Rule. According to HIPAA, protected health information should not be used or disclosed when it is not necessary to satisfy a particular purpose or carry out a function. Protected Health Information (PHI) includes demographic data that relates to the individuals past, present, or future health or condition; in addition to the provision of healthcare provided to the individual in the past, present, or future. JournalOwl satisfies the HIPAA Compliance Privacy Rule with Vault.
JournalOwl is not intended to be a substitute for professional advice, diagnosis, medical treatment, medication, or therapy. Always seek the advice of your physician or qualified mental health provider with any questions you may have regarding any mental health symptoms or conditions. JournalOwl is not authorized to make recommendations about medication or serve as a substitute for professional advice. You should never disregard professional psychological or medical advice, or delay in seeking treatment, based on anything you read on JournalOwl’s website or platform.