Account Types and Privileges
Role-Based Access Control
The HIPAA Privacy Rule requires that Covered ntities provide the members of their practice with access to only the minimum necessary information needed to perform their work, given their particular role in the organization. Health care organizations are expected to develop policies and procedures and implement security measures that comply with the minimum necessary standards. One way that TherapyAppointment assists you in meeting your minimum necessary access requirements and documenting your minimum necessary access decisions is by defining the various levels of privilege for the account designations and roles within the application. Below, you will find the general levels of privilege granted to each potential account designations and role options within the application.
In this Article:
- Owner
- Therapy Roles and Permissions (Telehealth, Client Payments, Financials, Reporting)
- Administrative Roles (Manager, Scheduler, Biller)
- Auditing/Compliance Roles (Records Custodian)
- Relationships (Supervisor)
Owner
Each practice may only have one owner account.
A practice Owner, usually the first account set up for the group, can:
- Manage all practice settings.
- Deactivate the practice.
- Manage all staff for the practice.
- Manage all role designations of all staff.
- Manage all role-specific settings.
- Manage permissions related to the Records Custodian role designation.
- Manage supervisor/supervisee designations.
- Manage all billing and insurance settings for the practice.
- View the practice’s TherapyAppointment billing history.
- Manage all claims settings, CPT codes, and practice insurance configurations.
- Manage payment processing settings and integrations.
- Manage all chart templates and documents.
- Manage all security settings for the practice.
- View all clients and client records in the practice.
- Delete client records that are no longer required for retention.
- Print/Release chart notes for the practice.
- Add an addendum to any chart in the practice.
- Redact/unredact any chart in the practice.
- View all practice level reports.
- Send messages to all clients of the practice and all members of the practice.
- Perform administrative actions on behalf of a Therapist in their practice.
If the practice Owner is also a clinician, they will use this account to schedule their own patients, chart notes, etc.
An individual clinician is always classified as a practice Owner. In addition, practice Owners are, by default, also therapists.
Clinical Roles and Permissions
Therapist
Adding any of these roles will make this new staff member a therapist in your practice able to manage, schedule, and chart their own clients.
This is an account designation designed for a user who sees clients and creates chart entries. This is a billable account. A Therapist role may or may not be attributed to a practice Owner account.
A Therapist role may or may not be attributed to a practice Owner account.
A Therapist can:
- View their Supervisors.
- Manage their schedule.
- Add client appointments
- Add meetings
- Manage their clients.
- Manage their schedule and availability.
- Manage their forms, templates, and documents.
- Manage their client charts.
- Manage their client portal and online scheduling settings.
- Manage their Supervisees.
- Export and import their client data.
- Send messages to their clients and other members of the practice.
Additional Permissions available for a Therapist account include:
videocam Telehealth:
- Allows this therapist to use integrated telehealth (article here)
pill E-Prescribe Clinician (DoseSpot):
- Allows this therapist to use integrated ePrescribe services powered by DoseSpot (article here)
local_atm Accept Client Payments:
- Allows this therapist to process client payments via cash, check, or credit card processing (if enabled) for their own clients
- Does not allow access to their client financial screens
local_atm Client Financials:
Allows this therapist to do the following for their clients only:
- View/edit financial transactions and financial history in the client’s accounting screens
- Edit, submit, correct, and resubmit claims
- Process client payments via cash/check/credit card
query_stats Reporting:
Allows this therapist to view reporting and financials for their own sessions.
Prescribing Agent (DoseSpot)
A prescribing agent can create, send, change, and refill non-controlled prescriptions on behalf of all ePrescribe Clinicians at the practice.
Administrative Roles
Staff Administrator
A staff administrator for a practice has the abilities to:
- View all data on the Staff page in the Practice Settings
- Create staff users
- Edit the following information for staff users:
- Personal Information
- Mailing Address
- Time Zone
- Primary Email Address (except in the case of owners or other staff administrators)
- Secondary Email
- Secondary phone numbers
- Reset/Disable multi-factor authentication (except in the case of owners, managers, or other staff administrators)
- Disable staff user accounts for the practice (except in the case of owners, managers, or other staff administrators)
- View all roles assigned to Staff in the practice
- Edit roles for staff (except in the case of owners, managers, or other staff administrators)
- Force a password reset for staff users
- Change the following security settings in Settings:
- MFA enforcement
- Automatic sign-out for idle users
- Inactive staff/patient lockout
- View staff user security logs, including:
- Login/Logout events
- Password reset and MFA activities
- Message all practice staff
Manager
A manager for a practice has the same abilities as an owner:
- View the practice’s TherapyAppointment billing history
- Change the payment method for the practice’s TherapyAppointment account
- Deactivate the practice
- To view / print chart notes, with privacy in mind if a user is a manager and an external agent, they will also need the records custodian role
Additional Permissions available for a Manager role include:
- Reporting: Allows this Manager to access practice-wide reports.
Scheduler
A user with the Scheduler role can:
- Schedule appointments/meetings for the therapists in the practice
- Reschedule appointments/meetings for therapists in the practice
- Cancel appointments/meetings for therapists in the practice
Biller
A user with the Biller role can:
- Manage the therapists’ schedule
- Submit and manage client claims
- Process client payments
- Edit accounting and claims for all clients
- Enter EOBs for the practice
Auditing/Compliance Roles
Records Custodian
A Records Custodian role can be granted to any provider or staff member by the owner of the practice. A Records Custodian that is granted access to a therapist’s records can view and release patient information that includes:
- Session Notes
- Treatment plans
- Stored Documents designated as clinical
When this role is assigned, the Records Custodian may be granted the privilege of viewing/releasing records for all therapists in the practice, or may be limited to view the information for only certain therapists. This role may be granted for a specified time period or indefinitely.
Additional permissions available for the Records Custodian that may be enabled by the Practice Owner:
- Chart redaction for any chart for which they have read access granted.
- Ability to add addenda for any chart for which they have read access granted.
Relationships
Supervisor Relationship
The Supervisor relationship is intended for the use of a Clinical Supervisor who needs to oversee charts of certain clinicians, review/approve charts, review/approve addenda, or provide supervision to therapists and/or interns that have been designated as supervisees by the Practice Owner or Manager. It is an enhanced Therapist account and has the potential to have access to review charts, including private notes of any clinician who is designated as a supervisee. Be very cautious if you have one of these relationship designations – you usually have to ensure that your HIPAA disclosure to your clients spells out who has access to their private chart notes. A Practice Owner or Manager assigning the supervisor/supervisee designation acknowledges that they are aware of the HIPAA requirements surrounding access to review chart notes.
Who might need a Supervisor designation:
- Supervisor of interns
- A person in charge of releasing chart notes for the group practice
- A person in charge of ensuring continuity of treatment and auditing the charting practices of the group