Provider Account Types and Privileges

Role-Based Access Control

The HIPAA Privacy Rule requires that covered entities provide the members of their practice with access to only the minimum necessary information needed to perform their work, given their particular role in the organization. Health care organizations are expected to develop policies and procedures and implement security measures that comply with the minimum necessary standards. One way that TherapyAppointment assists you in meeting your minimum necessary access requirements and documenting your minimum necessary access decisions is by defining the various levels of privilege for the account designations and roles within the application. Below, you will find the general levels of privilege granted to each potential account designations and role options within the application. 

Owner 

Each practice may only have one owner account. 

A practice Owner, usually the first account set up for the group, can:

  • Manage general practice settings. 
  • Manage chart templates and documents.
  • View, add, remove, and manage Therapist, Manager, and Front Office accounts for the practice.
  • Grant the Health Information Custodian role designation and manage permissions pertinent to the  Health Information Custodian role designation. 
  • Manage all payment information for the practice.
  • Create and manage all claims settings for the practice, CPT codes, and practice insurance configurations.
  • View all practice level reports.
  • Manage supervisor/supervisee designations.
  • Manage the role designations of all accounts in the group.
  • View all patients and patient records in the practice.
  • Print/Release chart notes for the practice.
  • Send messages to all clients of the practice and all members of the practice. 
  • Perform administrative actions on behalf of a Therapist in their practice.

If this practice Owner is a clinician, they will use this account to schedule their own patients, chart notes, etc. 

An individual clinician is always classified as a practice Owner. In addition, practice Owners are, by default, also therapists. 

Therapy Roles and Permissions

Adding any of these roles will make this new staff member a therapist in your practice able to manage, schedule, and chart their own clients.

Therapist 

This is an account designation designed for a user who sees clients and creates chart entries. 

⚠️  Note: This is a billable account. 

A Therapist role may or may not be attributed to a practice Owner account.

A Therapist can: 

  • View their Supervisors.
  • Manage their schedule.
    • Add client appointments
    • Add meetings
  • Manage their clients.
  • Manage their schedule and availability.
  • Manage their forms, templates, and documents.
  • Manage their client charts.
  • Manage their client portal and online scheduling settings. 
  • Manage their Supervisees. 
  • Export and import their client data. 
  • Send messages to their clients and other members of the practice.

Additional Permissions available for a Therapist account include:

  • 🎧 Telehealth: Allows this therapist to use integrated telehealth.
⚠️  Note: This is a billable add-on. 
  • 💲 Accept Client Payments: Allows this therapist to process client payments via cash, check, or credit card processing (if enabled) for their own clients but does not allow access to their client financial screens. 
  • 💵 Client Financials: Allows this therapist to do the following for their clients only: 
    • View/edit financial transactions and financial history in the client’s accounting screens, 
    • Edit, submit, correct, and resubmit claims, and
    • Process client payments via cash/check/credit card. 
  • 📊 Reporting: Allows this therapist to view reporting and financials for their own sessions. 

    • Administrative Roles

    Enabling any of these roles below provides this person practice-level access to view and manage all therapists’ schedules and all patients’ profiles.

    By default, these roles do not have access to the clinical information in client records.

    Manager 

    A manager for a practice has the same abilities as an owner, EXCEPT THEY CANNOT:

    • View the practice’s TherapyAppointment billing history,
    • Change the payment method for the practice’s TherapyAppointment account, or
    • Deactivate the practice. 

    Additional Permissions available for a Manager role include:

    • Reporting: Allows this Manager to access practice-wide reports.

    Scheduler

    A user with the Scheduler role can: 

    • Schedule appointments/meetings for the therapists in the practice,
    • Reschedule appointments/meetings for therapists in the practice, and 
    • Cancel appointments/meetings for therapists in the practice.

    Biller

    A user with the Biller role can: 

    • Manage the therapists’ schedule,
    • Submit and manage client claims,
    • Process client payments,
    • Edit accounting and claims for all clients, and  
    • Enter EOBs for the practice. 

    Auditing/Compliance Roles

    Records Custodian

    A Records Custodian role can be granted to any staff member by the owner of the practice. A Records Custodian that is granted access to a therapist’s records can view and release patient information that includes:

    • Session Notes,
    • Treatment plans, or 
    • Stored Documents designated as ‘clinical’

    When this role is assigned, the Records Custodian may be granted the privilege of viewing/releasing records for all therapists in the practice, or may be limited to view the information for only certain therapists. This role may be granted for a specified time period or indefinitely.  

    Relationships

    Supervisor Relationship

    The Supervisor relationship is intended for the use of a Clinical Supervisor who needs to oversee charts of certain clinicians, review charts, or provide supervision to therapists and/or interns that have been designated as supervisees by the Practice Owner or Manager.

    It is an enhanced Therapist account and has the potential to have access to review charts, including private notes of any clinician who is designated as a supervisee. Be very cautious if you have one of these relationship designations – you usually have to ensure that your HIPAA disclosure to your clients spells out who has access to their private chart notes. A Practice Owner or Manager assigning the supervisor/supervisee designation acknowledges that they are aware of the HIPAA requirements surrounding access to review chart notes.

    Who might need a Supervisor designation:

    • Supervisor of interns
    • A person in charge of releasing chart notes for the group practice
    • A person in charge of ensuring continuity of treatment and auditing the charting practices of the group

    Related Articles