Provider Account Types and Privileges
Role-Based Access Control
The HIPAA Privacy Rule requires that covered entities provide the members of their practice with access to only the minimum necessary information needed to perform their work, given their particular role in the organization. Health care organizations are expected to develop policies and procedures and implement security measures that comply with the minimum necessary standards. One way that TherapyAppointment assists you in meeting your minimum necessary access requirements and documenting your minimum necessary access decisions is by defining the various levels of privilege for the account designations and roles within the application. Below, you will find the general levels of privilege granted to each potential account designations and role options within the application.
In this Article:
Each practice may only have one owner account.
A practice Owner, usually the first account set up for the group, can:
- Manage all general practice settings.
- Manage all chart templates and documents.
- View, add, remove, and manage Therapist, Manager, and Front Office accounts for the practice.
- Grant the Health Information Custodian role designation and manage permissions pertinent to the Health Information Custodian role designation.
- Manage all payment information for the practice.
- View the practice’s TherapyAppointment billing history
- Deactivate the practice
- Create and manage all claims settings for the practice, CPT codes, and practice insurance configurations.
- View all practice level reports.
- Manage supervisor/supervisee designations.
- Manage the role designations of all accounts in the group.
- View all patients and patient records in the practice.
- Print/Release chart notes for the practice.
- Send messages to all clients of the practice and all members of the practice.
- Perform administrative actions on behalf of a Therapist in their practice.
If this practice Owner is a clinician, they will use this account to schedule their own patients, chart notes, etc.
An individual clinician is always classified as a practice Owner. In addition, practice Owners are, by default, also therapists.
Therapy Roles and Permissions
Adding any of these roles will make this new staff member a therapist in your practice able to manage, schedule, and chart their own clients.
This is an account designation designed for a user who sees clients and creates chart entries.
A Therapist role may or may not be attributed to a practice Owner account.
A Therapist can:
- View their Supervisors.
- Manage their schedule.
- Add client appointments
- Add meetings
- Manage their clients.
- Manage their schedule and availability.
- Manage their forms, templates, and documents.
- Manage their client charts.
- Manage their client portal and online scheduling settings.
- Manage their Supervisees.
- Export and import their client data.
- Send messages to their clients and other members of the practice.
Additional Permissions available for a Therapist account include:
- Allows this therapist to use integrated telehealth (article here )
local_atm Accept Client Payments:
- Allows this therapist to process client payments via cash, check, or credit card processing (if enabled) for their own clients
- Does not allow access to their client financial screens
local_atm Client Financials:
Allows this therapist to do the following for their clients only:
- View/edit financial transactions and financial history in the client’s accounting screens
- Edit, submit, correct, and resubmit claims
- Process client payments via cash/check/credit card
Allows this therapist to view reporting and financials for their own sessions.
A staff administrator for a practice has the abilities to:
- View all data on the Staff page in the Practice Settings
- Create staff users
- Edit the following information for staff users:
- Personal Information
- Mailing Address
- Time Zone
- Primary Email Address (except in the case of owners or other staff administrators)
- Secondary Email
- Secondary phone numbers
- Reset/Disable multi-factor authentication (except in the case of owners or other staff administrators)
- Disable staff user accounts for the practice (except in the case of owners and other staff administrators)
- Edit roles for staff (except in the case of owners and other staff administrators)
- Force a password reset for staff users
- Change the following security settings in Practice Settings:
- MFA enforcement
- Automatic sign-out for idle users
- Inactive staff/patient lockout
- View staff user security logs, including:
- Login/Logout events
- Password reset and MFA activities
- Message all practice staff
Enabling any of these roles below provides this person practice-level access to view and manage all therapists’ schedules and all patients’ profiles.
These roles do not have access to the clinical information in client records.
A manager for a practice has the same abilities as an owner, EXCEPT THEY CANNOT:
- View the practice’s TherapyAppointment billing history
- Change the payment method for the practice’s TherapyAppointment account
Deactivate the practice
⚠️ These can only be done by the owner of the practice
Additional Permissions available for a Manager role include:
- Reporting: Allows this Manager to access practice-wide reports.
A user with the Scheduler role can:
- Schedule appointments/meetings for the therapists in the practice
- Reschedule appointments/meetings for therapists in the practice
- Cancel appointments/meetings for therapists in the practice
A user with the Biller role can:
- Manage the therapists’ schedule
- Submit and manage client claims
- Process client payments
- Edit accounting and claims for all clients
- Enter EOBs for the practice
A Records Custodian role can be granted to any provider or staff member by the owner of the practice. A Records Custodian that is granted access to a therapist’s records can view and release patient information that includes:
- Session Notes
- Treatment plans
- Stored Documents designated as clinical
When this role is assigned, the Records Custodian may be granted the privilege of viewing/releasing records for all therapists in the practice, or may be limited to view the information for only certain therapists. This role may be granted for a specified time period or indefinitely.
The Supervisor relationship is intended for the use of a Clinical Supervisor who needs to oversee charts of certain clinicians, review charts, or provide supervision to therapists and/or interns that have been designated as supervisees by the Practice Owner or Manager.
It is an enhanced Therapist account and has the potential to have access to review charts, including private notes of any clinician who is designated as a supervisee. Be very cautious if you have one of these relationship designations – you usually have to ensure that your HIPAA disclosure to your clients spells out who has access to their private chart notes. A Practice Owner or Manager assigning the supervisor/supervisee designation acknowledges that they are aware of the HIPAA requirements surrounding access to review chart notes.
Who might need a Supervisor designation:
- Supervisor of interns
- A person in charge of releasing chart notes for the group practice
- A person in charge of ensuring continuity of treatment and auditing the charting practices of the group