We use cookies
Cookie-files settings
Cookies necessary for the website to function correctly are always enabled. The rest of the settings are changeable, you can see them below.
HIPAA
PSYTECHVR’s Position
PSYTECHVR supports the use of policy to address existing privacy, confidentiality, and security concerns in the protection of health information held by Health Insurance Portability andAccountability Act (HIPAA) non-covered entities. Federal privacy and security baseline standards should be developed for the protection of health information held by data holders*outside of the scope of HIPAA. Standards should take into account the data holder’s size, scope, activities, and sensitivity of the health information collected, used, and maintained as well as risk of inappropriate disclosure and misuse.
PSYTECHVR has developed a set of privacy principles below to help inform its ongoing advocacy efforts in this area. The principles envision the privacy, confidentiality, and security of health information throughout its entire life cycle.
In this context, PSYTECHVR intends “health information” to refer to “electronic health information” as defined at 45 CFR 171.102. The principles are intended to be technology agnostic and adaptable to differing technologies and platforms. The principles are also intended for data holders that are not covered by HIPAA and are not intended to supersede, alter, or affect entities currently covered by HIPAA. To ensure the confidentiality, privacy, and security of individuals’ health information, PSYTECHVR believes that policy must:
1. Guarantee individuals’ access to their health information. Policy must guarantee
that individuals have access to their health information regardless of where it stored.
2. Improve accountability. Policy must ensure that data holders develop, document,
communicate, assign, and are held accountable for their privacy policies and procedures.
3. Enhance communication and transparency. Policy must ensure data holders
communicate what information will be collected and maintained and generally how the data
may be processed and disclosed, including whether data will be sold or commercialized.
4. Limit the collection, use, and disclosure of health information. Policy must ensure
data holders limit the amount of health information collected, used, and disclosed to the
minimum necessary.
5. Ensure the accuracy and integrity of health information. Policy approaches must
encourage the completeness, accuracy, and integrity of health information.
6. Prioritize the protection of health information against various privacy and security risks,
including breaches and unauthorized disclosures.
7. Address health information retention concerns. Policy should safeguard that health
information is retained no longer than necessary by data holders.
8.Facilitate disposition and destruction of health information. Policy shouldfacilitate the proper disposition and destruction of health information.
PSYTECHVR has developed a set of privacy principles below to help inform its ongoing advocacy efforts in this area. The principles envision the privacy, confidentiality, and security of health information throughout its entire life cycle.
In this context, PSYTECHVR intends “health information” to refer to “electronic health information” as defined at 45 CFR 171.102. The principles are intended to be technology agnostic and adaptable to differing technologies and platforms. The principles are also intended for data holders that are not covered by HIPAA and are not intended to supersede, alter, or affect entities currently covered by HIPAA. To ensure the confidentiality, privacy, and security of individuals’ health information, PSYTECHVR believes that policy must:
1. Guarantee individuals’ access to their health information. Policy must guarantee
that individuals have access to their health information regardless of where it stored.
2. Improve accountability. Policy must ensure that data holders develop, document,
communicate, assign, and are held accountable for their privacy policies and procedures.
3. Enhance communication and transparency. Policy must ensure data holders
communicate what information will be collected and maintained and generally how the data
may be processed and disclosed, including whether data will be sold or commercialized.
4. Limit the collection, use, and disclosure of health information. Policy must ensure
data holders limit the amount of health information collected, used, and disclosed to the
minimum necessary.
5. Ensure the accuracy and integrity of health information. Policy approaches must
encourage the completeness, accuracy, and integrity of health information.
6. Prioritize the protection of health information against various privacy and security risks,
including breaches and unauthorized disclosures.
7. Address health information retention concerns. Policy should safeguard that health
information is retained no longer than necessary by data holders.
8.Facilitate disposition and destruction of health information. Policy shouldfacilitate the proper disposition and destruction of health information.
Key Points
PSYTECHVR offers the following policy recommendations to ensure that entities not coveredby HIPAA are held accountable for the privacy and security of health information.
Individual Access
Individuals have the right to access their health information regardless of where that information stored. Individuals have the right to access, at a minimum, their health information as defined in 45 CFR 164.501.
Accountability
• Data holders should implement both initial and ongoing workforce development training
to educate employees engaged in the data processing of health information to ensure
they are trained to perform privacy-related duties. Third parties (e.g., service providers,
partners, etc.) should also be held accountable for training associated with the
performance of privacy-related duties.
• Data holders should document employees’ and third parties’ commitment to adherence
to privacy policies and procedures.
• Date holders should be held accountable and face consequences for failure to adhere to
the policy recommendations set forth in this document.
to educate employees engaged in the data processing of health information to ensure
they are trained to perform privacy-related duties. Third parties (e.g., service providers,
partners, etc.) should also be held accountable for training associated with the
performance of privacy-related duties.
• Data holders should document employees’ and third parties’ commitment to adherence
to privacy policies and procedures.
• Date holders should be held accountable and face consequences for failure to adhere to
the policy recommendations set forth in this document.
Communication/Transparency
Data holders should clearly and conspicuously communicate what information will be
collected and maintained and generally how the data may be processed and disclosed.
• Data holders should be required to make their privacy policy available in plain language
before the individual shares any health information. The privacy policy should contain
categories of health information it collects, processes, maintains and discloses;
practices of the data holder including an articulated basis for the collection, processing,
maintenance and disclosure of such information; and how individuals may exercise
their rights under the policy and the law. The privacy policy must also be provided to
the individual via a process that is concise, clear, intelligible, and easily accessible.
• Policies, processes, and procedures should be in place for receiving, tracking, and
responding to complaints, concerns, and questions from individuals about a data
holder’s organizational privacy policies and practices.
• Individuals must have the opportunity to clearly communicate their privacy preferences.
Policies, processes, and procedures should be in place to enable an individual’s
privacy preferences and requests, including a reasonable mechanism to revoke
consent.
collected and maintained and generally how the data may be processed and disclosed.
• Data holders should be required to make their privacy policy available in plain language
before the individual shares any health information. The privacy policy should contain
categories of health information it collects, processes, maintains and discloses;
practices of the data holder including an articulated basis for the collection, processing,
maintenance and disclosure of such information; and how individuals may exercise
their rights under the policy and the law. The privacy policy must also be provided to
the individual via a process that is concise, clear, intelligible, and easily accessible.
• Policies, processes, and procedures should be in place for receiving, tracking, and
responding to complaints, concerns, and questions from individuals about a data
holder’s organizational privacy policies and practices.
• Individuals must have the opportunity to clearly communicate their privacy preferences.
Policies, processes, and procedures should be in place to enable an individual’s
privacy preferences and requests, including a reasonable mechanism to revoke
consent.
Collection, Use and Disclosure
• Collection, access, use, disclosure and maintenance of health information must be
limited to no more than what is reasonably necessary to accomplish the intended
purpose.
• Consent to collect, access, disclose and maintain health information should be sought
whereby an individual makes an informed decision to share their information and the
choice is recorded and maintained. Consent should be revocable at any time.
• Access to health information by an individual’s employer should not be permitted
unless an individual authorizes a data holder to do so or is required by law.
• Data holders should not sell an individual’s health information without the express
consent of the individual.
• Secondary uses of data must be disclosed to the individual with an option to opt-in,
except as required by law.
• Collection, access, use, disclosure, and maintenance of health information is expressly
prohibited for purposes
limited to no more than what is reasonably necessary to accomplish the intended
purpose.
• Consent to collect, access, disclose and maintain health information should be sought
whereby an individual makes an informed decision to share their information and the
choice is recorded and maintained. Consent should be revocable at any time.
• Access to health information by an individual’s employer should not be permitted
unless an individual authorizes a data holder to do so or is required by law.
• Data holders should not sell an individual’s health information without the express
consent of the individual.
• Secondary uses of data must be disclosed to the individual with an option to opt-in,
except as required by law.
• Collection, access, use, disclosure, and maintenance of health information is expressly
prohibited for purposes
Accuracy and Integrity
• An individual has the right to inspect health information related to him or her and to
have such data amended or completed.
• Individuals have the right to request that a data holder amend health information about
them so long as the health information is maintained by the data holder. A data holder
may deny an individual’s request for amendment if it determines that the health
information that is the subject of the request was not created by the data holder (unless
the individual provides a reasonable basis to believe that the originator of health
information is no longer able to amend or correct the health information or the health
information is accurate and complete).
have such data amended or completed.
• Individuals have the right to request that a data holder amend health information about
them so long as the health information is maintained by the data holder. A data holder
may deny an individual’s request for amendment if it determines that the health
information that is the subject of the request was not created by the data holder (unless
the individual provides a reasonable basis to believe that the originator of health
information is no longer able to amend or correct the health information or the health
information is accurate and complete).
Protection
• Using privacy and security industry standard best practices, health information should
be protected against risks such as loss or unauthorized access, destruction, use,
modification, or disclosure of data.
• Data holders should notify an individual following discovery of a breach of the
individual’s health information in a timely manner, in accordance with the Federal Trade
Commission (FTC)’s Health Breach Notification Rule.
be protected against risks such as loss or unauthorized access, destruction, use,
modification, or disclosure of data.
• Data holders should notify an individual following discovery of a breach of the
individual’s health information in a timely manner, in accordance with the Federal Trade
Commission (FTC)’s Health Breach Notification Rule.
Retention
Data holders should maintain health information no longer than necessary while taking
into account legal, regulatory, fiscal, and operational requirements. Data holders
should develop a health information retention schedule specifying what information
must be retained and for what length of time.
into account legal, regulatory, fiscal, and operational requirements. Data holders
should develop a health information retention schedule specifying what information
must be retained and for what length of time.
Disposition and Destruction
• Data holders should in the normal course of business regularly provide secure andappropriate disposition of health information no longer required to be maintained byapplicable laws and the organization’s policies.
• Destruction of health information should be conducted in accordance with industry
standard best practices after the appropriate retention period.
• Destruction of health information should be conducted in accordance with industry
standard best practices after the appropriate retention period.
* "Data holder" is defined as “an inclusive term referring to entities that design and maintain
proprietary databases and algorithms, sell data products, or design and build apps and
devices that capture, transmit or use health data.”
** PSYTECHVR does not collect, transmit or store personal information.
*** PSYTECHVR strongly advises its users from using PSYTECHVR software for collecting
and storing personal information (including but not limited to health information) inside of
PSYTECHVR application.
proprietary databases and algorithms, sell data products, or design and build apps and
devices that capture, transmit or use health data.”
** PSYTECHVR does not collect, transmit or store personal information.
*** PSYTECHVR strongly advises its users from using PSYTECHVR software for collecting
and storing personal information (including but not limited to health information) inside of
PSYTECHVR application.
| | Get in touch We're ready to lead you into the future of mental health Sending this information you agree to share your personal information according and limited by our confidentiality statement. |
2025
PSYTECHVR INC.
info@psytechvr.com
+1 (301) 695-2673x104
PSYTECHVR INC.
info@psytechvr.com
+1 (301) 695-2673x104
Safe and secure
Take the quiz and find out the best destination for your vacation.
Fill out the form and we will contact you soon.
Welcome to free trial!
Dear visitor,
Once you submit the below form, you will be directed to our online calendar. We would like to kindly inform you that we will only provide the credentials and instructions after the online-presentation
During the 30-minute demo call, we will guide you through our vision, product, and features
After submitting this form, we kindly ask you to schedule a suitable time for this call
We appreciate your understanding!