All HIPAApropriateness Reviews >>

vCita and HIPAA Compliance

Published December 31, 2018. Product Features: , , , , , ,

Company that makes this product:

vCita and HIPAA Compliance Product Home Page

Important: HIPAApropriateness reviews, including their summaries, are for informational purposes only. They are neither consultation nor legal advice. Be aware that while we do our best to be thorough and complete, information may be missing or possibly even inaccurate. Products also change quickly, and the review may become out of date. By continuing to read, you agree to use the information in HIPAApropriateness reviews and their summaries at your own risk.

Vital Stats

HIPAA compliance with this product appears possible?: No.
Recommend for your HIPAA risk management needs?: No.

What Is This Product?

VCita is  a customer managment system that allows appointment scheduling, marketing, and payment processing.  Despite an article on their website saying they are “HIPAA Complaint” VCita neither offers nor will execute a BAA.

The company maintains that they do not handle PHI — which they define as chart notes and dx codes — so they state that they do not have to be compliant or execute a BAA. A friendly reminder that a HIPAA compliant Business Associate Agreement is a non-negotiable aspect of HIPAA compliance for any HIPAA covered entity: if a Business Associate Relationship exists, a Business Associate Agreement is required. Full stop. 

Wow! Roy and Liath would like to remind you that ePHI most certainly includes client names, contact info, appointment times, and payment information — all of which is the very framework of VCita’s platform. For a deep dive into what constitutes PHI, and how to protect PHI, please see our CE for OH course — access included in membership — “How to Identify HIPAA Protected Health Information: Finding Your Clients’ Sensitive Information Wherever It Goes.”

VCita is, indeed, a third party service provider that is handling, transmitting, and storing protected health information on your behalf — which means they are a Business Associate and a Business Associate Agreement is necessary for any HIPAA covered entity utilizing their service. If you are not a HIPAA covered entity and are evaluating VCita for appropriateness on the basis of ethical and risk management needs, we would advise against selecting a third party service provider who lacks an understanding of what constitutes protected health information as that is a strong indicator that lack of understanding will result in them not following the necessary steps for securing protected health information, or be your partner in taking responsibility for the security of such information. 

VCita maintains that their security levels, by default, make them “HIPAA Complaint” — which we find to be misleading and potentially damaging to those in the healthcare industry using their product.  The company was unwilling to further engage with us regarding this misinformation gap on their part.

Another friendly reminder, compliance is a process not a product — but when utilizing a service/product, it is essential that the provider of the service/product understands and is willing to be held accountable for performing their responsibilities under HIPAA as a Business Associate.

v2.1.11-beta

Continuing Education National Approvals

Person Centered Tech Incorporated has been approved by NBCC as an Approved Continuing Education Provider, ACEP No. 6582. Programs that do not qualify for NBCC credit are clearly identified. Person Centered Tech Incorporated is solely responsible for all aspects of the programs.

Person Centered Tech Incorporated is approved by the American Psychological Association to sponsor continuing education for psychologists. Person Centered Tech Incorporated maintains responsibility for this program and its content.

Continuing Education State Approvals

  • Person Centered Tech is an approved provider continuing education provider with the Florida Board of Clinical Social Work, Marriage and Family Therapy and Mental Health Counseling. CE Broker Provider #50-23706.
  • Ohio Counselor, Social Worker, and Marriage and Family Therapist Board accepts continuing education credits from providers approved by the Florida Board of Clinical Social Work, Marriage and Family Therapy and Mental Health.
  • Person-Centered Tech Incorporated is recognized by the New York State Education Department's State Board for Social Work as an approved provider of continuing education for licensed social workers #SW-0540 and the State Board for Mental Health Practitioners as an approved provider of continuing education for licensed marriage and family therapists #MFT-0092, licensed mental health counselors #MHC-0210 and licensed psychoanalysts #P-0050 and the State Board for Psychology as an approved provider of continuing education for licensed psychologists #PSY-0068.

Policies and Terms

Training Resources

About Us

Email: [email protected]

Customer Service Hours: M-F 9AM-3PM PST

Address:
Person Centered Tech Incorporated
PO Box 42494
Portland, OR 97242

Where's our phone number?

Scheduled Maintenance

We will be temporarily taking the website offline at 10:00 PM Pacific (1:00 AM Eastern) tonight, July 6, in order to make some improvements. We plan to be back online by midnight Pacific (3:00 AM Eastern). We apologize for any inconvenience this may cause. Dismiss