Here are the beginning steps following sign-up:

1). Activate your account

After signing up online you will receive an email from Therapractic.com with the subject of “Activate Your Therapractic Subscription”. Please click the link in the email to activate your account and set up your password.

If you have trouble with your browser, then:

• Check that cookies are enabled
• Check that JavaScript is enabled
• Try refreshing the page

We recommend using the Chrome Browser from Google for the best possible experience. We also recommend using a wired Intranet connection where possible instead of wi-fi.

2). Setting up the Basic Account & Organizational Information

The Organizational Management section helps to define roles and determine access to certain parts of the program.

After setting the password, one will automatically land at the “Dashboard” or https://auth.therapractic.com/ Proceed to the Account Profile by entering “Manage Profile” and complete the basic identifying information. Upon completion, go to the Organization Profile by entering “Organizational Management.” It is probably wise to set yourself up as the program administrator (Hint, only the program administrator has access to the Organization Profile page and so if that page is closed without someone being designating as the program administrator then no-one will be able to return there; therefore the system will prevent you from removing a user from the administrator role if that user is the only administrator).

It will be necessary to specifically identify what “Roles” (i.e. access levels) each Organization Member will have, such as: Training, TheraPolicy; Therapy Manager; Messaging System; Time Stamped Activity Log, and EHR. No identified role automatically gives access to these areas except the Administrator.

At our clinic, only the administrator and I have access to the Organization Administrator and Time stamped Activity Log because both provide access to the “Time Stamped Activity Log.” Sensitive issues such as workforce concerns, sanctions, etc., are recorded in the log for time documentation purposes. Once information is saved in the log, it cannot be erased or altered (although it can be clarified and revised in further documentation).

HIPAA mandates the designation of a Privacy and Security Officer (which can be the same person). These designations are assigned at the “Role” section.

If a member is given access to the TheraPolicy, then they also have the ability to modify it. If you want someone to read the P&P without an ability to edit it, then do not give access to the TheraPolicy and instead provide them with a printed copy. Hint: We give P&P access to everyone in our organization and have had no problems with it being altered.

It is necessary to identify Non-Organization Associates (individuals outside your organization with a need to have certain services or access levels). For instance, our billing company has clearance to the messaging system because we need to exchange encrypted patient information with them. We also know that HIPAA requires they have ongoing training in their role as Business Associates, so we give them access to our training (making it easier and thus more likely to get done). When training is completed, it will be automatically entered on the time-stamped activity log, even for Non-Organization Associates.

“Create and Manage Notes” provides access to the HIPAA/Medicare/Medicaid/PQRS Sensitive Practice Management and Electronic Health Notes section, which you may not have at this time. Contact us if you would like to know more about this option.

3). Setting Passwords for workforce and other individuals.

Once the Organizational Profile has been established, individuals listed in the organizational profile will need a password, which will give them access to the system levels you have assigned. You can add members to your Organization by visiting the “Organizational Management” area. For each member you need to provide at least a First and Last Name and their email address. Once you add a user to your organization they will receive an email with the subject line of “Activate Your Therapractic Subscription”. The email will contain a link to activate the new account and allow them to set a password.

4). The first training module for users

Since users are in the system to create a password, this may be an auspicious time for them to complete the first training module, which should take about 5 minutes. While the first training module is completed using the following protocol, subsequent trainings will occur automatically via their designated e-mail. We start training inside the Compliance Manger, in part, to familiarize workforce with where the training originates and to show where previous trainings are saved (as they will have access to their previous training modules). Further, new workforce members can “catch up” with the previous trainings by using the method below.

To access the first training module:

• A. Go to dashboard https://auth.therapractic.com/
• B. Training (bottom right)
• C. Training Modules
• D. Module
• E. Click on “Business Associates Agreement: training presentation.ppst Slide show presentation to train workforce.” The workforce slide-show training is always limited to the first option. The subsequent files are optional to give depth and clarity to the subject, but not part of the “bare bones” training.
• F. The file will appear (perhaps in the bottom left corner of the screen), which should be opened.
• G. Scroll through. Once the training has been completed, it will be recorded in both the Training Module and the Time-Stamped Activity Log. There should be an inscription to right the side of “Module 1” with – You have completed this training.

5). Determine what type of GAP Analysis you will perform

HIPAA requires a formal risk assessment of your practice to determine “Gaps” in compliance. It does not specify how that is done, but the chosen process must be fully explained in writing. It is suggested to read sections # 11 and # 17 of the FAQ’s before building your personalized P&P (Dashboard – Other – FAQ). This system is set up primarily to accommodate the small practitioner and so the initial risk assessment, known as GAP analysis, is done by completing the manual itself and making note of the gaps in your practice as you go. You will have the opportunity to view Template and Sample Risk Analysis forms for each Safeguard Standard by right clicking the “down arrow.” There are specific questions related to security and privacy in those sections. When gaps in your practice are revealed, it is possible to fill out a risk assessment form and develop a plan to remediate it. This method is less time intensive than completing the formal Gap Analysis Form at Compliance – Risk Analysis & Management – Gap Analysis.docx. Although most of the gaps can be closed by crafting a policy, it is advisable to complete a formal Risk Assessment Form only in the areas where it appears necessary. It is advised to withhold making any risk assessments until the manual has been completely endorsed once. It may be sufficient to simply complete the manual, without any additional risk assessments. Most of us have some OCD tendencies when it comes to compliance so don’t let this process get out of hand. This tool is supposed to promote HIPAA compliance without driving one crazy! As a general rule, give more attention to Required Safeguards than Addressable ones. Remember, you are miles ahead of most of your colleagues by engaging in this process.

Hint: In our practice, we conducted risk assessment by completing the manual first. Because we also provide Practice Management and Electronic Health Records to therapists like you, and therefore needed more scrutiny, we elected to spend extra time and energy to complete the formal GAP Analysis Form (Located at Dashboard – Compliance Manager – scroll down to Risk Analysis & Management – 2nd option -Gap Analysis). One can save the personalized GAP Analysis Form in “My Files” (Dashboard – Compliance Manager – My Files). Section II.C., of the P&P. entitled “Risk Assessment Methodology” provides more information regarding these two options. You will be able to signify which Gap Analysis method has been chosen for your practice in that area.

6). Navigating to the P&P

A. When this is completed, there is a tab at the bottom of Organizational Management stating “If you have not already done so, click here to start personalizing your TheraPolicy now!”
B. It is also possible to begin initializing the P&P by returning to the dashboard at https://auth.therapractic.com and going to TheraPolicy Manager.

There are detailed instructions for both the TheraPolicy (P&P), and the Therapy Manager at: http://therapractic.com/therapolicy/how-to/ and http://therapractic.com/compliance/how-to/

Hope these instructions give you the basics to get started. You can reach us at (806) 687-3866, 806-771-8808 or support@therapractic.com