Knowledge
Glossary
Brief, factual definitions covering AI in psychotherapy, the GDPR and the German healthcare system. Sorted alphabetically.
- § 203 of the German Criminal Code (Professional Secrecy)
- The criminal duty of confidentiality for healthcare professions in Germany. Breaches are criminal offences. Processors (e.g. cloud providers) must be engaged in a legally secure manner under § 203 (4) of the German Criminal Code. Local data processing, as with VIVAM GUIDE, avoids this constellation entirely.
- Consent (Art. 7 GDPR)
- A voluntary, informed, explicit and prior agreement by the data subject to the processing of their data. It must be revocable at any time with effect for the future. For patients in psychotherapy, consent to audio recording should be obtained in writing and separately.
- Documentation Obligation in Psychotherapy
- Under § 630f of the German Civil Code, licensed psychotherapists are obliged to document all measures that are essential from a professional perspective, together with their results, in a patient record in direct temporal connection with the treatment. Retention period: at least 10 years after the conclusion of treatment (§ 630f (3) of the German Civil Code).
- GDPR
- General Data Protection Regulation (Regulation (EU) 2016/679). Governs the processing of personal data across the EU. Health data enjoys special protection under Art. 9 GDPR; processing is only permitted under strict conditions (e.g. explicit consent, medical treatment).
- GoBD
- German principles for the proper management and retention of books, records and documents in electronic form. Relevant for practice invoices: records must be traceable, complete, accurate, timely, orderly and tamper-proof.
- Licence to Practise (Psychotherapy)
- The state authorisation to independently practise the profession of psychotherapist in Germany. It is granted after successful university education (a Master’s in psychotherapy or older pathways) and, where applicable, further training in accordance with the PsychThG. It is a prerequisite, among other things, for billing statutory health insurers.
- Local AI (On-Premise AI)
- AI methods whose inference takes place entirely on hardware located at the user’s premises, without transmitting data to external cloud services. Advantage: patient data never leaves the practice; the statutory duty of confidentiality (§ 203 of the German Criminal Code) and the GDPR are easier to comply with.
- LoRA (Low-Rank Adaptation)
- A method for resource-efficient adaptation of large language models. Instead of retraining the entire model, low-rank matrices are added that selectively modify individual model layers. In VIVAM GUIDE, LoRA enables continuous personalisation of the language model per practice with minimal data transfer.
- MDR (Medical Device Regulation)
- EU Regulation 2017/745 on medical devices. Software intended for medical purposes (diagnosis, therapy, monitoring) may fall under the MDR and is then subject to CE marking. The classification (e.g. Class IIa) determines the conformity assessment procedure.
- Medical Treatment (§ 4 No. 14 of the German VAT Act)
- VAT exemption for medical treatment in the field of human medicine provided by licensed professional groups. Consequence: psychotherapists are generally not entitled to deduct input VAT. The gross price of SaaS tools therefore corresponds to the actual cost.
- Processing on Behalf (Art. 28 GDPR)
- Processing of data on behalf of and on the instructions of the controller by a third party (e.g. a SaaS provider). It requires a written data processing agreement (DPA) containing the mandatory elements set out in Art. 28 (3) GDPR. Where data is processed in third countries (e.g. the USA), standard contractual clauses under Art. 46 GDPR are additionally required.
- Pseudonymisation vs. Anonymisation
- Pseudonymised data can be re-attributed to a person using additional knowledge and therefore remains subject to the GDPR. Anonymised data can no longer be attributed to anyone permanently and falls outside the scope of the GDPR. The LoRA model parameters that VIVAM receives from practices are anonymised.
- TDDDG
- German Telecommunications Digital Services Data Protection Act (in force since 14 May 2024, successor to the TTDSG). It governs in particular the setting of cookies and similar storage and read-out technologies on end-user devices. Section 25 TDDDG requires explicit consent for non-essential cookies.
- VIVAM GUIDE
- Locally operated AI software for the automatic creation of structured therapy records in psychotherapy practices. It processes audio offline on an Apple Mac Mini, without any cloud transmission. Provider: VIVAM GmbH, Aachen.
- VIVAM LLM
- A language model (large language model) trained specifically for psychotherapeutic documentation. It runs exclusively on-site in the practice and is adapted to each individual practice using low-rank adaptation (LoRA).
Missing a term or would you like a clarification? Write to us — we keep expanding the glossary. For more on how VIVAM GUIDE puts these foundations into practice, see the product page and the pricing page.