Group Practice Tech

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we discuss the recent Change Healthcare cyber attack and its impact for group practices.

We cover what we know and what we don’t know yet; resources to help you take practical steps; how many people are impacted by this breach; the ongoing investigations; ransomware attacks; who is liable for this incident; maintaining operational continuity; and the importance of being proactive in your security practices.

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

Resources

• Change Healthcare Status Update Page

• HHS Statement Regarding Cyberattack on Change Healthcare

• TherapyNotes Change Healthcare Incident FAQ

• HealthIT Security article: Understanding the Impact of the Change Healthcare Cyberattack on Providers

PCT Resources

• Group Practice Care Premium

• weekly (live & recorded) direct support & consultation service, Group Practice Office Hours

• + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost)

• + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more

• HIPAA Risk Analysis & Risk Mitigation Planning service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks.

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we summarize what group practice owners should know about the Office of Civil Rights Annual Reports to Congress and explain how understanding them can inform risk management.

We discuss the compliance report from the Office of Civil Rights (OCR); how complaints filed were resolved; compliance reviews vs. audits; reframing the (very common) fear of HIPAA complaints; the unsecured PHI report from the OCR; risk management for avoiding large breaches; the importance of reporting breaches; and the primary sources of breaches and ways to minimize them.

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

References

• Annual Report to Congress on Breaches of Unsecured Protected Health Information

• Annual Report to Congress on HIPAA Privacy, Security, and Breach Notification Rule Compliance

PCT Resources

• Group Practice Care Premium

• weekly (live & recorded) direct support & consultation service, Group Practice Office Hours

• + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost)

• + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more

• HIPAA Risk Analysis & Risk Mitigation Planning service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks.

• PCT's Group Practice PCT Way HIPAA Compliance Manual & Materials -- comprehensive customizable HIPAA Security Policies & Procedure and materials templates specifically for mental health group practices. with a detailed step-by-step project plan and guided instructions for adopting & implementing efficiently **includes policy prohibition on use of BCC and CC; workforce forwarding emails from their practice email account to personal email account; data entry checking/not using autofill suggestions for recipients -- the P&P components that address the email gone awry situations we discussed in the podcast episode

• Policies & Procedures include:

• Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application.

• Computing Devices and Electronic Media Technical Security Policy

• Bring Your Own Device (BYOD) Policy

• Communications Security Policy

• Information Systems Secure Use Policy

• Risk Management Policy

• Contingency Planning Policy

• Device and Document Transport and Storage Policy

• Device and Document Disposal Policy

• Security Training and Awareness Policy

• Passwords and Other Digital Authentication Policy

• Software and Hardware Selection Policy

• Security Incident Response and Breach Notification Policy

• Security Onboarding and Exit Policy

• Sanction Policy Policy

• Release of Information Security Policy

• Remote Access Policy

• Data Backup Policy

• Facility/Office Access and Physical Security Policy

• Facility Network Security Policy

• Computing Device Acceptable Use Policy

• Business Associate Policy

• Access Log Review Policy

• Forms & Logs include:

• Workforce Security Policies Agreement

• Security Incident Report

• PHI Access Determination

• Password Policy Compliance

• BYOD Registration & Termination

• Data Backup & Confirmation

• Access Log Review

• Key & Access Code Issue and Loss

• Third-Party Service Vendors

• Building Security Plan

• Security Schedule

• Equipment Security Check

• Computing System Access Granting & Revocation

• Training Completion

• Mini Risk Analysis

• Security Incident Response

• Security Reminder

• Practice Equipment Catalog

• + Workforce Security Manual & Leadership Security Manual -- the role-based practical application oriented distillation of the formal Policies & Procedures

• + 2 complimentary seats of the Security Officer Endorsement Training Program (1 for Security Officer; 1 for Deputy (or future Deputy) Security Officer.
  

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we’re exploring what group practice owners should know about cross-jurisdictional practice in the age of teletherapy.

We discuss the shifting landscape of cross-jurisdictional practice; different licensure compacts to be aware of; applying for privileges to practice under licensure compacts; telehealth training requirements; service and payment parity; payment parity advocacy; states that restrict teletherapy based on provider location; temporary practice provisions; and our upcoming CE training event on March 1 that will dive deeper into this topic. 

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

Resources & References

Psychology Interjurisdictional Compact (PSYPACT) Map

Apply for Authority to Practice Interjurisdictional Telepsychology (APIT)

Counseling Compact Map

Counseling Compact FAQs

Social Work Licensure Compact Map

Center for Connected Health Policy -- Parity

California Temporary Practice Permission

PCT Resources

• CE course: Legal-Ethical Cross-Jurisdictional Practice in the Age of Teletherapy & Licensure Compacts, 2024 Edition (2 legal-ethical CE hours)

• PCT's Group Practice Telemental Health Program

• PCT's Telemental Health Certificate Program (for individual clinicians)

• PCT's Teletherapy Practice Rules by State Tool

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we’re covering the fundamentals of texting in group practice. 

We discuss HIPAA compliance as a process, not a product; secure and non-secure text messaging; client requested alternative communications; how to use SMS texting in a compliance compatible way; what to have in place with your phone service provider; what to do about personal phone services; phone service providers we recommend (and don’t recommend) for teams; and how to document text messages.

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

PCT Resources

• PCT's Free Sample Forms:

• Request for Non-Secure Communications

• Communication Policy (Client Facing)

• Email & Texting Risk Questionnaire

• PCT's free Group Practice Service Selection Workbook & Worksheets Step 1 of the PCT Way  -- support for selecting HIPAA-secure, effective, and economical services to meet your practice's functionality and operational needs, including phone and texting (SMS and secure texting)

• CE course: Smooth and Secure Use of Phone, Text, Email, and Video to Meet Modern Clients Where They Are: Legal-Ethical and Real-World Considerations (3 legal-ethical CE credit hours)

• Group Practice Care Premium

• weekly (live & recorded) direct support & consultation service, Group Practice Office Hours

• + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost)

• +  assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more

• HIPAA Risk Analysis & Risk Mitigation Planning service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks.

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we explain how and why to get Safe Harbor in place on your group practice devices. 

We discuss what Safe Harbor means; the HIPAA Breach Notification Rule; the security measures that are the cornerstones of Safe Harbor; different ways PHI can end up on devices, even when using cloud based services; and the PCT resources available to help secure your practice devices.

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

PCT Resources

• Group Practice Care Premium

• weekly (live & recorded) direct support & consultation service, Group Practice Office Hours

• + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost)

• +  assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more

• PCT article: Easy Safe Harbor from HIPAA Breach Notification: Now on Your Computer and Smartphone

• HIPAA Risk Analysis & Risk Mitigation Planning service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks.

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we’re covering what you need to know about HIPAA and your smartwatch.

We discuss common questions we get from group practice leaders about smartwatches; the limitations of smartwatch security; whether smartwatches should be included as BYOD registered devices; potential issues with smartwatch notifications; and security measures to put in place for Apple Watches and Android smartwatches.

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

Resources

From Apple: Apple Watch System Security

From Apple: Apple Watch Notification Settings -- See "Customize Your Apple Watch Notification Settings" and "Keeping Notifications Private" sections in particular

Google Pixel Watch: How to Enable/Modify/Disable Screen Lock

Google Pixel Watch: Notification Settings

From Samsung: Set a Security Lock on Your Samsung Smart Watch

From Samsung: Manage Notifications on Your Samsung Smart Watch

PCT Resources

Group Practice Care Premium

weekly (live & recorded) direct support & consultation service, Group Practice Office Hours

+ assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices (for *all* team members at no per-person cost)

+  assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces(for *all* team members at no per-person cost) + more

HIPAA Risk Analysis & Risk Mitigation Planning service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks.

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we talk about ways to prevent HIPAA email breaches in a group practice setting.

We discuss common email-related breaches we see for group practices; email and PHI; large vs. small breaches; the implications of having a HIPAA breach; policies and procedures to mitigate email errors; how to send mass client notifications securely; settings to have in place in your email service; and what makes an email service HIPAA compliant.

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

PCT Resources

• PCT's Google Workspace Configuration Learning Center (see part 9, 'the sharing and the forwarding', for tutorial on managing forwarding settings)

• Free CE course: Introduction to HIPAA Security for Group Practice Leaders (1 legal-ethical CE course)

• OCR Breach Report Questions  -- know the contents of what is asked/what you need to provide *before* starting the breach report in the OCR's online portal for breach reporting

• CE course: HIPAA Security Incidents & Breaches: Investigation, Documentation, And Reporting (1.5 legal-ethical CE credit hours)

• Group Practice Care Premium  for weekly (live & recorded) direct support & consultation, Group Practice Office Hours, with the PCT team + Eric Ström, JD PhD LMHC (monthly)

• PCT's Group Practice PCT Way HIPAA Compliance Manual & Materials -- comprehensive customizable HIPAA Security Policies & Procedure and materials templates specifically for mental health group practices. with a detailed step-by-step project plan and guided instructions for adopting & implementing efficiently **includes policy prohibition on use of BCC and CC; workforce forwarding emails from their practice email account to personal email account; data entry checking/not using autofill suggestions for recipients -- the P&P components that address the email gone awry situations we discussed in the podcast episode

• Policies & Procedures include:

• Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application.

• Computing Devices and Electronic Media Technical Security Policy

• Bring Your Own Device (BYOD) Policy

• Communications Security Policy

• Information Systems Secure Use Policy

• Risk Management Policy

• Contingency Planning Policy

• Device and Document Transport and Storage Policy

• Device and Document Disposal Policy

• Security Training and Awareness Policy

• Passwords and Other Digital Authentication Policy

• Software and Hardware Selection Policy

• Security Incident Response and Breach Notification Policy

• Security Onboarding and Exit Policy

• Sanction Policy Policy

• Release of Information Security Policy

• Remote Access Policy

• Data Backup Policy

• Facility/Office Access and Physical Security Policy

• Facility Network Security Policy

• Computing Device Acceptable Use Policy

• Business Associate Policy

• Access Log Review Policy

• Forms & Logs include:

• Workforce Security Policies Agreement

• Security Incident Report

• PHI Access Determination

• Password Policy Compliance

• BYOD Registration & Termination

• Data Backup & Confirmation

• Access Log Review

• Key & Access Code Issue and Loss

• Third-Party Service Vendors

• Building Security Plan

• Security Schedule

• Equipment Security Check

• Computing System Access Granting & Revocation

• Training Completion

• Mini Risk Analysis

• Security Incident Response

• Security Reminder

• Practice Equipment Catalog

• + Workforce Security Manual & Leadership Security Manual -- the role-based practical application oriented distillation of the formal Policies & Procedures

• + 2 complimentary seats of the Security Officer Endorsement Training Program (1 for Security Officer; 1 for Deputy (or future Deputy) Security Officer.

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we chat with Gabrielle Juliano-Villani, LCSW about navigating Medicare considerations as a mental health provider.

We discuss fears and misconceptions around being a Medicare provider; upsides to being a Medicare provider; how opting in and out of Medicare works with multiple providers; what the enrollment process entails and where people get tripped up; what documents you need to have ready to enroll; how long the process takes; reimbursement timeframes; auditing and documentation; and our upcoming Q+A session with Gabrielle on this topic. 

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

Resources from guest Gabrielle Juliano-Villani, LCSW of Medicare Consulting for Therapists

Map of MAC's, links to enrollment app, checklist and more helpful links

How to check Medicare rates (with a video) 

Common Credentialing problems (and how to avoid them) 

Medicare Opt in or Opt out 

Facebook Group, Medicare Consulting for Therapists  

Etsy store with more checklists for billing and credentialing and my note template 

PCT Resources

On-demand trainings (not designated as CE) presented by Gabrielle: Introduction To Medicare And Medicare Credentialing and Medicare Billing

Special Q&A Medicare focused Q&A Group Practice Office Hours session (live & recorded) for Practice Care *Premium* members

Group Practice Care Premium for weekly (live & recorded) direct support & consultation, Group Practice Office Hours, with the PCT team + Eric Ström, JD PhD LMHC (monthly)

HIPAA compliance, risk management, and practice optimization resources and support from PCT for mental health group practices

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we’re looking back on some of the major developments that impacted the group practice landscape this year. 

We discuss artificial intelligence and how it’s impacting providers; ethical and clinical considerations for AI use; LPC and MFT eligibility as Medicare providers in 2024, and opting out if that’s applicable; third party tracking on practice websites and HIPAA; a recent study looking at the efficacy equivalencies between telehealth and in person care; and the upcoming Compacts going live.

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

Resources

AI

Podcast: Episode 322: [Tech Tips] Considerations for AI Use in Your Group Practice

CE course: The Evolving Legal-Ethical Standard Of Care For The Clinical Use Of Artificial Intelligence In Mental Health (2 legal-ethical CE credit hours)

PCT Blog: Artificial Intelligence Utilization & Implications in Mental Health Care: How Person Centered Tech is Helping the Helpers 

Medicare

PCT Blog: Big News on the Medicare Front — Attention Counselors and Marriage & Family Therapists! (including a link to ZynnyMe's great tutorial on how to opt out, if that's the determination your practice makes is right for you)

Training (non-CE): Introduction to Medicare and Medicare Credentialing

Training (non-CE): Medicare Billing 

Teletherapy

• Podcast: Episode 312: [Teletherapy News] Updates on Inter-State Compacts, Parity Laws, and the PHE Ending
• Trainings & Materials: PCT's Teletherapy Certified Practice program and program components

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we explain steps to take if your therapy practice had a HIPAA breach this year. 

We discuss normalizing breaches emotionally; what constitutes a breach; the breach reporting timeframe; what the breach reporting process consists of; what to expect in terms of a response for a breach report; things regulators love to see in a breach report; the importance of preventing a breach from reoccurring; and resources we have available to support you during breach reporting.

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

PCT Resources

OCR Breach Report Questions -- know the contents of what is asked/what you need to provide *before* starting the breach report in the OCR's online portal for breach reporting

CE course: HIPAA Security Incidents & Breaches: Investigation, Documentation, And Reporting (1.5 legal-ethical CE credit hours)

Group Practice Care Premium for weekly (live & recorded) direct support & consultation, Group Practice Office Hours, with the PCT team + Eric Ström, JD PhD LMHC (monthly)

PCT's Group Practice PCT Way HIPAA Compliance Manual & Materials -- comprehensive customizable HIPAA Security Policies & Procedure and materials templates specifically for mental health group practices. with a detailed step-by-step project plan and guided instructions for adopting & implementing efficiently       

Policies & Procedures include: 

Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application.

Computing Devices and Electronic Media Technical Security Policy

Bring Your Own Device (BYOD) Policy

Communications Security Policy

Information Systems Secure Use Policy

Risk Management Policy

Contingency Planning Policy

Device and Document Transport and Storage Policy

Device and Document Disposal Policy

Security Training and Awareness Policy

Passwords and Other Digital Authentication Policy

Software and Hardware Selection Policy

**Security Incident Response and Breach Notification Policy**

Security Onboarding and Exit Policy

Sanction Policy Policy

Release of Information Security Policy

Remote Access Policy

Data Backup Policy

Facility/Office Access and Physical Security Policy

Facility Network Security Policy

Computing Device Acceptable Use Policy

Business Associate Policy

Access Log Review Policy

Forms & Logs include:

Workforce Security Policies Agreement

**Security Incident Report**

PHI Access Determination

Password Policy Compliance

BYOD Registration & Termination

Data Backup & Confirmation

Access Log Review

Key & Access Code Issue and Loss

Third-Party Service Vendors

Building Security Plan

Security Schedule

Equipment Security Check

Computing System Access Granting & Revocation

Training Completion

Mini Risk Analysis

**Security Incident Response**

Security Reminder

Practice Equipment Catalog

+ Workforce Security Manual & Leadership Security Manual -- the role-based practical application oriented distillation of the formal Policies & Procedures

+ 2 complimentary seats of the Security Officer Endorsement Training Program (1 for Security Officer; 1 for Deputy (or future Deputy) Security Officer.

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we discuss what you need to get your annual Good Faith Estimates (GFEs) ready for clients.

We discuss best practices for providing Good Faith Estimates for long term recurring care including: whether clients need to sign their GFEs; dissemination of information vs creating a contractual bond; how to provide GFEs to clients; how to document GFEs; what you should include in a Good Faith Estimate; who should get a GFE and why; and when to provide GFEs for clients.

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

Resources

Model Disclosure Notice Regarding Patient Protections Against Surprise Billing from CMS for providers

CMS Overview of Rules & Fact Sheets related to the No Surprises Act and Good Faith Estimates

PCT Resources

On-demand CE training (2 legal-ethical CE credit hours): Regulatory Changes & Their Implications: What You Need to Know to be in Compliance for a Legal-Ethical Mental Health Practice - PCT’s 2023 Practice Primer course, presented by therapist attorney Eric Ström, JD PhD LMHC and PCT director Liath Dalton — includes discussion of No Surprises Act and GFE notices, provision, content, and documentation

Episode 310: [Practice Management] Helpful and Important Tips for Good Faith Estimates

Group Practice Care Premium for weekly (live & recorded) direct support & consultation, Group Practice Office Hours, with the PCT team + Eric Ström, JD PhD LMHC (monthly)

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we’re talking about ways to start 2024 off with an optimized and fortified group practice. 

We discuss starting the new year on a solid foundation; reviewing current group practice systems and tech stacks; ensuring your team has the training they need; checking devices and device security; risk analysis and mitigation; reviewing policies and procedures as well as HIPAA manuals; and the PCT resources that can help you with each of these tips. 

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

PCT Resources

Article: 5 Practical Tips for Tidying Things up in Your Practice at the End of the Year

Comprehensive PCT Way HIPAA Compliance Bundle for Group Practices

Service Review Resources: PCT's Group Practice Service Selection Workbook & Worksheets (free!! Step 1 of the PCT Way) -- support for reviewing (and selecting) HIPAA-secure, effective, and economical services to meet your practice's functionality and operational needs

Training resources: PCT's HIPAA, mental health privacy ethics, and teletherapy role-based foundational trainings for mental group practices + topical needs-based trainings

Device security resources:

Group Practice Care Premium for weekly (live & recorded) direct support & consultation service, Group Practice Office Hours

+ assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices (for *all* team members at no per-person cost)

+  assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces(for *all* team members at no per-person cost)

+ more

Computer and Smartphone HIPAA Security Checklist for Therapists

Risk Analysis & Mitigation Resources:

PCT's HIPAA Risk Analysis & Risk Mitigation Planning service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks. Will identify both your 'in-practice' risks and your 'formal compliance' (what required written P&Ps are implemented) needs, while also documenting all the good things your practice is already doing!

PCT's Mini Risk Analysis/Needs Identification 'Circle' Tool (free!)

PCT Article: Why Risk Analysis is a Fundamental Requirement: Highlights Through the Person Centered Tech Lens from the OCR’s Recent Presentation on the HIPAA Security Rule Risk Analysis Requirement

Policy & Procedure and HIPAA Manual Resources:

PCT's Group Practice PCT Way HIPAA Compliance Manual & Materials -- comprehensive customizable HIPAA Security Policies & Procedure and materials templates specifically for mental health group practices. with a detailed step-by-step project plan and guided instructions for adopting & implementing efficiently    

Policies & Procedures include:

Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application.

Computing Devices and Electronic Media Technical Security Policy

Bring Your Own Device (BYOD) Policy

Communications Security Policy

Information Systems Secure Use Policy

Risk Management Policy

Contingency Planning Policy

Device and Document Transport and Storage Policy

Device and Document Disposal Policy

Security Training and Awareness Policy

Passwords and Other Digital Authentication Policy

Software and Hardware Selection Policy

Security Incident Response and Breach Notification Policy

Security Onboarding and Exit Policy

Sanction Policy Policy

Release of Information Security Policy

Remote Access Policy

Data Backup Policy

Facility/Office Access and Physical Security Policy

Facility Network Security Policy

Computing Device Acceptable Use Policy

Business Associate Policy

Access Log Review Policy

Forms & Logs include:

Workforce Security Policies Agreement

Security Incident Report

PHI Access Determination

Password Policy Compliance

BYOD Registration & Termination

Data Backup & Confirmation

Access Log Review

Key & Access Code Issue and Loss

Third-Party Service Vendors

Building Security Plan

Security Schedule

Equipment Security Check

Computing System Access Granting & Revocation

Training Completion

Mini Risk Analysis

Security Incident Response

Security Reminder

Practice Equipment Catalog

+ Workforce Security Manual & Leadership Security Manual -- the role-based practical application oriented distillation of the formal Policies & Procedures

+ 2 complimentary seats of the Security Officer Endorsement Training Program (1 for Security Officer; 1 for Deputy (or future Deputy) Security Officer.

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we’re answering frequently asked questions about Business Associate Agreements, or BAAs.

We discuss who should be providing the BAA; evaluating whether a service provider can meet group practice needs; performing due diligence as the HIPAA responsible party; red flags to watch out for; templates we recommend; and when you need a confidentiality agreement instead of a BAA.

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we’re diving into Business Associate Agreements (BAAs) for group practice owners.

We discuss what a BAA is; who is considered a business associate; how to execute and enforce a BAA; documenting BAAs; evaluating if a BAA is sufficient; why a HIPAA statement is not a replacement for a BAA; precedent for enforcement action from the Office of Civil Rights; and what qualifies under the conduit exception.

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

Resources

HHS Model Business Associate Agreement

HHS SAMPLE BUSINESS ASSOCIATE AGREEMENT PROVISIONS

PCT Resources

PCT article: What Is a HIPAA Business Associate?

PCT free CE course: Introduction to HIPAA Security for Group Practice Leaders

PCT's Group Practice PCT Way HIPAA Compliance Manual & Materials -- comprehensive customizable HIPAA Security Policies & Procedure and materials templates specifically for mental health group practices. with a detailed step-by-step project plan and guided instructions for adopting & implementing efficiently    

Policies & Procedures include:

Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application.

Computing Devices and Electronic Media Technical Security Policy

Bring Your Own Device (BYOD) Policy

Communications Security Policy

Information Systems Secure Use Policy

Risk Management Policy

Contingency Planning Policy

Device and Document Transport and Storage Policy

Device and Document Disposal Policy

Security Training and Awareness Policy

Passwords and Other Digital Authentication Policy

Software and Hardware Selection Policy

Security Incident Response and Breach Notification Policy

Security Onboarding and Exit Policy

Sanction Policy Policy

Release of Information Security Policy

Remote Access Policy

Data Backup Policy

Facility/Office Access and Physical Security Policy

Facility Network Security Policy

Computing Device Acceptable Use Policy

Business Associate Policy

Access Log Review Policy

Forms & Logs include:

Workforce Security Policies Agreement

Security Incident Report

PHI Access Determination

Password Policy Compliance

BYOD Registration & Termination

Data Backup & Confirmation

Access Log Review

Key & Access Code Issue and Loss

Third-Party Service Vendors

Building Security Plan

Security Schedule

Equipment Security Check

Computing System Access Granting & Revocation

Training Completion

Mini Risk Analysis

Security Incident Response

Security Reminder

Practice Equipment Catalog

+ Workforce Security Manual & Leadership Security Manual -- the role-based practical application oriented distillation of the formal Policies & Procedures

+ 2 complimentary seats of the Security Officer Endorsement Training Program (1 for Security Officer; 1 for Deputy (or future Deputy) Security Officer.

Group Practice Care Premium for weekly (live & recorded) direct support & consultation service, Group Practice Office Hours

+ assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices (for *all* team members at no per-person cost)

+  assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces(for *all* team members at no per-person cost)

+ more

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we’re sharing why risk analysis is essential for mental health providers, inspired by a recent webinar from the Office of Civil Rights (OCR). 

We discuss the core mandate of the HIPAA Security Rule; how risk analysis is essential to safeguarding PHI; conceptualizing the lifecycle of PHI in your practice; how often to do a risk analysis; written policy vs. implemented policy; security measures degrading over time; and HIPAA as a useful tool for client care.

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

PCT Resources

PCT's HIPAA Risk Analysis & Risk Mitigation Planning service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks. Will identify both your 'in-practice' risks and your 'formal compliance' (what required written P&Ps are implemented) needs, while also documenting all the good things your practice is already doing!

PCT's Group Practice PCT Way HIPAA Compliance Manual & Materials -- comprehensive customizable HIPAA Security Policies & Procedure and materials templates specifically for mental health group practices. with a detailed step-by-step project plan and guided instructions for adopting & implementing efficiently   

Policies & Procedures include:

Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application.

Computing Devices and Electronic Media Technical Security Policy

Bring Your Own Device (BYOD) Policy

Communications Security Policy

Information Systems Secure Use Policy

Risk Management Policy

Contingency Planning Policy

Device and Document Transport and Storage Policy

Device and Document Disposal Policy

Security Training and Awareness Policy

Passwords and Other Digital Authentication Policy

Software and Hardware Selection Policy

Security Incident Response and Breach Notification Policy

Security Onboarding and Exit Policy

Sanction Policy Policy

Release of Information Security Policy

Remote Access Policy

Data Backup Policy

Facility/Office Access and Physical Security Policy

Facility Network Security Policy

Computing Device Acceptable Use Policy

Business Associate Policy

Access Log Review Policy

Forms & Logs include:

Workforce Security Policies Agreement

Security Incident Report

PHI Access Determination

Password Policy Compliance

BYOD Registration & Termination

Data Backup & Confirmation

Access Log Review

Key & Access Code Issue and Loss

Third-Party Service Vendors

Building Security Plan

Security Schedule

Equipment Security Check

Computing System Access Granting & Revocation

Training Completion

Mini Risk Analysis

Security Incident Response

Security Reminder

Practice Equipment Catalog

+ Workforce Security Manual & Leadership Security Manual -- the role-based practical application oriented distillation of the formal Policies & Procedures

+ 2 complimentary seats of the Security Officer Endorsement Training Program (1 for Security Officer; 1 for Deputy (or future Deputy) Security Officer.

Group Practice Care Premium for weekly (live & recorded) direct support & consultation service, Group Practice Office Hours

+ assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices (for *all* team members at no per-person cost)

+  assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces(for *all* team members at no per-person cost)

+ more

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we’re answering a question we get asked frequently: can we trust the cloud?

We discuss the benefits of using a HIPAA appropriate cloud service; what we mean when we talk about the cloud; outsourcing expertise, as well as liability and responsibility; how to trust something when you don’t know how it works; and how to educate yourself about data security.

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

PCT Resources

PCT's Group Practice Service Selection Workbook & Worksheets (free!! Step 1 of the PCT Way) -- support for selecting HIPAA-secure, effective, and economical cloud services to meet your practice's functionality and operational needs

Group Practice Care Premium for weekly (live & recorded) direct support & consultation service, Group Practice Office Hours

+ assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices (for *all* team members at no per-person cost)

+ assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces(for *all* team members at no per-person cost)

+ more

PCT's HIPAA Risk Analysis & Risk Mitigation Planning service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks. Will identify both your 'in-practice' risks and your 'formal compliance' (what required written P&Ps are implemented) needs, while also documenting all the good things your practice is already doing!

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we talk about what policies and procedures you need in group practice.

We discuss why this process is confusing; the difference between a HIPAA clause in an employment contract and specific security policies and procedures; why having policies is helpful (and pitfalls when policies aren’t in place); our customizable templates to help you develop HIPAA security policies and procedures for your practice; the importance of practical application; and taking your time with implementation.

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

PCT Resources

PCT's Group Practice PCT Way HIPAA Compliance Manual & Materials -- comprehensive customizable HIPAA Security Policies & Procedure and materials templates specifically for mental health group practices. with a detailed step-by-step project plan and guided instructions for adopting & implementing efficiently  

Policies & Procedures include:

Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application.

Computing Devices and Electronic Media Technical Security Policy

Bring Your Own Device (BYOD) Policy

Communications Security Policy

Information Systems Secure Use Policy

Risk Management Policy

Contingency Planning Policy

Device and Document Transport and Storage Policy

Device and Document Disposal Policy

Security Training and Awareness Policy

Passwords and Other Digital Authentication Policy

Software and Hardware Selection Policy

Security Incident Response and Breach Notification Policy

Security Onboarding and Exit Policy

Sanction Policy Policy

Release of Information Security Policy

Remote Access Policy

Data Backup Policy

Facility/Office Access and Physical Security Policy

Facility Network Security Policy

Computing Device Acceptable Use Policy

Business Associate Policy

Access Log Review Policy

Forms & Logs include:

Workforce Security Policies Agreement

Security Incident Report

PHI Access Determination

Password Policy Compliance

BYOD Registration & Termination

Data Backup & Confirmation

Access Log Review

Key & Access Code Issue and Loss

Third-Party Service Vendors

Building Security Plan

Security Schedule

Equipment Security Check

Computing System Access Granting & Revocation

Training Completion

Mini Risk Analysis

Security Incident Response

Security Reminder

Practice Equipment Catalog

+ Workforce Security Manual & Leadership Security Manual -- the role-based practical application oriented distillation of the formal Policies & Procedures

+ 2 complimentary seats of the Security Officer Endorsement Training Program (1 for Security Officer; 1 for Deputy (or future Deputy) Security Officer.

Group Practice Care Premium for weekly (live & recorded) direct support & consultation service, Group Practice Office Hours

+ assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices (for *all* team members at no per-person cost)

+  assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces(for *all* team members at no per-person cost)

+ more

PCT's HIPAA Risk Analysis & Risk Mitigation Planning service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks. Will identify both your 'in-practice' risks and your 'formal compliance' (what required written P&Ps are implemented) needs, while also documenting all the good things your practice is already doing!

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we’re talking about the security standards that go along with accepting credit cards in your therapy practice.

We discuss PCI DSS (Payment Card Industry Data Security Standard) compliance and where it is applicable; what payment processors handle; documentation; not handling or storing the full payment information for clients; the different types of security required for HIPAA compliance vs PCI compliance; why you don’t need a BAA with your payment processor; and the intersection of compliance components for PCI and for HIPAA.

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

PCT Resources

Article: What is PCI DSS and Why Do I Care?

CE course: Teletherapy and Remote Payment Methods, Legal-Ethical and Practical Considerations

Group Practice Care Premium for weekly (live & recorded) direct support & consultation service, Group Practice Office Hours

+ assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices (for *all* team members at no per-person cost)

+  assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces (for *all* team members at no per-person cost)

+ more

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we’re offering up a refresher on teletherapy skills. 

We discuss the American Telemedicine Association (ATA) standards; our clinical staff teletherapy training (which includes a video presentation skills section); teletherapy considerations for home workspaces; our Remote Workspace Center which has step by step tutorials for a secure home office; troubleshooting telehealth sessions; and staying on top of current best practices with training.

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

PCT Resources

PCT's Clinical Staff Teletherapy Training (5 CE credit hours, 3 of which are designated as legal-ethical CE) 

PCT's Teletherapy Program Director/Supervisor Training (18.5 CE credit hours, plus 6+ CE credit hours of included topical bonus courses)

PCT's Video Presentation Skills In Telemental Health, Both Basic And Intermediate (2 CE credit hours)

PCT's video teletherapy skills coaching service, "Lights, Camera, Therapy"

Group Practice Care Premium for weekly (live & recorded) direct support & consultation service, Group Practice Office Hours

+ assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices (for *all* team members at no per-person cost)

+  assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces(for *all* team members at no per-person cost)

+ more

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we explain what group practice owners need to know about antivirus protection.

We discuss what implementing antivirus software actually entails; who needs antivirus software; resources for free antivirus software for Windows and Mac; the importance of regularly updating security software; what is the responsibility of the group practice; whether a BAA is necessary with an antivirus and antimalware provider; and our Device Security Center, where you can find more information on the other technical security steps required for any devices touching PHI.

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

PCT Resources

Group Practice Care Premium for weekly (live & recorded) direct support & consultation service, Group Practice Office Hours + Step Step 5 (Manual & Materials) Support Forums

• assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces (for *all* team members at no per-person cost)
• assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices(for *all* team members at no per-person cost)
• And more!

PCT's Computer & Smartphone HIPAA Security Checklist for Therapists

PCT's HIPAA Risk Analysis & Risk Mitigation Planning service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks.

PCT's Group Practice PCT Way HIPAA Compliance Manual & Materials -- comprehensive HIPAA Security Policies & Procedures for the practice as HIPAA covered entity *and/or* Business Associate/MSO. Comprehensively covers the HIPAA P&Ps for contractor clinician structure group practices, employee structure group practices, and practices that are hybrid.

Policies & Procedures include:

• Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application.
• Computing Devices and Electronic Media Technical Security Policy
• Bring Your Own Device (BYOD) Policy
• Communications Security Policy
• Information Systems Secure Use Policy
• Risk Management Policy
• Contingency Planning Policy
• Device and Document Transport and Storage Policy
• Device and Document Disposal Policy
• Security Training and Awareness Policy
• Passwords and Other Digital Authentication Policy
• Software and Hardware Selection Policy
• Security Incident Response and Breach Notification Policy
• Security Onboarding and Exit Policy
• Sanction Policy Policy
• Release of Information Security Policy
• Remote Access Policy
• Data Backup Policy
• Facility/Office Access and Physical Security Policy
• Facility Network Security Policy
• Computing Device Acceptable Use Policy
• Business Associate Policy
• Access Log Review Policy

Forms & Logs include:

• Workforce Security Policies Agreement
• Security Incident Report
• PHI Access Determination
• Password Policy Compliance
• BYOD Registration & Termination
• Data Backup & Confirmation
• Access Log Review
• Key & Access Code Issue and Loss
• Third-Party Service Vendors
• Building Security Plan
• Security Schedule
• Equipment Security Check
• Computing System Access Granting & Revocation
• Training Completion
• Mini Risk Analysis
• Security Incident Response
• Security Reminder
• Practice Equipment Catalog

Plus:

• Workforce Security Manual & Leadership Security Manual -- the role-based practical application oriented distillation of the formal Policies & Procedures (includes the prohibitions on non-HIPAA-acceptable personal services + defines what personal services *are* allowable.)
• 2 complimentary seats of the Security Officer Endorsement Training Program (1 for Security Officer; 1 for Deputy (or future Deputy) Security Officer.