Group Practice Tech

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we’re talking about Bring Your Own Device policies for group practices.

We discuss pros and cons of BYOD for group practice; allowing team members to use their preferred operating system to increase efficiency and reduce errors; standards for device security; endpoint management software; personal smartphone use; BYOD in the context of client care; device security training as a staff benefit; and Group Practice Care, which includes our system for easily managing personal device security and documentation.

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

PCT Resources

Group Practice Care Premium for weekly (live & recorded) direct support & consultation service, Group Practice Office Hours + Step Step 5 (Manual & Materials) Support Forums

• assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces (for *all* team members at no per-person cost)

• assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices(for *all* team members at no per-person cost)

• And more!

PCT's Computer & Smartphone HIPAA Security Checklist for Therapists  

PCT's HIPAA Risk Analysis & Risk Mitigation Planning service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks.

PCT's Group Practice PCT Way HIPAA Compliance Manual & Materials -- comprehensive HIPAA Security Policies & Procedures for the practice as HIPAA covered entity *and/or* Business Associate/MSO. Comprehensively covers the HIPAA P&Ps for contractor clinician structure group practices, employee structure group practices, and practices that are hybrid.  

Policies & Procedures include:

• Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application.

• Computing Devices and Electronic Media Technical Security Policy

• Bring Your Own Device (BYOD) Policy

• Communications Security Policy

• Information Systems Secure Use Policy

• Risk Management Policy

• Contingency Planning Policy

• Device and Document Transport and Storage Policy

• Device and Document Disposal Policy

• Security Training and Awareness Policy

• Passwords and Other Digital Authentication Policy

• Software and Hardware Selection Policy

• Security Incident Response and Breach Notification Policy

• Security Onboarding and Exit Policy

• Sanction Policy Policy

• Release of Information Security Policy

• Remote Access Policy

• Data Backup Policy

• Facility/Office Access and Physical Security Policy

• Facility Network Security Policy

• Computing Device Acceptable Use Policy

• Business Associate Policy

• Access Log Review Policy

Forms & Logs include:

• Workforce Security Policies Agreement

• Security Incident Report

• PHI Access Determination

• Password Policy Compliance

• BYOD Registration & Termination

• Data Backup & Confirmation

• Access Log Review

• Key & Access Code Issue and Loss

• Third-Party Service Vendors

• Building Security Plan

• Security Schedule

• Equipment Security Check

• Computing System Access Granting & Revocation

• Training Completion

• Mini Risk Analysis

• Security Incident Response

• Security Reminder

• Practice Equipment Catalog

Plus:

• Workforce Security Manual & Leadership Security Manual -- the role-based practical application oriented distillation of the formal Policies & Procedures (includes the prohibitions on non-HIPAA-acceptable personal services + defines what personal services *are* allowable.)

• 2 complimentary seats of the Security Officer Endorsement Training Program (1 for Security Officer; 1 for Deputy (or future Deputy) Security Officer.

PCT's free "mini risk" tool, for needs identification related to what's within and what's outside your practice's Security Circle (including personal device use)

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we dive into the HIPAA Conduit Exception Rule to explore what personal services are okay for group practice staff to use. 

We discuss security circles; which services are generally prohibited; the HIPAA Conduit Exception Rule; what qualifies as a HIPAA conduit; email services; phone services; home internet services; VPNs; and mobile hotspots.

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

PCT Resources

Group Practice Care Premium for weekly (live & recorded) direct support & consultation service, Group Practice Office Hours + Step Step 5 (Manual & Materials) Support Forums

• assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces (for *all* team members at no per-person cost)

• assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices(for *all* team members at no per-person cost)

• And more!

PCT's HIPAA Risk Analysis & Risk Mitigation Planning service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks.

PCT's Group Practice PCT Way HIPAA Compliance Manual & Materials -- comprehensive HIPAA Security Policies & Procedures for the practice as HIPAA covered entity *and/or* Business Associate/MSO. Comprehensively covers the HIPAA P&Ps for contractor clinician structure group practices, employee structure group practices, and practices that are hybrid.

Policies & Procedures include:

• Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application.

• Computing Devices and Electronic Media Technical Security Policy

• Bring Your Own Device (BYOD) Policy

• Communications Security Policy

• Information Systems Secure Use Policy

• Risk Management Policy

• Contingency Planning Policy

• Device and Document Transport and Storage Policy

• Device and Document Disposal Policy

• Security Training and Awareness Policy

• Passwords and Other Digital Authentication Policy

• Software and Hardware Selection Policy

• Security Incident Response and Breach Notification Policy

• Security Onboarding and Exit Policy

• Sanction Policy Policy

• Release of Information Security Policy

• Remote Access Policy

• Data Backup Policy

• Facility/Office Access and Physical Security Policy

• Facility Network Security Policy

• Computing Device Acceptable Use Policy

• Business Associate Policy

• Access Log Review Policy

Forms & Logs include:

• Workforce Security Policies Agreement

• Security Incident Report

• PHI Access Determination

• Password Policy Compliance

• BYOD Registration & Termination

• Data Backup & Confirmation

• Access Log Review

• Key & Access Code Issue and Loss

• Third-Party Service Vendors

• Building Security Plan

• Security Schedule

• Equipment Security Check

• Computing System Access Granting & Revocation

• Training Completion

• Mini Risk Analysis

• Security Incident Response

• Security Reminder

• Practice Equipment Catalog

Plus:

• Workforce Security Manual & Leadership Security Manual -- the role-based practical application oriented distillation of the formal Policies & Procedures (includes the prohibitions on non-HIPAA-acceptable personal services + defines what personal services *are* allowable.)

• 2 complimentary seats of the Security Officer Endorsement Training Program (1 for Security Officer; 1 for Deputy (or future Deputy) Security Officer.

PCT's free "mini risk" tool, for needs identification related to what's within and what's outside your practice's Security Circle (including personal service use)

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

Our latest episode is an audio replay of our recent panel with ZynnyMe and Ström Consulting on what therapists need to be aware of regarding terms and conditions.

We discuss the red flags from Simple Practice’s new T&Cs Zoom’s updated T&Cs the differences in these two situations; the impacts of certain T&Cs steps to evaluate services for meeting needs as well as trust and transparency; the difference between HIPAA compliance and HIPAA consistency; healthcare companies using customer data to train AI models; Simple Practice providing untrue information about what is and isn’t PHI; liability after agreeing to new T&Cs BetterHelp’s fines from the FTC; how professional organizations are responding; green and red flags to consider for service providers; informed consent for clients; short and long term EHR considerations for practice owners; voting with your dollars; recommended EHRs; Open Notes and client access to records; and backing up data.

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

Resources

EHR/Practice Management Reviews by Rob Rienhardt LPCS, M.Ed., NCC at Tame Your Practice

PCT Resources

Group Practice Care Premium for weekly (live & recorded) direct support & consultation service with PCT consulting team + monthly session co-facilitated by Eric Ström, JD PhD LMHC

+ assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces (for *all* team members at no per-person cost)

+ assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices(for *all* team members at no per-person cost) + more

PCT's Group Practice Service Selection Workbook & Worksheets (free!! Step 1 of the PCT Way) -- support for selecting HIPAA-secure, effective, and economical phone, video, and communication platforms (and your other practice functionality needs, too!)

PCT's HIPAA Risk Analysis & Risk Mitigation Planning service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks.

PCT CE Training: The “Open Notes” Rule and Your EHR Choice: Legal Compliance and Client Safety Now and in The Future presented by Rob Rienhardt, LPCS M.Ed., NCC, Eric Ström, JD PhD LMHC, and Roy Huggins, LPC NCC

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we address questions regarding migrating from one EHR to a new EHR and the HIPAA security considerations that need to be taken into account when doing so.

We discuss the process of migrating and importing demographic data from one EHR to another; device encryption and the importance of a secure device while migrating highly sensitive data; how to use Google Drive to safely backup and safeguard your information; and risk management practices to avoid.

Listen here: https://personcenteredtech.com/group/podcast/  

For more, visit our website.

PCT Resources:

Group Practice Care Premium for weekly (live & recorded) direct support & consultation service, Group Practice Office Hours plus:

• Step 5 (Manual & Materials) Support Forums

• Assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members

• Access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces (for *all* team members at no per-person cost)

• Assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices(for *all* team members at no per-person cost) 

• And more!

Google Workspace Configuration Help Center (free!)

For Solo Practitioners, Solo Practice Care Premium for weekly (live & recorded) direct support & consultation service, Office Hours, with the PCT team 

Plus: Device Security Center access and Home & Mobile Office Security Center access

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we discuss due diligence with Terms & Conditions and Business Associate Agreements, particularly with the recent updates to Simple Practice and Zoom.  

We cover common pitfalls we see around accepting Terms & Conditions (T&Cs); what’s required for a HIPAA compliant Business Associate Agreement (BAA); how to evaluate a BAA; Simple Practice’s revamped T&Cs Zoom’s updated T&Cs considerations for switching systems; and when to get an attorney’s opinion.

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

Resources

Simple Practice Issue

• ZynnyMe Blog on the SimplePractice T&C changes

• SimplePractice's new T&C

• SimplePractice Response Blog Post and FAQ about T&C changes

Zoom Issue

• StackDiary article: Zoom's Updated Terms of Service Permit Training AI on User Content Without Opt-Out

• Zoom Blog: How Zoom’s terms of service and practices apply to AI features

• Zoom's new TOS/T&C

• AP News Fact Check article

• How to not opt in: Zoom AI Training: How to Turn Off New Permissions (TLDR; never accept the “Zoom IQ Meeting Summary” prompt)

• HHS' model BAA

PCT Resources

Group Practice Care Premium for weekly (live & recorded) direct support & consultation service with PCT consulting team + monthly session co-facilitated by Eric Ström, JD PhD LMHC; also includes:

• Assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces (for *all* team members at no per-person cost)

• Assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices(for *all* team members at no per-person cost)

• And more!

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we share tips on how to demystify what HIPAA compliance means for you and your practice.

We discuss making compliance accessible and manageable instead of overwhelming; compliance as an ongoing process and set of behaviors; distributing the HIPAA workload; focusing on what you’re doing well already; tips for engaging with HIPAA compliance on an ongoing basis; resources we offer that can help lessen HIPAA overwhelm; how much time to actually set aside for these tasks; and acknowledging the vulnerability required in the HIPAA process.

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

PCT Resources

Group Practice Care Premium for weekly (live & recorded) direct support & consultation service, Group Practice Office Hours plus: 

• Step 5 (Manual & Materials) Support Forums

• Assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces (for *all* team members at no per-person cost)

• Assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices(for *all* team members at no per-person cost)

• And more!

PCT's HIPAA Risk Analysis & Risk Mitigation Planning service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks.

PCT's Group Practice PCT Way HIPAA Compliance Manual & Materials -- comprehensive HIPAA Security Policies & Procedures for the practice as HIPAA covered entity *and/or* Business Associate/MSO. Comprehensively covers the HIPAA P&Ps for contractor clinician structure group practices, employee structure group practices, and practices that are hybrid.

Policies & Procedures include:

• Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application.

• Computing Devices and Electronic Media Technical Security Policy

• Bring Your Own Device (BYOD) Policy

• Communications Security Policy

• Information Systems Secure Use Policy

• Risk Management Policy

• Contingency Planning Policy

• Device and Document Transport and Storage Policy

• Device and Document Disposal Policy

• Security Training and Awareness Policy

• Passwords and Other Digital Authentication Policy

• Software and Hardware Selection Policy

• Security Incident Response and Breach Notification Policy

• Security Onboarding and Exit Policy

• Sanction Policy Policy

• Release of Information Security Policy

• Remote Access Policy

• Data Backup Policy

• Facility/Office Access and Physical Security Policy

• Facility Network Security Policy

• Computing Device Acceptable Use Policy

• Business Associate Policy

• Access Log Review Policy

Forms & Logs include:

• Workforce Security Policies Agreement

• Security Incident Report

• PHI Access Determination

• Password Policy Compliance

• BYOD Registration & Termination

• Data Backup & Confirmation

• Access Log Review

• Key & Access Code Issue and Loss

• Third-Party Service Vendors

• Building Security Plan

• Security Schedule

• Equipment Security Check

• Computing System Access Granting & Revocation

• Training Completion

• Mini Risk Analysis

• Security Incident Response

• Security Reminder

• Practice Equipment Catalog

Also included:

• Workforce Security Manual & Leadership Security Manual -- the role-based practical application oriented distillation of the formal Policies & Procedures

• 2 complimentary seats of the Security Officer Endorsement Training Program (1 for Security Officer; 1 for Deputy (or future Deputy) Security Officer.

• PCT Staff Trainings -- fundamental + topical, needs-based training for HIPAA, Privacy Ethics, Teletherapy, and more!

PCT'S HIPAA-Security Awareness Meme-Minders (free!)

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we take a shame-free look at policies and procedures and why they’re beneficial to have in place. 

We discuss using in practice behavior to inform policies & procedures; risk analysis; the benefits of having everything written down; how to decide where to start; reducing cognitive overhead and burnout; being prepared for security incidents; HIPAA compliance as a set of behaviors, not a product or a checklist; and the resources PCT offers around policies & procedures. 

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

PCT Resources

PCT's Group Practice PCT Way HIPAA Compliance Manual & Materials -- comprehensive HIPAA Security Policies & Procedures for the practice as HIPAA covered entity *and/or* Business Associate/MSO. Comprehensively covers the HIPAA P&Ps for contractor clinician structure group practices, employee structure group practices, and practices that are hybrid. 

Policies & Procedures include: Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application.

• Computing Devices and Electronic Media Technical Security Policy

• Bring Your Own Device (BYOD) Policy

• Communications Security Policy

• Information Systems Secure Use Policy

• Risk Management Policy

• Contingency Planning Policy

• Device and Document Transport and Storage Policy

• Device and Document Disposal Policy

• Security Training and Awareness Policy

• Passwords and Other Digital Authentication Policy

• Software and Hardware Selection Policy

• Security Incident Response and Breach Notification Policy

• Security Onboarding and Exit Policy

• Sanction Policy Policy

• Release of Information Security Policy

• Remote Access Policy

• Data Backup Policy

• Facility/Office Access and Physical Security Policy

• Facility Network Security Policy

• Computing Device Acceptable Use Policy

• Business Associate Policy

• Access Log Review Policy

Forms & Logs include:

• Workforce Security Policies Agreement

• Security Incident Report

• PHI Access Determination

• Password Policy Compliance

• BYOD Registration & Termination

• Data Backup & Confirmation

• Access Log Review

• Key & Access Code Issue and Loss

• Third-Party Service Vendors

• Building Security Plan

• Security Schedule

• Equipment Security Check

• Computing System Access Granting & Revocation

• Training Completion

• Mini Risk Analysis

• Security Incident Response

• Security Reminder

• Practice Equipment Catalog

+ Workforce Security Manual & Leadership Security Manual -- the role-based practical application oriented distillation of the formal Policies & Procedures

+ 2 complimentary seats of the Security Officer Endorsement Training Program (1 for Security Officer; 1 for Deputy (or future Deputy) Security Officer.

Pair with Group Practice Care Premium for weekly (live & recorded) direct support & consultation service, Group Practice Office Hours 

+ Step 5 (Manual & Materials) Support Forums

+ assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces (for *all* team members at no per-person cost)

+ assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices(for *all* team members at no per-person cost)

+ more

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we discuss whether Google’s mail merge feature is appropriate for therapists to send mass communications. 

We discuss our advice on using the BCC field (don’t do it!); how Google’s mail merge function works; what’s covered under Google’s BAA; calculating risk; the impacts of a HIPAA breach; and behavioral measures vs. technical measures for reducing risk of error.

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

PCT Resources

Google (free!) Workspace Configuration Center

PCT's Group Practice Service Selection Workbook & Worksheets - free!! Step 1 of the PCT Way. Support for selecting HIPAA-secure, effective, and economical phone, video, and communication platforms (and your other practice functionality needs, too!)

PCT's CE training: Smooth and Secure Use of Phone, Text, Email, and Video to Meet Modern Clients Where They Are: Legal-Ethical and Real-World Considerations

PCT's Group Practice Care Premium service with assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices + direct support & consultation service, Group Practice Office Hours

PCT's HIPAA Risk Analysis & Risk Mitigation Planning service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks.

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we talk with Patrick Casale from All Things Private Practice about leading with intentionality in group practice. 

We discuss intentions behind starting a group practice; skills that going into being a good leader and practice owner; moving forward from mistakes; making values-based decisions; encouraging job satisfaction and preventing burnout; having hard conversations; being open to healthy conflict and constructive criticism; being willing to delegate; adding administrative support; and what systems, policies, and procedures to have in place when starting a group.

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

Guest Bio

Patrick Casale is a Licensed Clinical Mental Health and Addictions Therapist in Asheville, NC.. He is the owner of All Things Private Practice and Resilient Mind Counseling. Patrick works as a Private Practice Coach and Strategist, and is also a Group Practice Owner, Motivational Speaker, Retreat Planner, and the host of All Things Private Practice Podcast. He has been featured on Private Practice Startup, Abundance Practice Building, Therapy Reimagined, Not Your Typical Psychotherapist, Selling The Couch, and Modern Therapists. Patrick is a passionate advocate, reducing shame and stigma of mental health, as well as impostor syndrome. Patrick helps mental health entrepreneurs break the mold, work through their fears and insecurities, and to embrace their Authenticity. He loves good coffee, craft beer, playing soccer, and traveling the world.

Resources and how to connect with Patrick

• All Things Private Practice Podcast

• Private Practice Retreats for Therapist Entrepreneurs

• Patrick's Facebook Group on Private Practice Building

• All Things Private Practice Instagram

• All Things Private Practice website

PCT Resources

• PCT's Group Practice Care Premium service with direct support & consultation service, Group Practice Office Hours, for group practice leaders plus

• Assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members

• Access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces

• Assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices

• PCT's HIPAA Risk Analysis & Risk Mitigation Planning service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks.

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we talk about the challenges of utilizing Google Ads in group practice from a HIPAA perspective. 

We discuss maintaining steady referrals post-pandemic; guidance from the Office of Civil Rights (OCR); balancing keeping care accessible with ethical marketing; our recommendation for Google Ads support for therapists; normalizing the discomfort of normalcy after years of crisis; using your values to inform your marketing; and finding resources when you need them.

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

Resources:

• Mental Health Group Practice Google Ad specialist, Joe Bavonese PhD at Uncommon Practices

• OCR/HHS: Guidance: Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates

PCT Resources:

• PCT training, presented by Joe Bavonese, PhD: Effective and Ethical Marketing for your Therapy Practice

• Episode 313: [HIPAA] Compliance Considerations for Your Practice Website

• Thriving and Making Comfort Conference Self-Study and Replays including:

• Navigating Collective Trauma As A Mental Health Professional

• How To Survive Burnout + Internet Marketing During COVID-19

• Legal Considerations For Practice Needs During COVID-19: HIPAA And Marketing, Cross-Jurisdiction Practice

• PCT's Group Practice Care Premium service with direct support & consultation service, Group Practice Office Hours, for group practice leaders plus:

• Assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members

• Access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces

• Assignable staff HIPAA Security Awareness: Bring Your Own Device training

• Access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices

• PCT's HIPAA Risk Analysis & Risk Mitigation Planning service for mental health group practices 

• Care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks.

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we're talking about AI use in a group practice setting.

We discuss the ways that AI can impact group practices; risk analysis considerations; ways that AI is already utilized that you may not be aware of; setting explicit policies around AI; vetting whether AI services have access to PHI; steps to take when implementing HIPAA appropriate AI services; and our upcoming training with Eric Ström on navigating the legal and ethical guidelines of AI use for mental health practitioners. 

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

PCT Resources:

PCT CE training: The Evolving Legal-Ethical Standard of Care for the Clinical Use of Artificial Intelligence in Mental Health Live on June 15th, On-Demand Self Study thereafter

• Gain insights into the benefits and challenges of incorporating AI technologies into their practice, understand the clinical implications, and learn how to navigate legal and ethical guidelines while maintaining compliance with HIPAA regulations.

• Presenter Eric Ström, JD PhD LMHC, brings a unique voice to the discourse around AI. He is an AMHCA ethics committee member, and the ethics advisor for the Washington Mental Health Counselors Association. Eric has taught a range of courses in counseling and professional ethics at a variety of graduate and undergraduate programs.

PCT On-Demand CE training: Modern Progress Notes: Considerations for Teletherapy, Insurance Audits, and Artificial Intelligence (AI)

• Modern documentation requires adaptivity and new strategies to manage things like electronic records, insurance audits, teletherapy sessions, and even artificial intelligence (AI). But what is ethical, safe and wise to implement in your practice? Join Dr. Maelisa McCaffrey (Hall) of QA Prep to address common considerations and learn new strategies for coping with notes in our modern era.

PCT's Group Practice Care Premium service with direct support & consultation service, Group Practice Office Hours, for group practice leaders plus:

• Assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members
• Access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces Assignable staff HIPAA Security Awareness: Bring Your Own Device training
• Access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices

PCT's HIPAA Risk Analysis & Risk Mitigation Planning service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks.

PCT's HIPAA Manual for Group Practices -- soon to include a Policy insert on the legal-ethical and appropriate utilization of AI in your mental health group practice.

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we chat about record retention requirements, both under HIPAA and under state law. 

We discuss the record retention requirement for HIPAA; the actual client medical record requirements under state law; the difference between documentation of HIPAA compliance activities and maintaining client records; considerations for destroying records, (paper and electronic); how to document destroyed records; where to find record retention requirements for your state; and what should be in a client’s record.

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

PCT Resources:

PCT's Group Practice Care Premium service with direct support & consultation service, Group Practice Office Hours, for group practice leaders plus:

• assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members 

• access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces

• assignable staff HIPAA Security Awareness: Bring Your Own Device training

• access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices

PCT's HIPAA Risk Analysis & Risk Mitigation Planning service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks.

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we have an insightful conversation with group practice owner + supervisor extraordinaire, Dr. Tara Sanderson, about supervision, artificial intelligence, and leadership.

We discuss leveraging technology and systems for supervision; seeking supervision or consultation throughout your career; features of good supervision; supervision as risk analysis; taking reasonable steps to ensure competence with new technology; considerations for AI use for therapists; current ways therapists utilize AI; balancing legality, ethics, and humanity; being open to other perspectives, continual learning, and vulnerability as a leader; the art form of supervision; trainings that Tara has found helpful; Tara’s podcast and training course; receiving supervision to become a better supervisor; and what’s in Tara’s tech stack. 

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

Show Notes & Additional Information:

Dr. Sanderson's Supervision Smörgåsbord Podcast

Dr. Sanderson's How to Have Interns in Your Practice course 

PCT Resources

Dr. Sanderson's CE training series at PCT: Incorporation of Interns and Supervisees in Mental Health Private Practice: Legal-Ethical, Training, and System Resource Management Considerations

The PCT Way System for optimizing and fortifying your mental health group practice

PCT's Group Practice Care Premium: one of the key resource, support and team management systems Dr. Sanderson utilizes to manage device security, remote workspace security, HIPAA and ethics trainings for her team of interns and supervisees

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we talk about the proposed new rule from the FTC that would ban non-compete clauses in contracts for workers.

We discuss how non-competes tend to operate in group practice; considerations if you have a non-compete in place; how clients experience non-competes; client autonomy and care outcomes; the enforceability of non-compete clauses; non-competes as a deterrent; and shifting mindsets about non-competes.

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

Show Notes & Additional Information:

APA article: Practitioner pointer: How to handle non-compete and non-solicitation clauses

CAMFT attorney article on non-competes and "thoughtful transitions"

JD Supra article: FTC Proposes Ban on Noncompetes

NBC news article on Non-Competes in Healthcare

Non-competition Agreements under Scrutiny at State and Federal Level

PCT Resources

PCT's Group Practice Care Premium service with direct support & consultation service, Group Practice Office Hours, for group practice leaders plus: 

• Assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members 

• Access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces

• Assignable staff HIPAA Security Awareness: Bring Your Own Device training

• Access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

Our latest episode is a public service announcement about the Texting Campaign Registry and what therapists need to know. 

We discuss why the Texting Campaign Registry (TCR) exists; who the TCR applies to (all businesses that send texts in any form); how to register through your phone carrier or service provider; what happens when you don’t register your business; and some of the information you’ll need to provide to register; and when you should register. 

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

Show Notes & Additional Information:

Texting Campaign Registry

iPlum FAQ on the TCR

RingRX FAQ on the TCR

RingRX description of the different campaign registration use cases

RingCentral FAQ on the TCR

SpruceHealth FAQ on the TCR

Zoom FAQ on the TCR

Pro Tip for our solo practitioner listeners who don't have a practice website or practice social media presence (required items for "brand verification" as part of the registry process): We suggested to one such PCT client that they use their NPI profile link, which worked successfully.

PCT Resources

PCT's Group Practice Care Premium service with direct support & consultation service, Group Practice Office Hours, for group practice leaders, plus:

• Assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members

• Access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces

• Assignable staff HIPAA Security Awareness: Bring Your Own Device training

• Access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we explain why clients cannot waive the need for HIPAA compliance. 

We discuss misconceptions that stem from non-enforcement for parts of the HIPAA Security Rule during the federal Public Health Emergency; who needs a BAA; the protections BAAs provide for the HIPAA Covered Entity; client’s rights to request non-secure communications; client’s rights to access their health information; and why clients cannot waive the Business Associate requirement.

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

PCT Resources

PCT article: What's a HIPAA Business Associate?

PCT article: Clients Have the Right to Receive Unencrypted Emails (and Texts) Under HIPAA

PCT's Sample Request for Non-Secure Communications Form

PCT's Group Practice Service Selection Workbook & Worksheets (free!! Step 1 of the PCT Way)

• support for selecting HIPAA-secure, effective, and economical services to meet your practice's functionality needs

PCT's Group Practice Care Premium service with direct support & consultation service, Group Practice Office Hours, for group practice leaders, plus: 

• assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members

• access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces

• assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we cover a common area of confusion for group practice owners – contractor clinicians. 

We discuss covered entities; HIPAA policies and procedures; IRS factors of control for contractors vs employees; the ABC test to determine classification; contracting as a business to business relationship; acting as a Managed Services Organization (MSO); Business Associate Agreements (BAAs); risk exposure and risk analysis; consequences of misclassifying contractors; and our HIPAA compliance manual service that can help with setup and implementation.

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

Show Notes & Additional Information:

• ABC test for contractors

• • Under the ABC test, a worker is considered an employee and not an independent contractor, unless the hiring entity satisfies all three of the following conditions:

  • • A: The worker is free from the control and direction of the hiring entity in connection with the performance of the work, both under the contract for the performance of the work and in fact;

    • B: The worker performs work that is outside the usual course of the hiring entity’s business; and

    • C: The worker is customarily engaged in an independently established trade, occupation, or business of the same nature as that involved in the work performed.

• JD Supra article: Independent Contractors Under U.S. Law: Knowing Your ABCs

• Independent Contractor Laws by State (with map and key!)

• CMS - Covered Entities and Business Associates 

• • See Business Associates section, particularly: "If a covered entity engages a business associate to help carry out its health care activities and functions, the covered entity must have a written business associate contract or other arrangement with the business associate" and "Also, a covered health care provider, health plan, or health care clearinghouse can be a business associate of another covered entity."

PCT Resources

• Free on-demand webinar (with Maureen Werrbach of the Group Practice Exchange, too!): Structuring Your Group Practice for Success -- Considerations for Contractors VS Employees

• PCT's Group Practice PCT Way HIPAA Compliance Manual & Materials

• • Includes the Terms of Service template for practice as Managed Services Organization and HIPAA Business Associate to contractor clinicians as HIPAA covered entities, template BAAs for executing between practice and contractor clinicians, and comprehensive HIPAA Security Policies & Procedures for the practice as HIPAA covered entity and Business Associate/MSO.

  • Comprehensively covers the HIPAA P&Ps for contractor clinician structure group practices, employee structure group practices, and practices that are hybrid.

• PCT's Group Practice Care Premium service with assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members plus:

• • Access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces

  • Assignable staff HIPAA Security Awareness: Bring Your Own Device training

  • Access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices

  • Direct support & consultation service, Group Practice Office Hours

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we’re talking about HIPAA compliance with phone services in group practice. 

We discuss VoIP, cellular, and landline services; what is subject to the HIPAA Security Rule; how to get a BAA with your phone service provider; phone service providers we recommend; porting phone numbers; managing phone service for a team; and implications for the end of the Public Health Emergency. 

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

More Information

• HHS Guidance on How the HIPAA Rules Permit Covered Health Care Providers and Health Plans to Use Remote Communication Technologies for Audio-Only Telehealth

PCT Resources

• PCT's Group Practice Service Selection Workbook & Worksheets 

• • Free!! Step 1 of the PCT Way

  • Support for selecting HIPAA-secure, effective, and economical phone, video, and communication platforms (and your other practice functionality needs, too!

• PCT's 2023 Practice Primer CE training: Regulatory Changes & Their Implications: What You Need to Know to be in Compliance for a Legal-Ethical Mental Health Practice 

• • (2 legal-ethical CEs!)

• PCT's CE training: Smooth and Secure Use of Phone, Text, Email, and Video to Meet Modern Clients Where They Are: Legal-Ethical and Real-World Considerations

• PCT's Group Practice Care Premium service with assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members 

• • Access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces

  • Assignable staff HIPAA Security Awareness: Bring Your Own Device training

  • Access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices

  • Direct support & consultation service, Group Practice Office Hours

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we take a look at WiFi in group practice settings and what group practice owners should know to keep their practices safe. 

We discuss risks, both classic and new, around WiFi and network security; whether it’s ever okay to connect to unsecured networks on a device that handles PHI; ways to mitigate risk and to be proactive; good cyber hygiene; setting up a trusted network; VPNs; what to do when you don’t have access to the router; and what to use as a last resort. 

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

More Information

• Forbes article "The Real Risks Of Public Wi-Fi: Key Statistics And Usage Data" 

• The Dangers of Using Public Wi-Fi (and How To Stay Safe) 

• Health Sector Cybersecurity Coordination Center's Mobile Device Security Checklist

• • see 'Limit Connectivity': "Device owners should be cautious about which networks they connect to, especially public or other untrusted networks. Connection to residential wireless networks should leverage the use of a VPN, should be through access points and modems that are of reputable brands, and have adequate security features properly configured and updated with the latest firmware/operating system software. Devices should ideally only be used to connect to corporate enterprise infrastructure via an approved and properly encrypted wireless network."

  • (The "hardening" items in the checklist are provided for and supported in PCT's Device Security & Remote Workspace Security process for group practices through Group Practice Care Premium)

PCT Resources

• PCT's Group Practice Care Premium service with assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members plus 

• • access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces

  • assignable staff HIPAA Security Awareness: Bring Your Own Device training 

  • access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices

  • direct support & consultation service, Group Practice Office Hours

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we take a look at how to keep established and potential client info safe and secure on your website. 

We discuss the BetterHelp debacle and lessons we can learn from it; contact forms on websites; what qualifies as PHI; where PHI gets collected through websites; how to set up a secure contact form; HIPAA friendly vs. secure email communication; requests for non secure communication; secure form options; what to include in HIPAA Notice of Privacy Practices; Good Faith Estimates; whether tracking technologies and Google Analytics are permissible; and what is and isn’t included in Google’s BAA.

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

Relevant Resources & Info From Other Sources

• JD Supra article on the issues with Better Help & HIPAA lessons learned -- Better Keep Health Data Private, FTC Signals to On-Line Health Care Providers

• HHS Model Notice of Privacy Practices

• JD Supra's excellent explanation of Psychotherapy Notes

• HHS Office of Civil Rights  bulletin on Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates

• Google on HIPAA & Google Analytics

• Easy Opt Out of Google Analytics (on Google Analytics 4)

PCT Resources

• PCT's Google Workspace Configuration Learning Center 

• • Free access! Including a free training, Making Practice Life Easier & More Efficient with Google Workspace, and checklist) 

  • *see the tutorial in the Miscellaneous Tips section: Misc Tip: How to Create a Contact Form (and put it on your website too!)

• Need to select a secure form (or secure email) service? Use PCT's free Service Selection Workbook & Worksheet for Group Practices

• PCT's Sample Contact Form Conventional Non-Secure Communications Acknowledgement/Opt-In Language

• PCT's Group Practice Care Premium service with Group Practice Office Hours direct support and consultation service + support and team management systems to manage device security, remote workspace security, HIPAA and ethics trainings for group practices