Group Practice Tech
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we’re updating group practice owners on the Change Healthcare breach. We discuss recent guidance from the OCR (the Office of Civil Rights); how Change Healthcare is failing to meet their obligations as a HIPAA Business Associate and as a HIPAA Covered Entity; breach reporting requirements; 3 important pieces of good new for practice owners; how you can talk to clients about this; and whether we recommend preemptively reporting...
info_outlineGroup Practice Tech
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we explain what you can and can’t use a notes app for in a group practice. We discuss what’s permissible under HIPAA; different notes app options for iPhone and Android; notes and PHI; getting BAAs; cloud syncing; policies and procedures around scratch notes; and what the Office of Civil Rights (the HIPAA regulators) say about this topic. Listen here: For more, Resources PCT's free Step 1 of the PCT...
info_outlineGroup Practice Tech
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we’re clearing up common misconceptions about Protected Health Information (PHI) in group practice. We discuss what constitutes PHI and why it matters; why this topic is often confusing; common situations where we see this cause issues in group practice; 18 identifiers of PHI; consequences of misunderstanding what PHI is and is not; identifier codes; and information being reidentified, especially in the age of AI. Listen...
info_outlineGroup Practice Tech
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we share 4 important considerations for psychotherapy notes in a group practice context. We discuss what notes are protected from release; how to quickly find out what your state’s rules are; what to include in your Notice of Privacy Practices about psychotherapy notes; what psychotherapy notes are and are not; having policies in place for documentation; where misconceptions about documentation come from; and how to support your team...
info_outlineGroup Practice Tech
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we explain the ins and outs of who is considered a covered entity in a group practice context. We discuss covered transactions; common reasons why practice owners believe they’re not a covered entity; how long covered entity status lasts; why it matters to follow HIPAA, regardless of covered entity status; Safe Harbor; and a reframe for thinking about HIPAA in group practice. Listen here: For more, Resources ...
info_outlineGroup Practice Tech
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we’re answering a question we frequently get: What are the HIPAA considerations when you have an outside biller for your group practice? We discuss the threat landscape scenario of outside billing; whether you need a BAA with your biller; who should provide the BAA; what should and shouldn’t be in a BAA; and the difference between a Service Level Agreement and a BAA, and when to use each. Listen here: For more,
info_outlineGroup Practice Tech
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we share HIPAA considerations regarding VPNs and password managers for group practice owners. We discuss if you need a BAA with your VPN service or your password management program; the conduit exception; how VPNs work; practice provided services vs personal services; and our specific product recommendations for VPNs and password managers (as well as why we like them). Listen here: For more, Resources ...
info_outlineGroup Practice Tech
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we’re joined by Maureen Werrbach from The Group Practice Exchange to continue our conversation about staff accountability. We discuss how to set your practice apart for new hires; the cyclical nature of group practice ownership; diversifying services; teletherapy vs. in person practice; community marketing; salary vs. commission based pay; dealing with staff attrition when implementing accountabilities; the exact formula Maureen uses...
info_outlineGroup Practice Tech
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we’re joined by Maureen Werrbach from The Group Practice Exchange to talk about accountability in group practice. We discuss how Maureen’s Accountability Equation and how it helps group practices grow; accountability as an ongoing process; effective coaching as a leader; the five A’s of the Accountability Equation; understanding the roles in your practice; making sure the right people are in the right roles; how to communicate when...
info_outlineGroup Practice Tech
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we chat about how to approach staff HIPAA training after the first year. We discuss why we don’t recommend using the same training year after year (and why our system doesn’t allow it); the trainings we typically recommend for year one and why; the trainings we recommend for year two and after and why; and why now is a particularly good time to get started. Listen here: For more, PCT Training Resources --...
info_outlineWelcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.
In our latest episode, we’re diving into Business Associate Agreements (BAAs) for group practice owners.
We discuss what a BAA is; who is considered a business associate; how to execute and enforce a BAA; documenting BAAs; evaluating if a BAA is sufficient; why a HIPAA statement is not a replacement for a BAA; precedent for enforcement action from the Office of Civil Rights; and what qualifies under the conduit exception.
Listen here: https://personcenteredtech.com/group/podcast/
For more, visit our website.
Resources
HHS Model Business Associate Agreement
HHS SAMPLE BUSINESS ASSOCIATE AGREEMENT PROVISIONS
PCT Resources
PCT article: What Is a HIPAA Business Associate?
PCT free CE course: Introduction to HIPAA Security for Group Practice Leaders
PCT's Group Practice PCT Way HIPAA Compliance Manual & Materials -- comprehensive customizable HIPAA Security Policies & Procedure and materials templates specifically for mental health group practices. with a detailed step-by-step project plan and guided instructions for adopting & implementing efficiently
Policies & Procedures include:
Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application.
Computing Devices and Electronic Media Technical Security Policy
Bring Your Own Device (BYOD) Policy
Communications Security Policy
Information Systems Secure Use Policy
Risk Management Policy
Contingency Planning Policy
Device and Document Transport and Storage Policy
Device and Document Disposal Policy
Security Training and Awareness Policy
Passwords and Other Digital Authentication Policy
Software and Hardware Selection Policy
Security Incident Response and Breach Notification Policy
Security Onboarding and Exit Policy
Sanction Policy Policy
Release of Information Security Policy
Remote Access Policy
Data Backup Policy
Facility/Office Access and Physical Security Policy
Facility Network Security Policy
Computing Device Acceptable Use Policy
Business Associate Policy
Access Log Review Policy
Forms & Logs include:
Workforce Security Policies Agreement
Security Incident Report
PHI Access Determination
Password Policy Compliance
BYOD Registration & Termination
Data Backup & Confirmation
Access Log Review
Key & Access Code Issue and Loss
Third-Party Service Vendors
Building Security Plan
Security Schedule
Equipment Security Check
Computing System Access Granting & Revocation
Training Completion
Mini Risk Analysis
Security Incident Response
Security Reminder
Practice Equipment Catalog
+ Workforce Security Manual & Leadership Security Manual -- the role-based practical application oriented distillation of the formal Policies & Procedures
+ 2 complimentary seats of the Security Officer Endorsement Training Program (1 for Security Officer; 1 for Deputy (or future Deputy) Security Officer.
Group Practice Care Premium for weekly (live & recorded) direct support & consultation service, Group Practice Office Hours
+ assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices (for *all* team members at no per-person cost)
+ assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces(for *all* team members at no per-person cost)
+ more