loader from loading.io

Episode 401: When Email Goes Awry, How to Prevent the Most Common Source of HIPAA Breaches

Group Practice Tech

Release Date: 01/26/2024

Episode 419: What You Must Know About Protected Health Information show art Episode 419: What You Must Know About Protected Health Information

Group Practice Tech

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.   In our latest episode, we’re clearing up common misconceptions about Protected Health Information (PHI) in group practice.   We discuss what constitutes PHI and why it matters; why this topic is often confusing; common situations where we see this cause issues in group practice; 18 identifiers of PHI; consequences of misunderstanding what PHI is and is not; identifier codes; and information being reidentified, especially in the age of AI.   Listen...

info_outline Episode 418: 4 Things You Need to Know About Psychotherapy Notes show art Episode 418: 4 Things You Need to Know About Psychotherapy Notes

Group Practice Tech

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.   In our latest episode, we share 4 important considerations for psychotherapy notes in a group practice context.   We discuss what notes are protected from release; how to quickly find out what your state’s rules are; what to include in your Notice of Privacy Practices about psychotherapy notes; what psychotherapy notes are and are not; having policies in place for documentation; where misconceptions about documentation come from; and how to support your team...

info_outline Episode 417: What You Should Know About HIPAA Covered Entity Status show art Episode 417: What You Should Know About HIPAA Covered Entity Status

Group Practice Tech

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.   In our latest episode, we explain the ins and outs of who is considered a covered entity in a group practice context.   We discuss covered transactions; common reasons why practice owners believe they’re not a covered entity; how long covered entity status lasts; why it matters to follow HIPAA, regardless of covered entity status; Safe Harbor; and a reframe for thinking about HIPAA in group practice.   Listen here:   For more, Resources ...

info_outline Episode 416: What You Need to Know and Do Under HIPAA if Your Practice Uses an Outside Biller show art Episode 416: What You Need to Know and Do Under HIPAA if Your Practice Uses an Outside Biller

Group Practice Tech

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.   In our latest episode, we’re answering a question we frequently get: What are the HIPAA considerations when you have an outside biller for your group practice?   We discuss the threat landscape scenario of outside billing; whether you need a BAA with your biller; who should provide the BAA; what should and shouldn’t be in a BAA; and the difference between a Service Level Agreement and a BAA, and when to use each.   Listen here:   For more,

info_outline Episode 415: [Tech Tips] VPNs, Password Managers, and HIPAA show art Episode 415: [Tech Tips] VPNs, Password Managers, and HIPAA

Group Practice Tech

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.   In our latest episode, we share HIPAA considerations regarding VPNs and password managers for group practice owners.   We discuss if you need a BAA with your VPN service or your password management program; the conduit exception; how VPNs work; practice provided services vs personal services; and our specific product recommendations for VPNs and password managers (as well as why we like them).   Listen here:   For more, Resources ...

info_outline Episode 414: An Interview with Maureen Werrbach on the Accountability Equation Part 2 of 2 show art Episode 414: An Interview with Maureen Werrbach on the Accountability Equation Part 2 of 2

Group Practice Tech

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.   In our latest episode, we’re joined by Maureen Werrbach from The Group Practice Exchange to continue our conversation about staff accountability.   We discuss how to set your practice apart for new hires; the cyclical nature of group practice ownership; diversifying services; teletherapy vs. in person practice; community marketing; salary vs. commission based pay; dealing with staff attrition when implementing accountabilities; the exact formula Maureen uses...

info_outline Episode 413: An Interview with Maureen Werrbach on the Accountability Equation Part 1 of 2 show art Episode 413: An Interview with Maureen Werrbach on the Accountability Equation Part 1 of 2

Group Practice Tech

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.   In our latest episode, we’re joined by Maureen Werrbach from The Group Practice Exchange to talk about accountability in group practice.   We discuss how Maureen’s Accountability Equation and how it helps group practices grow; accountability as an ongoing process; effective coaching as a leader; the five A’s of the Accountability Equation; understanding the roles in your practice; making sure the right people are in the right roles; how to communicate when...

info_outline Episode 412: Staff HIPAA Training in Year 2, and Beyond show art Episode 412: Staff HIPAA Training in Year 2, and Beyond

Group Practice Tech

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.   In our latest episode, we chat about how to approach staff HIPAA training after the first year.   We discuss why we don’t recommend using the same training year after year (and why our system doesn’t allow it); the trainings we typically recommend for year one and why; the trainings we recommend for year two and after and why; and why now is a particularly good time to get started.   Listen here:   For more, PCT Training Resources --...

info_outline Episode 411: Cybersecurity Performance Goals show art Episode 411: Cybersecurity Performance Goals

Group Practice Tech

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.   In our latest episode, we explain the cybersecurity goals as outlined by Health and Human Services (HHS) in light of the upcoming HIPAA Security Rule changes.   We discuss the different categories of goals that are outlined; being proactive so your practice is ready when changes come; the essential goals HHS has outlined and what they mean; the encouraged goals HHS has outlined and what they mean; why these goals make sense; and how the PCT Way can help you meet...

info_outline Episode 410: Upcoming HIPAA Security Rule Changes show art Episode 410: Upcoming HIPAA Security Rule Changes

Group Practice Tech

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.   In our latest episode, we give group practice owners a heads up about upcoming changes to the HIPAA Security Rule.    We discuss what the focus of these rule changes will be; why the changes are happening; steps you can take to be proactive about HIPAA changes; and PCT’s practical tools to help you get on top of things in a manageable way.   Listen here:   For more, Resources & Further Information PCT Resources ...

info_outline
 
More Episodes

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we talk about ways to prevent HIPAA email breaches in a group practice setting.

We discuss common email-related breaches we see for group practices; email and PHI; large vs. small breaches; the implications of having a HIPAA breach; policies and procedures to mitigate email errors; how to send mass client notifications securely; settings to have in place in your email service; and what makes an email service HIPAA compliant.

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

PCT Resources

  • PCT's Google Workspace Configuration Learning Center (see part 9, 'the sharing and the forwarding', for tutorial on managing forwarding settings)

  • Free CE course: Introduction to HIPAA Security for Group Practice Leaders (1 legal-ethical CE course)

  • OCR Breach Report Questions  -- know the contents of what is asked/what you need to provide *before* starting the breach report in the OCR's online portal for breach reporting

  • CE course: HIPAA Security Incidents & Breaches: Investigation, Documentation, And Reporting (1.5 legal-ethical CE credit hours)

  • Group Practice Care Premium  for weekly (live & recorded) direct support & consultation, Group Practice Office Hours, with the PCT team + Eric Ström, JD PhD LMHC (monthly)

  • PCT's Group Practice PCT Way HIPAA Compliance Manual & Materials -- comprehensive customizable HIPAA Security Policies & Procedure and materials templates specifically for mental health group practices. with a detailed step-by-step project plan and guided instructions for adopting & implementing efficiently **includes policy prohibition on use of BCC and CC; workforce forwarding emails from their practice email account to personal email account; data entry checking/not using autofill suggestions for recipients -- the P&P components that address the email gone awry situations we discussed in the podcast episode

    • Policies & Procedures include:

      • Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application.

      • Computing Devices and Electronic Media Technical Security Policy

      • Bring Your Own Device (BYOD) Policy

      • Communications Security Policy

      • Information Systems Secure Use Policy

      • Risk Management Policy

      • Contingency Planning Policy

      • Device and Document Transport and Storage Policy

      • Device and Document Disposal Policy

      • Security Training and Awareness Policy

      • Passwords and Other Digital Authentication Policy

      • Software and Hardware Selection Policy

      • Security Incident Response and Breach Notification Policy

      • Security Onboarding and Exit Policy

      • Sanction Policy Policy

      • Release of Information Security Policy

      • Remote Access Policy

      • Data Backup Policy

      • Facility/Office Access and Physical Security Policy

      • Facility Network Security Policy

      • Computing Device Acceptable Use Policy

      • Business Associate Policy

      • Access Log Review Policy

    • Forms & Logs include:

      • Workforce Security Policies Agreement

      • Security Incident Report

      • PHI Access Determination

      • Password Policy Compliance

      • BYOD Registration & Termination

      • Data Backup & Confirmation

      • Access Log Review

      • Key & Access Code Issue and Loss

      • Third-Party Service Vendors

      • Building Security Plan

      • Security Schedule

      • Equipment Security Check

      • Computing System Access Granting & Revocation

      • Training Completion

      • Mini Risk Analysis

      • Security Incident Response

      • Security Reminder

      • Practice Equipment Catalog

    • + Workforce Security Manual & Leadership Security Manual -- the role-based practical application oriented distillation of the formal Policies & Procedures

    • + 2 complimentary seats of the Security Officer Endorsement Training Program (1 for Security Officer; 1 for Deputy (or future Deputy) Security Officer.