Episode 421: What You Need to Know About Breach Reporting If Your Practice Was Impacted By The Change Healthcare Debacle
Release Date: 06/14/2024
Group Practice Tech
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we discuss Apple's Private Relay function and whether it can be used in a group practice context. We discuss: Security policies around network security and device security, particularly BYOD policies How Private Relay works, and its limitations How Private Relay is similar to a VPN (and how it is different) What functionality is required for network and device security Private Relay alternatives and their limitations Our...
info_outline Episode 441: What the Rate Cuts for Headway and Alma Mean to YouGroup Practice Tech
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we explore the impact of the recent rate cuts for Headway and Alma clinicians. We discuss: The common anxieties around corporate/VC owned telehealth companies The incentives these companies use to lure clinicians The cracks starting to appear in these companies How the rate cuts will impact clinicians How the rate cuts will impact group practices and solo practices Listen here: For more, Resources Clear Health Costs article: Clear Health...
info_outline Episode 440: MFA Made Easy with Google AuthenticatorGroup Practice Tech
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we’re chatting about multi-factor authentication for group practices. We discuss: What multi-factor authentication is and why it’s important Different types of factors for authentication What Google Authenticator is and how it works What accounts you can use Google Authenticator for HIPAA considerations for using Google Authenticator Using Google Authenticator appropriately in a group practice...
info_outline Episode 439: What Info is Actually Part of the Client's RecordGroup Practice Tech
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we explain what makes up a client’s record. We discuss: HIPAA regulations vs. state laws What communications are included in a client’s record and why The distinction between progress notes and psychotherapy notes Resources for training your staff on rethinking notes The Open Notes Rule Managing documentation compliance in your practice Listen here: For more, Resources (under HIPAA) (JD...
info_outline Episode 438: Google's Gemini AI Tool & HIPAAGroup Practice Tech
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we look at Google’s Gemini AI tool through a HIPAA lens. We discuss: Common use cases for Gemini in a group practice context What’s covered under the Google Workspace BAA (and what isn’t) Ethical and legal considerations for using PHI with AI tools Informed consent for clients when AI tools are used for clinical documentation Establishing a Gemini usage policy for your practice Listen here: For more, Resources ...
info_outline Episode 437: Hurricanes, HIPAA Waivers, and SupportGroup Practice Tech
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we’re chatting about what to do if your practice experiences a natural disaster, like a hurricane. We discuss: The recent hurricanes impacting the southeast US Prioritizing access to care Limited HIPAA waivers for disasters and emergencies And situations where the waivers would apply Resources for group practices in and out of the affected areas Listen here: For more, Resources & Support For...
info_outline Episode 436: Neurodivergent Leadership and Fostering a Neurodivergent-friendly Work Culture, with guest Patrick CasaleGroup Practice Tech
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we’re joined by Patrick Casale from All Things Private Practice to talk about how to create a neuro-affirming therapy practice. We discuss: Understanding your own neurotype as a leader Considerations for developing a neuro-affirming workplace Creating an environment where staff can ask for the accommodations they need Resources for practice owners to improve accessibility Therapist directories that prioritize accessibility and...
info_outline Episode 435: Doubt Yourself, Do It Anyway – Discussing Authentic Leadership with guest Patrick CasaleGroup Practice Tech
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we’re joined by Patrick Casale from All Things Private Practice to talk about leadership and authenticity. We discuss: What “doubt yourself, do it anyway” means The fear and power of vulnerability Patrick’s retreats and summits for mental health professionals Expanding beyond private practice Using fear as a gas pedal, not a brake Next year’s retreat for leaders in Greece, hosted by Patrick, where Liath is speaking Listen...
info_outline Episode 434: Secure, Efficient, and Effective Ways to Record Client Sessions When NeededGroup Practice Tech
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we’re explaining how to securely record in person and teletherapy client sessions. We discuss: Why sessions may need to be recorded The risks around different ways to record sessions The easiest way to record sessions securely (for most practices, without adding a new service to your tech stack) Exactly how to record sessions in Google Meet For sessions using Google Meet, another teletherapy platform, and meeting in person ...
info_outline Episode 433: Intersections of Accessibility & Technology in Therapy PracticeGroup Practice Tech
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we chat with therapist Emily Decker about how to make group practice more accessible, both for clients and staff. We discuss: The number of mental health clinicians who are disabled Navigating identity as a disabled person and as a helping professional, especially where those identities intersect Practice culture and neurodivergence Ways to create a disability affirming culture within group practice (for clients and staff) Unpacking...
info_outlineWelcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.
In our latest episode, we’re updating group practice owners on the Change Healthcare breach.
We discuss recent guidance from the OCR (the Office of Civil Rights); how Change Healthcare is failing to meet their obligations as a HIPAA Business Associate and as a HIPAA Covered Entity; breach reporting requirements; 3 important pieces of good new for practice owners; how you can talk to clients about this; and whether we recommend preemptively reporting this breach on your own.
Listen here: https://personcenteredtech.com/group/podcast/
For more, visit our website.
Direct Resources
-
from HHS and the OCR: "Change Healthcare Cybersecurity Incident Frequently Asked Questions" -- see FAQ #6 in particular
PCT Resources
-
PCT CE Training: HIPAA Security Incidents & Breaches: Investigation, Documentation, and Reporting (1.5 legal-ethical CE credit hour on-demand, self-study video course)
-
HIPAA Risk Analysis & Risk Mitigation Planning service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks.
-
weekly (live & recorded) direct support & consultation service, Group Practice Office Hours
-
+ assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost)
-
+ assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more
Other Related & Relevant Resources
-
JD Supra Article & Podcast from healthcare attorneys: "What to Do When Your Business Associate Suffers a Ransomware Attack"
-
Also see the Ransomware Breach Decision Tree
-
Wired Article: Medical-Targeted Ransomware Is Breaking Records After Change Healthcare $22M Payout