Episode 615: Your Data is Not Your Own: Why VC-Owned Healthcare Wants Your Information
Release Date: 05/08/2026
Episode 615: Your Data is Not Your Own: Why VC-Owned Healthcare Wants Your Information
Group Practice Tech
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we share a cautionary tale about a Talkspace client whose healthcare information was weaponized against them. We discuss: Venture capital firms buying therapy practices, monetizing, and weaponizing client data to make more money A recent case where a Talkspace client’s data was read aloud in court Platforms using client communication to train LLMs and AI platforms How these platforms are profoundly detrimental to clients, therapists, and the profession Why...
info_outline
Episode 614: AI Is Just The Latest Example - Why Training Matters For Every New Tool
Group Practice Tech
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we talk about the importance of proficiency and competency with any tool or modality used in your practice. We discuss: Why training is necessary with any tool or modality used in your practice, not just AI What the professional ethics codes say about competence and proficiency for tools and modalities used How PCT evolved to help clinicians manage the advent of new technology Our upcoming CE training on how to evaluate AI and incorporate it into your...
info_outline
Episode 613: You Discovered Non-Compliant AI Use in Your Practice. Now What?
Group Practice Tech
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we share concrete steps to take if you’ve discovered staff members using non-approved AI platforms in your practice. We discuss: The misconceptions around what constitutes PHI (and why information used to write a progress note absolutely is PHI) Why this is a reportable HIPAA breach Why reporting a HIPAA breach is nowhere near as scary or impactful as you may fear The difference between a large breach and a small breach, and reporting deadlines for...
info_outline
Episode 612: Free Email Isn't Worth It: Why It's a Bad Idea and What To Do Instead
Group Practice Tech
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we explain why free email providers are inherently not HIPAA compliance compatible. We discuss: Why it’s necessary to have a Business Associate Agreement with your email service provider Why clients can’t opt out of HIPAA What requests for alternative or non-secure communication actually mean under the HIPAA Privacy Rule What counts as Protected Health Information (PHI) Why a free email address might be a red flag for prospective clients How to get a BAA...
info_outline
Episode 611: The Real Risks of Using Non-Vetted AI Platforms with Client Information
Group Practice Tech
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we continue our series on AI use within therapy practices by sharing how to explain to your team members why using non-vetted AI platforms is not permissible. We discuss: What counts as Protected Health Information and a breakdown of the often misunderstood 18th identifier under HIPAA How therapy progress notes and clinical notes are inherently identifying AI re-identification risk and why this is possible Why AI use involving client information must be...
info_outline
Episode 610: Don't Panic - But Do Pay Attention: What the Darksword iPhone Exploit Actually Means
Group Practice Tech
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we share information about the recent Darksword iPhone exploit, and what that means for therapy practice owners regarding device security. We discuss: What you need to know about this exploit Device hardening within your security circle Device security gaps we see in everyday practice Pairing technical security measures with behavioral security measures PCT’s resources around risk management and device security Listen here: For more, PCT Resources ...
info_outline
Episode 609: Update: HHS Releases Model NPP for Part 2 Changes — What It Means for Your Practice
Group Practice Tech
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we discuss HHS’s new model Notice of Privacy Practice for Part 2 programs, what has changed, and what that means for your practice. We cover: The Part 2 Final Rule from 2024 Why the Feb. 16th enforcement deadline has been so confusing The model Part 2 NPP and Patient Notice from HHS, and the function of each document Who is considered a lawful holder and what that means Whether you need to switch to the HHS templates What to do if you already used...
info_outline
Episode 608: AI Isn’t the Problem, Lack of Governance Is – A PSA for Group Practice Leadership
Group Practice Tech
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we share a PSA for group practice owners to address unauthorized AI use within your practice. We discuss: What we mean by governance What counts as Protected Health Information (PHI) The standard we use at PCT to determine if something is PHI Why AI tools like ChatGPT are inappropriate for PHI De-identification standards under HIPAA Ethical standards and informed consent for clinical use of AI Concrete next steps to take as a practice leader to address AI...
info_outline
Episode 607: HIPAA After Retirement – How to Close Your Practice the Right Way
Group Practice Tech
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we discuss the HIPAA responsibilities for therapy practice owners when closing their practice or retiring. We cover: Common assumptions about responsibilities after retirement What determines your record retention length How long you must remain contactable after closing your practice and why The key functionalities you need to maintain, and the most economical ways to DIY them Outsourcing to an executor service as an alternative to the DIY approach Common...
info_outline
Episode 606: Being Findable in an AI-Shaped Referral World
Group Practice Tech
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we offer actionable tips for practice owners regarding the rapidly changing landscape of online referral sources. We discuss: How online referral sources have changed over the last year Why Psychology Today is no longer the dominant referral pathway Emphasizing community based referrals How clients are using AI to find therapists How AI tools prioritize results Practical do’s and don’ts for being findable via AI Listen here: For more, PCT Resources ...
info_outlineWelcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.
In our latest episode, we share a cautionary tale about a Talkspace client whose healthcare information was weaponized against them.
We discuss:
- Venture capital firms buying therapy practices, monetizing, and weaponizing client data to make more money
- A recent case where a Talkspace client’s data was read aloud in court
- Platforms using client communication to train LLMs and AI platforms
- How these platforms are profoundly detrimental to clients, therapists, and the profession
- Why when something seems too easy and convenient, you are often the product (and your clients are the product)
- How these companies operate outside of HIPAA Security Rule standards
- The importance of vetting platforms and having BAAs for safeguarding client information
Listen here: https://personcenteredtech.com/group/podcast/
For more, visit our website.
Resources
- Story referenced in episode re: employee termination and litigation using all their session data/content from Talkspace chatbot
- Story regarding AI models failing ethics standards and standards of care
PCT Resources
- Live (and recorded) PCT CE Course: Beyond Hype and Anxiety: A Practical Framework for Ethical AI Use in Clinical Practice is a 4-hour legal-ethical CE training co-presented by Dr. Maelisa McCaffrey and Liath Dalton, designed to help clinicians move beyond fear and guesswork into confident, responsible AI use. The course provides a structured, real-world framework for integrating AI into clinical workflows while upholding HIPAA requirements, ethical standards, and clinical standards of care. Participants will learn how to evaluate AI tools, understand what constitutes PHI (and the limits of de-identification), implement appropriate policies and safeguards, and maintain documentation quality and clinical integrity. With practical tools, decision-making frameworks, and implementation strategies, this training supports clinicians in making informed, defensible decisions about AI use in practice.
- Live Webinar Presentation on May 8th, 2026
- Registration for live training includes receiving ownership of and perpetual access to the on-demand self-study CE training produced from recording of live presentation. Get both the content *and* the CE, even if you can’t join live.
- PCT's recommended/curated collection of role-based foundational and topical needs-based staff trainings, including HIPAA and Privacy Ethics for clinical staff, admins; leadership trainings; clinical staff teletherapy training; director/supervisor training; and topical trainings on documentation, rights of access, suicidality, accessibility, countertransference, and much more.
- Nationally respected, role-based HIPAA and privacy ethics and teletherapy training built for mental health staff
- On-demand trainings are accessible in perpetuity and do not expire.
- APA, NBCC, and multiple state licensing board CE provider approvals mean that CE courses count towards licensure renewal requirements for your clinical team.
- Group Practice Care Premium
- weekly (live & recorded) direct support & consultation service, Group Practice Office Hours — including monthly session with therapist attorney Eric Ström, JD PhD LMHC
- Device Security Suite: assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost)
- Remote Workspace Security Suite: assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more
- PCT’s Comprehensive HIPAA Security Compliance Program (discounted) bundles:
-
- For Group Practices
- For Solo Practitioners
- Comprehensive HIPAA Security Policies & Procedures
- Forms & Logs for documenting implementation and maintenance of Policies & Procedures in practice
- Device & Workspace Security Suites
- Direct Support & Consultation from PCT team + therapist attorney Eric Ström, JD PhD LMHC (live & recorded + searchable library)
- Includes the Risk Analysis & Risk Mitigation Planning service + tool
- HIPAA Security & Privacy Ethics training
-