Group Practice Tech
Group Practice Tech by Person Centered Tech: a podcast where we help mental health group practice owners ethically and effectively leverage tech to improve their practices.
info_outline
Episode 417: What You Should Know About HIPAA Covered Entity Status
05/17/2024
Episode 417: What You Should Know About HIPAA Covered Entity Status
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we explain the ins and outs of who is considered a covered entity in a group practice context. We discuss covered transactions; common reasons why practice owners believe they’re not a covered entity; how long covered entity status lasts; why it matters to follow HIPAA, regardless of covered entity status; Safe Harbor; and a reframe for thinking about HIPAA in group practice. Listen here: For more, Resources PCT Resources From our article archives: weekly (live & recorded) direct support & consultation service, Group Practice Office Hours + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks.
/episode/index/show/grouppracticetech/id/31340657
info_outline
Episode 416: What You Need to Know and Do Under HIPAA if Your Practice Uses an Outside Biller
05/10/2024
Episode 416: What You Need to Know and Do Under HIPAA if Your Practice Uses an Outside Biller
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we’re answering a question we frequently get: What are the HIPAA considerations when you have an outside biller for your group practice? We discuss the threat landscape scenario of outside billing; whether you need a BAA with your biller; who should provide the BAA; what should and shouldn’t be in a BAA; and the difference between a Service Level Agreement and a BAA, and when to use each. Listen here: For more,
/episode/index/show/grouppracticetech/id/31217652
info_outline
Episode 415: [Tech Tips] VPNs, Password Managers, and HIPAA
05/03/2024
Episode 415: [Tech Tips] VPNs, Password Managers, and HIPAA
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we share HIPAA considerations regarding VPNs and password managers for group practice owners. We discuss if you need a BAA with your VPN service or your password management program; the conduit exception; how VPNs work; practice provided services vs personal services; and our specific product recommendations for VPNs and password managers (as well as why we like them). Listen here: For more, Resources PCT Resources PCT Blog post: PCT's free Step 1 of the PCT Way -- support for selecting HIPAA-secure, effective, and economical services to meet your practice's functionality and operational need weekly (live & recorded) direct support & consultation service, Group Practice Office Hours + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks.
/episode/index/show/grouppracticetech/id/31095053
info_outline
Episode 414: An Interview with Maureen Werrbach on the Accountability Equation Part 2 of 2
04/26/2024
Episode 414: An Interview with Maureen Werrbach on the Accountability Equation Part 2 of 2
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we’re joined by Maureen Werrbach from The Group Practice Exchange to continue our conversation about staff accountability. We discuss how to set your practice apart for new hires; the cyclical nature of group practice ownership; diversifying services; teletherapy vs. in person practice; community marketing; salary vs. commission based pay; dealing with staff attrition when implementing accountabilities; the exact formula Maureen uses to negotiate rate increases with insurance companies; and where you can find more information about working with Maureen and the Accountability Equation. Listen here: For more, Resources Learn more about the Accountability Equation and the option to join Maureen's next digital cohort Hear more about the Accountability Equation and what implementation in practice looks like on the Group Practice Exchange podcast (use the search feature for keyword 'accountability' and the results will be all the great episodes on the Accountability Equation) PCT Resources weekly (live & recorded) direct support & consultation service, Group Practice Office Hours, for group practice leaders Group Practice Office Hours also includes special guest sessions with experts including Maureen Werrbach of the Group Practice Exchange, Kelly & Miranda from ZynnyMe Business School for Therapists, Maelisa McCaffrey of QA Prep, and monthly sessions co-facilitated by therapist attorney Eric Ström, JD PhD LMHC + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more
/episode/index/show/grouppracticetech/id/30989513
info_outline
Episode 413: An Interview with Maureen Werrbach on the Accountability Equation Part 1 of 2
04/19/2024
Episode 413: An Interview with Maureen Werrbach on the Accountability Equation Part 1 of 2
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we’re joined by Maureen Werrbach from The Group Practice Exchange to talk about accountability in group practice. We discuss how Maureen’s Accountability Equation and how it helps group practices grow; accountability as an ongoing process; effective coaching as a leader; the five A’s of the Accountability Equation; understanding the roles in your practice; making sure the right people are in the right roles; how to communicate when someone isn’t in the right role; determining the accountabilities for each role; how this framework can be applied to new group practices and established group practices; how to keep track of everyone’s accountabilities; and how to set actionable goals and microgoals. Listen here: For more, Resources Learn more about the Accountability Equation and the option to join Maureen's next digital cohort Hear more about the Accountability Equation and what implementation in practice looks like on the Group Practice Exchange podcast (use the search feature for keyword 'accountability' and the results will be all the great episodes on the Accountability Equation) PCT Resources weekly (live & recorded) direct support & consultation service, Group Practice Office Hours, for group practice leaders Group Practice Office Hours also includes special guest sessions with experts including Maureen Werrbach of the Group Practice Exchange, Kelly & Miranda from ZynnyMe Business School for Therapists, Maelisa McCaffrey of QA Prep, and monthly sessions co-facilitated by therapist attorney Eric Ström, JD PhD LMHC + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more
/episode/index/show/grouppracticetech/id/30891303
info_outline
Episode 412: Staff HIPAA Training in Year 2, and Beyond
04/12/2024
Episode 412: Staff HIPAA Training in Year 2, and Beyond
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we chat about how to approach staff HIPAA training after the first year. We discuss why we don’t recommend using the same training year after year (and why our system doesn’t allow it); the trainings we typically recommend for year one and why; the trainings we recommend for year two and after and why; and why now is a particularly good time to get started. Listen here: For more, PCT Training Resources -- see PCT's role-based HIPAA & ethics, teletherapy, and topical needs-based trainings Foundational HIPAA Trainings -- recommended for year 1; if not done in year 1, use for year 2: (2 legal-ethical CE) Admin Staff: Security Officer: (10 legal-ethical CE) Leadership: (2 legal-ethical CE) Practical Application Focused Trainings -- available only through , included for all team members at no per-person cost -- recommended for year 2, if not done in year 1: *Select* Topical Needs-Based Trainings -- recommended for year 2 and beyond if foundational HIPAA trainings & practical application focused trainings have been completed -- **see our full curated collection of topical needs-based training section in our : (2 legal-ethical CE) (2 legal-ethical CE) (5 CE, 3 of which is legal-ethical CE) Use PCT's team training management system, provided through Basic (free!) OR Premium to assign trainings to team members, see progress/completion status, and let PCT take care of assignment notifications and reminders! Additional PCT Resources + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more weekly (live & recorded) direct support & consultation service, Group Practice Office Hours, for leadership
/episode/index/show/grouppracticetech/id/30788703
info_outline
Episode 411: Cybersecurity Performance Goals
04/05/2024
Episode 411: Cybersecurity Performance Goals
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we explain the cybersecurity goals as outlined by Health and Human Services (HHS) in light of the upcoming HIPAA Security Rule changes. We discuss the different categories of goals that are outlined; being proactive so your practice is ready when changes come; the essential goals HHS has outlined and what they mean; the encouraged goals HHS has outlined and what they mean; why these goals make sense; and how the PCT Way can help you meet these cybersecurity goals. Listen here: For more, Resources Concept Paper HealthIT Security article: HealthIT Security article: PCT Resources weekly (live & recorded) direct support & consultation service, Group Practice Office Hours + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks. PCT's -- comprehensive customizable HIPAA Security Policies & Procedure and materials templates specifically for mental health group practices. with a detailed step-by-step project plan and guided instructions for adopting & implementing efficiently **includes policy prohibition on use of BCC and CC; workforce forwarding emails from their practice email account to personal email account; data entry checking/not using autofill suggestions for recipients -- the P&P components that address the email gone awry situations we discussed in the podcast episode Policies & Procedures include: Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application. Computing Devices and Electronic Media Technical Security Policy Bring Your Own Device (BYOD) Policy Communications Security Policy Information Systems Secure Use Policy Risk Management Policy Contingency Planning Policy Device and Document Transport and Storage Policy Device and Document Disposal Policy Security Training and Awareness Policy Passwords and Other Digital Authentication Policy Software and Hardware Selection Policy Security Incident Response and Breach Notification Policy Security Onboarding and Exit Policy Sanction Policy Policy Release of Information Security Policy Remote Access Policy Data Backup Policy Facility/Office Access and Physical Security Policy Facility Network Security Policy Computing Device Acceptable Use Policy Business Associate Policy Access Log Review Policy Forms & Logs include: Workforce Security Policies Agreement Security Incident Report PHI Access Determination Password Policy Compliance BYOD Registration & Termination Data Backup & Confirmation Access Log Review Key & Access Code Issue and Loss Third-Party Service Vendors Building Security Plan Security Schedule Equipment Security Check Computing System Access Granting & Revocation Training Completion Mini Risk Analysis Security Incident Response Security Reminder Practice Equipment Catalog + Workforce Security Manual & Leadership Security Manual -- the role-based practical application oriented distillation of the formal Policies & Procedures + 2 complimentary seats of the Security Officer Endorsement Training Program (1 for Security Officer; 1 for Deputy (or future Deputy) Security Officer.
/episode/index/show/grouppracticetech/id/30686648
info_outline
Episode 410: Upcoming HIPAA Security Rule Changes
03/29/2024
Episode 410: Upcoming HIPAA Security Rule Changes
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we give group practice owners a heads up about upcoming changes to the HIPAA Security Rule. We discuss what the focus of these rule changes will be; why the changes are happening; steps you can take to be proactive about HIPAA changes; and PCT’s practical tools to help you get on top of things in a manageable way. Listen here: For more, Resources & Further Information PCT Resources service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks. weekly (live & recorded) direct support & consultation service, Group Practice Office Hours + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more PCT's -- comprehensive customizable HIPAA Security Policies & Procedure and materials templates specifically for mental health group practices. with a detailed step-by-step project plan and guided instructions for adopting & implementing efficiently **includes policy prohibition on use of BCC and CC; workforce forwarding emails from their practice email account to personal email account; data entry checking/not using autofill suggestions for recipients -- the P&P components that address the email gone awry situations we discussed in the podcast episode Policies & Procedures include: Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application. Computing Devices and Electronic Media Technical Security Policy Bring Your Own Device (BYOD) Policy Communications Security Policy Information Systems Secure Use Policy Risk Management Policy Contingency Planning Policy Device and Document Transport and Storage Policy Device and Document Disposal Policy Security Training and Awareness Policy Passwords and Other Digital Authentication Policy Software and Hardware Selection Policy Security Incident Response and Breach Notification Policy Security Onboarding and Exit Policy Sanction Policy Policy Release of Information Security Policy Remote Access Policy Data Backup Policy Facility/Office Access and Physical Security Policy Facility Network Security Policy Computing Device Acceptable Use Policy Business Associate Policy Access Log Review Policy Forms & Logs include: Workforce Security Policies Agreement Security Incident Report PHI Access Determination Password Policy Compliance BYOD Registration & Termination Data Backup & Confirmation Access Log Review Key & Access Code Issue and Loss Third-Party Service Vendors Building Security Plan Security Schedule Equipment Security Check Computing System Access Granting & Revocation Training Completion Mini Risk Analysis Security Incident Response Security Reminder Practice Equipment Catalog + Workforce Security Manual & Leadership Security Manual -- the role-based practical application oriented distillation of the formal Policies & Procedures + 2 complimentary seats of the Security Officer Endorsement Training Program (1 for Security Officer; 1 for Deputy (or future Deputy) Security Officer.
/episode/index/show/grouppracticetech/id/30587698
info_outline
Episode 409: The Forthcoming Return of Random HIPAA Audits
03/22/2024
Episode 409: The Forthcoming Return of Random HIPAA Audits
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we share ways to be proactive in light of the news that random HIPAA audits are returning. We discuss why there’s still no HIPAA police; the function of these random audits; where the gaps in compliance have been historically; what auditors will likely be looking for; the importance of risk analyses, risk mitigation plans, and policies & procedures; how many HIPAA covered entities were audited the last time the program was active; and PCT’s resources to help you get started with formal compliance in a shame-free way. Listen here: For more, Resources & further information: JD Supra article: PCT Resources service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks. weekly (live & recorded) direct support & consultation service, Group Practice Office Hours + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more PCT's -- comprehensive customizable HIPAA Security Policies & Procedure and materials templates specifically for mental health group practices. with a detailed step-by-step project plan and guided instructions for adopting & implementing efficiently **includes policy prohibition on use of BCC and CC; workforce forwarding emails from their practice email account to personal email account; data entry checking/not using autofill suggestions for recipients -- the P&P components that address the email gone awry situations we discussed in the podcast episode Policies & Procedures include Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application. Computing Devices and Electronic Media Technical Security Policy Bring Your Own Device (BYOD) Policy Communications Security Policy Information Systems Secure Use Policy Risk Management Policy Contingency Planning Policy Device and Document Transport and Storage Policy Device and Document Disposal Policy Security Training and Awareness Policy Passwords and Other Digital Authentication Policy Software and Hardware Selection Policy Security Incident Response and Breach Notification Policy Security Onboarding and Exit Policy Sanction Policy Policy Release of Information Security Policy Remote Access Policy Data Backup Policy Facility/Office Access and Physical Security Policy Facility Network Security Policy Computing Device Acceptable Use Policy Business Associate Policy Access Log Review Policy Forms & Logs include: Workforce Security Policies Agreement Security Incident Report PHI Access Determination Password Policy Compliance BYOD Registration & Termination Data Backup & Confirmation Access Log Review Key & Access Code Issue and Loss Third-Party Service Vendors Building Security Plan Security Schedule Equipment Security Check Computing System Access Granting & Revocation Training Completion Mini Risk Analysis Security Incident Response Security Reminder Practice Equipment Catalog + Workforce Security Manual & Leadership Security Manual -- the role-based practical application oriented distillation of the formal Policies & Procedures + 2 complimentary seats of the Security Officer Endorsement Training Program (1 for Security Officer; 1 for Deputy (or future Deputy) Security Officer.
/episode/index/show/grouppracticetech/id/30485573
info_outline
Episode 408: Smart Notebooks – HIPAA Considerations and Risks
03/15/2024
Episode 408: Smart Notebooks – HIPAA Considerations and Risks
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we explain why smart notebooks cannot be used in therapy practices. We discuss why smart notebooks are popular; how smart notebooks work and why they’re in HIPAA’s scope; risk exposure; device security and hardening; communicating to clinicians that these devices are not HIPAA compatible; ways to support documentation processes that are HIPAA compatible; and what to do if you find out a clinician has been using a smart notebook. Listen here: For more, PCT Resources weekly (live & recorded) direct support & consultation service, Group Practice Office Hours + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks.
/episode/index/show/grouppracticetech/id/30376823
info_outline
Episode 407: Change Healthcare Cyber Attack – the Impact
03/08/2024
Episode 407: Change Healthcare Cyber Attack – the Impact
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we discuss the recent Change Healthcare cyber attack and its impact for group practices. We cover what we know and what we don’t know yet; resources to help you take practical steps; how many people are impacted by this breach; the ongoing investigations; ransomware attacks; who is liable for this incident; maintaining operational continuity; and the importance of being proactive in your security practices. Listen here: For more, Resources HealthIT Security article: PCT Resources weekly (live & recorded) direct support & consultation service, Group Practice Office Hours + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks.
/episode/index/show/grouppracticetech/id/30282173
info_outline
Episode 406: Key Takeaways from the HIPAA Regulators Annual Reports
03/01/2024
Episode 406: Key Takeaways from the HIPAA Regulators Annual Reports
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we summarize what group practice owners should know about the Office of Civil Rights Annual Reports to Congress and explain how understanding them can inform risk management. We discuss the compliance report from the Office of Civil Rights (OCR); how complaints filed were resolved; compliance reviews vs. audits; reframing the (very common) fear of HIPAA complaints; the unsecured PHI report from the OCR; risk management for avoiding large breaches; the importance of reporting breaches; and the primary sources of breaches and ways to minimize them. Listen here: For more, References PCT Resources weekly (live & recorded) direct support & consultation service, Group Practice Office Hours + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks. PCT's -- comprehensive customizable HIPAA Security Policies & Procedure and materials templates specifically for mental health group practices. with a detailed step-by-step project plan and guided instructions for adopting & implementing efficiently **includes policy prohibition on use of BCC and CC; workforce forwarding emails from their practice email account to personal email account; data entry checking/not using autofill suggestions for recipients -- the P&P components that address the email gone awry situations we discussed in the podcast episode Policies & Procedures include: Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application. Computing Devices and Electronic Media Technical Security Policy Bring Your Own Device (BYOD) Policy Communications Security Policy Information Systems Secure Use Policy Risk Management Policy Contingency Planning Policy Device and Document Transport and Storage Policy Device and Document Disposal Policy Security Training and Awareness Policy Passwords and Other Digital Authentication Policy Software and Hardware Selection Policy Security Incident Response and Breach Notification Policy Security Onboarding and Exit Policy Sanction Policy Policy Release of Information Security Policy Remote Access Policy Data Backup Policy Facility/Office Access and Physical Security Policy Facility Network Security Policy Computing Device Acceptable Use Policy Business Associate Policy Access Log Review Policy Forms & Logs include: Workforce Security Policies Agreement Security Incident Report PHI Access Determination Password Policy Compliance BYOD Registration & Termination Data Backup & Confirmation Access Log Review Key & Access Code Issue and Loss Third-Party Service Vendors Building Security Plan Security Schedule Equipment Security Check Computing System Access Granting & Revocation Training Completion Mini Risk Analysis Security Incident Response Security Reminder Practice Equipment Catalog + Workforce Security Manual & Leadership Security Manual -- the role-based practical application oriented distillation of the formal Policies & Procedures + 2 complimentary seats of the Security Officer Endorsement Training Program (1 for Security Officer; 1 for Deputy (or future Deputy) Security Officer.
/episode/index/show/grouppracticetech/id/30193488
info_outline
Episode 405: Teletherapy – Cross-Jurisdictional Practice & Licensure Compacts Updates
02/23/2024
Episode 405: Teletherapy – Cross-Jurisdictional Practice & Licensure Compacts Updates
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we’re exploring what group practice owners should know about cross-jurisdictional practice in the age of teletherapy. We discuss the shifting landscape of cross-jurisdictional practice; different licensure compacts to be aware of; applying for privileges to practice under licensure compacts; telehealth training requirements; service and payment parity; payment parity advocacy; states that restrict teletherapy based on provider location; temporary practice provisions; and our upcoming CE training event on March 1 that will dive deeper into this topic. Listen here: For more, Resources & References (APIT) PCT Resources CE course: (2 legal-ethical CE hours) PCT's PCT's (for individual clinicians) PCT's
/episode/index/show/grouppracticetech/id/30072128
info_outline
Episode 404: HIPAA-friendly Texting – What You Need to Know
02/16/2024
Episode 404: HIPAA-friendly Texting – What You Need to Know
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we’re covering the fundamentals of texting in group practice. We discuss HIPAA compliance as a process, not a product; secure and non-secure text messaging; client requested alternative communications; how to use SMS texting in a compliance compatible way; what to have in place with your phone service provider; what to do about personal phone services; phone service providers we recommend (and don’t recommend) for teams; and how to document text messages. Listen here: For more, PCT Resources PCT's : Request for Non-Secure Communications Communication Policy (Client Facing) Email & Texting Risk Questionnaire PCT's free Step 1 of the PCT Way -- support for selecting HIPAA-secure, effective, and economical services to meet your practice's functionality and operational needs, including phone and texting (SMS and secure texting) CE course: (3 legal-ethical CE credit hours) weekly (live & recorded) direct support & consultation service, Group Practice Office Hours + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks.
/episode/index/show/grouppracticetech/id/29976848
info_outline
Episode 403: Device Safe Harbor --Why it's Essential for Your Practice
02/12/2024
Episode 403: Device Safe Harbor --Why it's Essential for Your Practice
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we explain how and why to get Safe Harbor in place on your group practice devices. We discuss what Safe Harbor means; the HIPAA Breach Notification Rule; the security measures that are the cornerstones of Safe Harbor; different ways PHI can end up on devices, even when using cloud based services; and the PCT resources available to help secure your practice devices. Listen here: For more, PCT Resources weekly (live & recorded) direct support & consultation service, Group Practice Office Hours + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more PCT article: service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks.
/episode/index/show/grouppracticetech/id/29912778
info_outline
Episode 402: HIPAA Considerations for Smartwatches
02/02/2024
Episode 402: HIPAA Considerations for Smartwatches
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we’re covering what you need to know about HIPAA and your smartwatch. We discuss common questions we get from group practice leaders about smartwatches; the limitations of smartwatch security; whether smartwatches should be included as BYOD registered devices; potential issues with smartwatch notifications; and security measures to put in place for Apple Watches and Android smartwatches. Listen here: For more, Resources From Apple: From Apple: -- See "Customize Your Apple Watch Notification Settings" and "Keeping Notifications Private" sections in particular Google Pixel Watch: Google Pixel Watch: From Samsung: From Samsung: PCT Resources weekly (live & recorded) direct support & consultation service, Group Practice Office Hours + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces(for *all* team members at no per-person cost) + more service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks.
/episode/index/show/grouppracticetech/id/29757708
info_outline
Episode 401: When Email Goes Awry, How to Prevent the Most Common Source of HIPAA Breaches
01/26/2024
Episode 401: When Email Goes Awry, How to Prevent the Most Common Source of HIPAA Breaches
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we talk about ways to prevent HIPAA email breaches in a group practice setting. We discuss common email-related breaches we see for group practices; email and PHI; large vs. small breaches; the implications of having a HIPAA breach; policies and procedures to mitigate email errors; how to send mass client notifications securely; settings to have in place in your email service; and what makes an email service HIPAA compliant. Listen here: For more, PCT Resources PCT's Google (see part 9, 'the sharing and the forwarding', for tutorial on managing forwarding settings) Free CE course: (1 legal-ethical CE course) -- know the contents of what is asked/what you need to provide *before* starting the breach report in the OCR's online portal for breach reporting CE course: (1.5 legal-ethical CE credit hours) for weekly (live & recorded) direct support & consultation, Group Practice Office Hours, with the PCT team + Eric Ström, JD PhD LMHC (monthly) PCT's -- comprehensive customizable HIPAA Security Policies & Procedure and materials templates specifically for mental health group practices. with a detailed step-by-step project plan and guided instructions for adopting & implementing efficiently **includes policy prohibition on use of BCC and CC; workforce forwarding emails from their practice email account to personal email account; data entry checking/not using autofill suggestions for recipients -- the P&P components that address the email gone awry situations we discussed in the podcast episode Policies & Procedures include: Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application. Computing Devices and Electronic Media Technical Security Policy Bring Your Own Device (BYOD) Policy Communications Security Policy Information Systems Secure Use Policy Risk Management Policy Contingency Planning Policy Device and Document Transport and Storage Policy Device and Document Disposal Policy Security Training and Awareness Policy Passwords and Other Digital Authentication Policy Software and Hardware Selection Policy Security Incident Response and Breach Notification Policy Security Onboarding and Exit Policy Sanction Policy Policy Release of Information Security Policy Remote Access Policy Data Backup Policy Facility/Office Access and Physical Security Policy Facility Network Security Policy Computing Device Acceptable Use Policy Business Associate Policy Access Log Review Policy Forms & Logs include: Workforce Security Policies Agreement Security Incident Report PHI Access Determination Password Policy Compliance BYOD Registration & Termination Data Backup & Confirmation Access Log Review Key & Access Code Issue and Loss Third-Party Service Vendors Building Security Plan Security Schedule Equipment Security Check Computing System Access Granting & Revocation Training Completion Mini Risk Analysis Security Incident Response Security Reminder Practice Equipment Catalog + Workforce Security Manual & Leadership Security Manual -- the role-based practical application oriented distillation of the formal Policies & Procedures + 2 complimentary seats of the Security Officer Endorsement Training Program (1 for Security Officer; 1 for Deputy (or future Deputy) Security Officer.
/episode/index/show/grouppracticetech/id/29652488
info_outline
Episode 345: Medicare Provider Decisions: Enrolling (or Opting Out), Billing, Documentation, Audits & More
01/05/2024
Episode 345: Medicare Provider Decisions: Enrolling (or Opting Out), Billing, Documentation, Audits & More
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we chat with Gabrielle Juliano-Villani, LCSW about navigating Medicare considerations as a mental health provider. We discuss fears and misconceptions around being a Medicare provider; upsides to being a Medicare provider; how opting in and out of Medicare works with multiple providers; what the enrollment process entails and where people get tripped up; what documents you need to have ready to enroll; how long the process takes; reimbursement timeframes; auditing and documentation; and our upcoming Q+A session with Gabrielle on this topic. Listen here: For more, Resources from guest Gabrielle Juliano-Villani, LCSW of Medicare Consulting for Therapists Facebook Group, with more checklists for billing and credentialing and my note template PCT Resources On-demand trainings (not designated as CE) presented by Gabrielle: and session (live & recorded) for members for weekly (live & recorded) direct support & consultation, Group Practice Office Hours, with the PCT team + Eric Ström, JD PhD LMHC (monthly)
/episode/index/show/grouppracticetech/id/29348718
info_outline
Episode 344: [A Year in Review] The Big Stories of 2023
12/29/2023
Episode 344: [A Year in Review] The Big Stories of 2023
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we’re looking back on some of the major developments that impacted the group practice landscape this year. We discuss artificial intelligence and how it’s impacting providers; ethical and clinical considerations for AI use; LPC and MFT eligibility as Medicare providers in 2024, and opting out if that’s applicable; third party tracking on practice websites and HIPAA; a recent study looking at the efficacy equivalencies between telehealth and in person care; and the upcoming Compacts going live. Listen here: For more, Resources AI Podcast: CE course: PCT Blog: Medicare PCT Blog: (including a link to on how to opt out, if that's the determination your practice makes is right for you) Training (non-CE): Training (non-CE): Teletherapy Podcast: Trainings & Materials:
/episode/index/show/grouppracticetech/id/29194343
info_outline
Episode 343: Breach Reporting, What You Need to Know and Do if Your Practice Had a Breach in 2023
12/22/2023
Episode 343: Breach Reporting, What You Need to Know and Do if Your Practice Had a Breach in 2023
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we explain steps to take if your therapy practice had a HIPAA breach this year. We discuss normalizing breaches emotionally; what constitutes a breach; the breach reporting timeframe; what the breach reporting process consists of; what to expect in terms of a response for a breach report; things regulators love to see in a breach report; the importance of preventing a breach from reoccurring; and resources we have available to support you during breach reporting. Listen here: For more, PCT Resources -- know the contents of what is asked/what you need to provide *before* starting the breach report in the OCR's online portal for breach reporting CE course: (1.5 legal-ethical CE credit hours) for weekly (live & recorded) direct support & consultation, Group Practice Office Hours, with the PCT team + Eric Ström, JD PhD LMHC (monthly) PCT's -- comprehensive customizable HIPAA Security Policies & Procedure and materials templates specifically for mental health group practices. with a detailed step-by-step project plan and guided instructions for adopting & implementing efficiently Policies & Procedures include: Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application. Computing Devices and Electronic Media Technical Security Policy Bring Your Own Device (BYOD) Policy Communications Security Policy Information Systems Secure Use Policy Risk Management Policy Contingency Planning Policy Device and Document Transport and Storage Policy Device and Document Disposal Policy Security Training and Awareness Policy Passwords and Other Digital Authentication Policy Software and Hardware Selection Policy **Security Incident Response and Breach Notification Policy** Security Onboarding and Exit Policy Sanction Policy Policy Release of Information Security Policy Remote Access Policy Data Backup Policy Facility/Office Access and Physical Security Policy Facility Network Security Policy Computing Device Acceptable Use Policy Business Associate Policy Access Log Review Policy Forms & Logs include: Workforce Security Policies Agreement **Security Incident Report** PHI Access Determination Password Policy Compliance BYOD Registration & Termination Data Backup & Confirmation Access Log Review Key & Access Code Issue and Loss Third-Party Service Vendors Building Security Plan Security Schedule Equipment Security Check Computing System Access Granting & Revocation Training Completion Mini Risk Analysis **Security Incident Response** Security Reminder Practice Equipment Catalog + Workforce Security Manual & Leadership Security Manual -- the role-based practical application oriented distillation of the formal Policies & Procedures + 2 complimentary seats of the Security Officer Endorsement Training Program (1 for Security Officer; 1 for Deputy (or future Deputy) Security Officer.
/episode/index/show/grouppracticetech/id/29194098
info_outline
Episode 342: Getting Your GFEs into Gear for 2024
12/15/2023
Episode 342: Getting Your GFEs into Gear for 2024
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we discuss what you need to get your annual Good Faith Estimates (GFEs) ready for clients. We discuss best practices for providing Good Faith Estimates for long term recurring care including: whether clients need to sign their GFEs; dissemination of information vs creating a contractual bond; how to provide GFEs to clients; how to document GFEs; what you should include in a Good Faith Estimate; who should get a GFE and why; and when to provide GFEs for clients. Listen here: For more, Resources PCT Resources On-demand CE training (2 legal-ethical CE credit hours): - PCT’s 2023 Practice Primer course, presented by therapist attorney Eric Ström, JD PhD LMHC and PCT director Liath Dalton — includes discussion of No Surprises Act and GFE notices, provision, content, and documentation for weekly (live & recorded) direct support & consultation, Group Practice Office Hours, with the PCT team + Eric Ström, JD PhD LMHC (monthly)
/episode/index/show/grouppracticetech/id/29090163
info_outline
Episode 341: 5 Tips for Tidying Things up in Your Practice at the End of the Year
12/07/2023
Episode 341: 5 Tips for Tidying Things up in Your Practice at the End of the Year
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we’re talking about ways to start 2024 off with an optimized and fortified group practice. We discuss starting the new year on a solid foundation; reviewing current group practice systems and tech stacks; ensuring your team has the training they need; checking devices and device security; risk analysis and mitigation; reviewing policies and procedures as well as HIPAA manuals; and the PCT resources that can help you with each of these tips. Listen here: For more, PCT Resources Article: Service Review Resources: (free!! Step 1 of the PCT Way) -- support for reviewing (and selecting) HIPAA-secure, effective, and economical services to meet your practice's functionality and operational needs Training resources: Device security resources: for weekly (live & recorded) direct support & consultation service, Group Practice Office Hours + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces(for *all* team members at no per-person cost) + more Risk Analysis & Mitigation Resources: for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks. Will identify both your 'in-practice' risks and your 'formal compliance' (what required written P&Ps are implemented) needs, while also documenting all the good things your practice is already doing! PCT Article: Policy & Procedure and HIPAA Manual Resources: PCT's -- comprehensive customizable HIPAA Security Policies & Procedure and materials templates specifically for mental health group practices. with a detailed step-by-step project plan and guided instructions for adopting & implementing efficiently Policies & Procedures include: Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application. Computing Devices and Electronic Media Technical Security Policy Bring Your Own Device (BYOD) Policy Communications Security Policy Information Systems Secure Use Policy Risk Management Policy Contingency Planning Policy Device and Document Transport and Storage Policy Device and Document Disposal Policy Security Training and Awareness Policy Passwords and Other Digital Authentication Policy Software and Hardware Selection Policy Security Incident Response and Breach Notification Policy Security Onboarding and Exit Policy Sanction Policy Policy Release of Information Security Policy Remote Access Policy Data Backup Policy Facility/Office Access and Physical Security Policy Facility Network Security Policy Computing Device Acceptable Use Policy Business Associate Policy Access Log Review Policy Forms & Logs include: Workforce Security Policies Agreement Security Incident Report PHI Access Determination Password Policy Compliance BYOD Registration & Termination Data Backup & Confirmation Access Log Review Key & Access Code Issue and Loss Third-Party Service Vendors Building Security Plan Security Schedule Equipment Security Check Computing System Access Granting & Revocation Training Completion Mini Risk Analysis Security Incident Response Security Reminder Practice Equipment Catalog + Workforce Security Manual & Leadership Security Manual -- the role-based practical application oriented distillation of the formal Policies & Procedures + 2 complimentary seats of the Security Officer Endorsement Training Program (1 for Security Officer; 1 for Deputy (or future Deputy) Security Officer.
/episode/index/show/grouppracticetech/id/28937438
info_outline
Episode 340: BAA Basics Part 2
11/17/2023
Episode 340: BAA Basics Part 2
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we’re answering frequently asked questions about Business Associate Agreements, or BAAs. We discuss who should be providing the BAA; evaluating whether a service provider can meet group practice needs; performing due diligence as the HIPAA responsible party; red flags to watch out for; templates we recommend; and when you need a confidentiality agreement instead of a BAA. Listen here: For more,
/episode/index/show/grouppracticetech/id/28679803
info_outline
Episode 339: BAA Basics – What You Need to Know
11/10/2023
Episode 339: BAA Basics – What You Need to Know
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we’re diving into Business Associate Agreements (BAAs) for group practice owners. We discuss what a BAA is; who is considered a business associate; how to execute and enforce a BAA; documenting BAAs; evaluating if a BAA is sufficient; why a HIPAA statement is not a replacement for a BAA; precedent for enforcement action from the Office of Civil Rights; and what qualifies under the conduit exception. Listen here: For more, Resources PCT Resources PCT article: PCT free CE course: PCT's -- comprehensive customizable HIPAA Security Policies & Procedure and materials templates specifically for mental health group practices. with a detailed step-by-step project plan and guided instructions for adopting & implementing efficiently Policies & Procedures include: Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application. Computing Devices and Electronic Media Technical Security Policy Bring Your Own Device (BYOD) Policy Communications Security Policy Information Systems Secure Use Policy Risk Management Policy Contingency Planning Policy Device and Document Transport and Storage Policy Device and Document Disposal Policy Security Training and Awareness Policy Passwords and Other Digital Authentication Policy Software and Hardware Selection Policy Security Incident Response and Breach Notification Policy Security Onboarding and Exit Policy Sanction Policy Policy Release of Information Security Policy Remote Access Policy Data Backup Policy Facility/Office Access and Physical Security Policy Facility Network Security Policy Computing Device Acceptable Use Policy Business Associate Policy Access Log Review Policy Forms & Logs include: Workforce Security Policies Agreement Security Incident Report PHI Access Determination Password Policy Compliance BYOD Registration & Termination Data Backup & Confirmation Access Log Review Key & Access Code Issue and Loss Third-Party Service Vendors Building Security Plan Security Schedule Equipment Security Check Computing System Access Granting & Revocation Training Completion Mini Risk Analysis Security Incident Response Security Reminder Practice Equipment Catalog + Workforce Security Manual & Leadership Security Manual -- the role-based practical application oriented distillation of the formal Policies & Procedures + 2 complimentary seats of the Security Officer Endorsement Training Program (1 for Security Officer; 1 for Deputy (or future Deputy) Security Officer. for weekly (live & recorded) direct support & consultation service, Group Practice Office Hours + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces(for *all* team members at no per-person cost) + more
/episode/index/show/grouppracticetech/id/28569973
info_outline
Episode 338: Why Risk Analysis Is a Fundamental Requirement (Highlights From the OCR)
11/03/2023
Episode 338: Why Risk Analysis Is a Fundamental Requirement (Highlights From the OCR)
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we’re sharing why risk analysis is essential for mental health providers, inspired by a recent webinar from the Office of Civil Rights (OCR). We discuss the core mandate of the HIPAA Security Rule; how risk analysis is essential to safeguarding PHI; conceptualizing the lifecycle of PHI in your practice; how often to do a risk analysis; written policy vs. implemented policy; security measures degrading over time; and HIPAA as a useful tool for client care. Listen here: For more, PCT Resources service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks. Will identify both your 'in-practice' risks and your 'formal compliance' (what required written P&Ps are implemented) needs, while also documenting all the good things your practice is already doing! -- comprehensive customizable HIPAA Security Policies & Procedure and materials templates specifically for mental health group practices. with a detailed step-by-step project plan and guided instructions for adopting & implementing efficiently Policies & Procedures include: Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application. Computing Devices and Electronic Media Technical Security Policy Bring Your Own Device (BYOD) Policy Communications Security Policy Information Systems Secure Use Policy Risk Management Policy Contingency Planning Policy Device and Document Transport and Storage Policy Device and Document Disposal Policy Security Training and Awareness Policy Passwords and Other Digital Authentication Policy Software and Hardware Selection Policy Security Incident Response and Breach Notification Policy Security Onboarding and Exit Policy Sanction Policy Policy Release of Information Security Policy Remote Access Policy Data Backup Policy Facility/Office Access and Physical Security Policy Facility Network Security Policy Computing Device Acceptable Use Policy Business Associate Policy Access Log Review Policy Forms & Logs include: Workforce Security Policies Agreement Security Incident Report PHI Access Determination Password Policy Compliance BYOD Registration & Termination Data Backup & Confirmation Access Log Review Key & Access Code Issue and Loss Third-Party Service Vendors Building Security Plan Security Schedule Equipment Security Check Computing System Access Granting & Revocation Training Completion Mini Risk Analysis Security Incident Response Security Reminder Practice Equipment Catalog + Workforce Security Manual & Leadership Security Manual -- the role-based practical application oriented distillation of the formal Policies & Procedures + 2 complimentary seats of the Security Officer Endorsement Training Program (1 for Security Officer; 1 for Deputy (or future Deputy) Security Officer. for weekly (live & recorded) direct support & consultation service, Group Practice Office Hours + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces(for *all* team members at no per-person cost) + more
/episode/index/show/grouppracticetech/id/28501619
info_outline
Episode 337: Trusting the Cloud
10/27/2023
Episode 337: Trusting the Cloud
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we’re answering a question we get asked frequently: can we trust the cloud? We discuss the benefits of using a HIPAA appropriate cloud service; what we mean when we talk about the cloud; outsourcing expertise, as well as liability and responsibility; how to trust something when you don’t know how it works; and how to educate yourself about data security. Listen here: For more, PCT Resources (free!! Step 1 of the PCT Way) -- support for selecting HIPAA-secure, effective, and economical cloud services to meet your practice's functionality and operational needs for weekly (live & recorded) direct support & consultation service, Group Practice Office Hours + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces(for *all* team members at no per-person cost) + more for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks. Will identify both your 'in-practice' risks and your 'formal compliance' (what required written P&Ps are implemented) needs, while also documenting all the good things your practice is already doing!
/episode/index/show/grouppracticetech/id/28434950
info_outline
Episode 336: What's *Actually* Sufficient When it Comes to Policies and Procedures
10/20/2023
Episode 336: What's *Actually* Sufficient When it Comes to Policies and Procedures
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we talk about what policies and procedures you need in group practice. We discuss why this process is confusing; the difference between a HIPAA clause in an employment contract and specific security policies and procedures; why having policies is helpful (and pitfalls when policies aren’t in place); our customizable templates to help you develop HIPAA security policies and procedures for your practice; the importance of practical application; and taking your time with implementation. Listen here: For more, PCT Resources -- comprehensive customizable HIPAA Security Policies & Procedure and materials templates specifically for mental health group practices. with a detailed step-by-step project plan and guided instructions for adopting & implementing efficiently Policies & Procedures include: Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application. Computing Devices and Electronic Media Technical Security Policy Bring Your Own Device (BYOD) Policy Communications Security Policy Information Systems Secure Use Policy Risk Management Policy Contingency Planning Policy Device and Document Transport and Storage Policy Device and Document Disposal Policy Security Training and Awareness Policy Passwords and Other Digital Authentication Policy Software and Hardware Selection Policy Security Incident Response and Breach Notification Policy Security Onboarding and Exit Policy Sanction Policy Policy Release of Information Security Policy Remote Access Policy Data Backup Policy Facility/Office Access and Physical Security Policy Facility Network Security Policy Computing Device Acceptable Use Policy Business Associate Policy Access Log Review Policy Forms & Logs include: Workforce Security Policies Agreement Security Incident Report PHI Access Determination Password Policy Compliance BYOD Registration & Termination Data Backup & Confirmation Access Log Review Key & Access Code Issue and Loss Third-Party Service Vendors Building Security Plan Security Schedule Equipment Security Check Computing System Access Granting & Revocation Training Completion Mini Risk Analysis Security Incident Response Security Reminder Practice Equipment Catalog + Workforce Security Manual & Leadership Security Manual -- the role-based practical application oriented distillation of the formal Policies & Procedures + 2 complimentary seats of the Security Officer Endorsement Training Program (1 for Security Officer; 1 for Deputy (or future Deputy) Security Officer. for weekly (live & recorded) direct support & consultation service, Group Practice Office Hours + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces(for *all* team members at no per-person cost) + more for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks. Will identify both your 'in-practice' risks and your 'formal compliance' (what required written P&Ps are implemented) needs, while also documenting all the good things your practice is already doing!
/episode/index/show/grouppracticetech/id/28368440
info_outline
Episode 335: PCI DSS, the 'HIPAA' of Handling Credit Cards
10/13/2023
Episode 335: PCI DSS, the 'HIPAA' of Handling Credit Cards
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we’re talking about the security standards that go along with accepting credit cards in your therapy practice. We discuss PCI DSS (Payment Card Industry Data Security Standard) compliance and where it is applicable; what payment processors handle; documentation; not handling or storing the full payment information for clients; the different types of security required for HIPAA compliance vs PCI compliance; why you don’t need a BAA with your payment processor; and the intersection of compliance components for PCI and for HIPAA. Listen here: For more, PCT Resources Article: CE course: for weekly (live & recorded) direct support & consultation service, Group Practice Office Hours + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces (for *all* team members at no per-person cost) + more
/episode/index/show/grouppracticetech/id/28289534
info_outline
Episode 334: Brushing Up On Teletherapy Skills
10/06/2023
Episode 334: Brushing Up On Teletherapy Skills
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we’re offering up a refresher on teletherapy skills. We discuss the American Telemedicine Association (ATA) standards; our clinical staff teletherapy training (which includes a video presentation skills section); teletherapy considerations for home workspaces; our Remote Workspace Center which has step by step tutorials for a secure home office; troubleshooting telehealth sessions; and staying on top of current best practices with training. Listen here: For more, PCT Resources (5 CE credit hours, 3 of which are designated as legal-ethical CE) (18.5 CE credit hours, plus 6+ CE credit hours of included topical bonus courses) (2 CE credit hours) for weekly (live & recorded) direct support & consultation service, Group Practice Office Hours + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces(for *all* team members at no per-person cost) + more
/episode/index/show/grouppracticetech/id/28239911
info_outline
Episode 333: Integrating Antivirus Protection
09/29/2023
Episode 333: Integrating Antivirus Protection
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we explain what group practice owners need to know about antivirus protection. We discuss what implementing antivirus software actually entails; who needs antivirus software; resources for free antivirus software for Windows and Mac; the importance of regularly updating security software; what is the responsibility of the group practice; whether a BAA is necessary with an antivirus and antimalware provider; and our Device Security Center, where you can find more information on the other technical security steps required for any devices touching PHI. Listen here: For more, PCT Resources for weekly (live & recorded) direct support & consultation service, Group Practice Office Hours + Step Step 5 (Manual & Materials) Support Forums assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces (for *all* team members at no per-person cost) assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices(for *all* team members at no per-person cost) And more! service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks. -- comprehensive HIPAA Security Policies & Procedures for the practice as HIPAA covered entity *and/or* Business Associate/MSO. Comprehensively covers the HIPAA P&Ps for contractor clinician structure group practices, employee structure group practices, and practices that are hybrid. Policies & Procedures include: Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application. Computing Devices and Electronic Media Technical Security Policy Bring Your Own Device (BYOD) Policy Communications Security Policy Information Systems Secure Use Policy Risk Management Policy Contingency Planning Policy Device and Document Transport and Storage Policy Device and Document Disposal Policy Security Training and Awareness Policy Passwords and Other Digital Authentication Policy Software and Hardware Selection Policy Security Incident Response and Breach Notification Policy Security Onboarding and Exit Policy Sanction Policy Policy Release of Information Security Policy Remote Access Policy Data Backup Policy Facility/Office Access and Physical Security Policy Facility Network Security Policy Computing Device Acceptable Use Policy Business Associate Policy Access Log Review Policy Forms & Logs include: Workforce Security Policies Agreement Security Incident Report PHI Access Determination Password Policy Compliance BYOD Registration & Termination Data Backup & Confirmation Access Log Review Key & Access Code Issue and Loss Third-Party Service Vendors Building Security Plan Security Schedule Equipment Security Check Computing System Access Granting & Revocation Training Completion Mini Risk Analysis Security Incident Response Security Reminder Practice Equipment Catalog Plus: Workforce Security Manual & Leadership Security Manual -- the role-based practical application oriented distillation of the formal Policies & Procedures (includes the prohibitions on non-HIPAA-acceptable personal services + defines what personal services *are* allowable.) 2 complimentary seats of the Security Officer Endorsement Training Program (1 for Security Officer; 1 for Deputy (or future Deputy) Security Officer.
/episode/index/show/grouppracticetech/id/28171973