Group Practice Tech
Group Practice Tech by Person Centered Tech: a podcast where we help mental health group practice owners ethically and effectively leverage tech to improve their practices.
info_outline
Episode 615: Your Data is Not Your Own: Why VC-Owned Healthcare Wants Your Information
05/08/2026
Episode 615: Your Data is Not Your Own: Why VC-Owned Healthcare Wants Your Information
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we share a cautionary tale about a Talkspace client whose healthcare information was weaponized against them. We discuss: Venture capital firms buying therapy practices, monetizing, and weaponizing client data to make more money A recent case where a Talkspace client’s data was read aloud in court Platforms using client communication to train LLMs and AI platforms How these platforms are profoundly detrimental to clients, therapists, and the profession Why when something seems too easy and convenient, you are often the product (and your clients are the product) How these companies operate outside of HIPAA Security Rule standards The importance of vetting platforms and having BAAs for safeguarding client information Listen here: For more, Resources PCT Resources Live (and recorded) PCT CE Course: is a 4-hour legal-ethical CE training co-presented by Dr. Maelisa McCaffrey and Liath Dalton, designed to help clinicians move beyond fear and guesswork into confident, responsible AI use. The course provides a structured, real-world framework for integrating AI into clinical workflows while upholding HIPAA requirements, ethical standards, and clinical standards of care. Participants will learn how to evaluate AI tools, understand what constitutes PHI (and the limits of de-identification), implement appropriate policies and safeguards, and maintain documentation quality and clinical integrity. With practical tools, decision-making frameworks, and implementation strategies, this training supports clinicians in making informed, defensible decisions about AI use in practice. Live Webinar Presentation on May 8th, 2026 Registration for live training includes receiving ownership of and perpetual access to the on-demand self-study CE training produced from recording of live presentation. Get both the content *and* the CE, even if you can’t join live. PCT's recommended/curated collection of , including HIPAA and Privacy Ethics for clinical staff, admins; leadership trainings; clinical staff teletherapy training; director/supervisor training; and topical trainings on documentation, rights of access, suicidality, accessibility, countertransference, and much more. Nationally respected, role-based HIPAA and privacy ethics and teletherapy training built for mental health staff On-demand trainings are accessible in perpetuity and do not expire. APA, NBCC, and multiple state licensing board CE provider approvals mean that CE courses count towards licensure renewal requirements for your clinical team. weekly (live & recorded) direct support & consultation service, Group Practice Office Hours — including monthly session with therapist attorney Eric Ström, JD PhD LMHC Device Security Suite: assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) Remote Workspace Security Suite: assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more PCT’s Comprehensive HIPAA Security Compliance Program (discounted) bundles: For For Comprehensive HIPAA Security Policies & Procedures Forms & Logs for documenting implementation and maintenance of Policies & Procedures in practice Device & Workspace Security Suites Direct Support & Consultation from PCT team + therapist attorney Eric Ström, JD PhD LMHC (live & recorded + searchable library) Includes the Risk Analysis & Risk Mitigation Planning service + tool HIPAA Security & Privacy Ethics training
/episode/index/show/grouppracticetech/id/41210545
info_outline
Episode 614: AI Is Just The Latest Example - Why Training Matters For Every New Tool
05/01/2026
Episode 614: AI Is Just The Latest Example - Why Training Matters For Every New Tool
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we talk about the importance of proficiency and competency with any tool or modality used in your practice. We discuss: Why training is necessary with any tool or modality used in your practice, not just AI What the professional ethics codes say about competence and proficiency for tools and modalities used How PCT evolved to help clinicians manage the advent of new technology Our upcoming CE training on how to evaluate AI and incorporate it into your practice and workflow ethically and effectively How training can set you apart and strengthen the therapeutic alliance Listen here: For more, PCT Resources: Live (and recorded) PCT CE Course: is a 4-hour legal-ethical CE training co-presented by Dr. Maelisa McCaffrey and Liath Dalton, designed to help clinicians move beyond fear and guesswork into confident, responsible AI use. The course provides a structured, real-world framework for integrating AI into clinical workflows while upholding HIPAA requirements, ethical standards, and clinical standards of care. Participants will learn how to evaluate AI tools, understand what constitutes PHI (and the limits of de-identification), implement appropriate policies and safeguards, and maintain documentation quality and clinical integrity. With practical tools, decision-making frameworks, and implementation strategies, this training supports clinicians in making informed, defensible decisions about AI use in practice. Live Webinar Presentation on May 8th, 2026 Registration for live training includes receiving ownership of and perpetual access to the on-demand self-study CE training produced from recording of live presentation. Get both the content *and* the CE, even if you can’t join live. PCT's recommended/curated collection of , including HIPAA and Privacy Ethics for clinical staff, admins; leadership trainings; clinical staff teletherapy training; director/supervisor training; and topical trainings on documentation, rights of access, suicidality, accessibility, countertransference, and much more. Nationally respected, role-based HIPAA and privacy ethics and teletherapy training built for mental health staff On-demand trainings are accessible in perpetuity and do not expire. APA, NBCC, and multiple state licensing board CE provider approvals mean that CE courses count towards licensure renewal requirements for your clinical team. weekly (live & recorded) direct support & consultation service, Group Practice Office Hours — including monthly session with therapist attorney Eric Ström, JD PhD LMHC Device Security Suite: assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) Remote Workspace Security Suite: assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more PCT’s Comprehensive HIPAA Security Compliance Program (discounted) bundles: For For Comprehensive HIPAA Security Policies & Procedures Forms & Logs for documenting implementation and maintenance of Policies & Procedures in practice Device & Workspace Security Suites Direct Support & Consultation from PCT team + therapist attorney Eric Ström, JD PhD LMHC (live & recorded + searchable library) Includes the Risk Analysis & Risk Mitigation Planning service + tool HIPAA Security & Privacy Ethics training
/episode/index/show/grouppracticetech/id/41081115
info_outline
Episode 613: You Discovered Non-Compliant AI Use in Your Practice. Now What?
04/24/2026
Episode 613: You Discovered Non-Compliant AI Use in Your Practice. Now What?
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we share concrete steps to take if you’ve discovered staff members using non-approved AI platforms in your practice. We discuss: The misconceptions around what constitutes PHI (and why information used to write a progress note absolutely is PHI) Why this is a reportable HIPAA breach Why reporting a HIPAA breach is nowhere near as scary or impactful as you may fear The difference between a large breach and a small breach, and reporting deadlines for each Client notification deadlines for breaches How state law can impact or add to reporting deadlines Steps to take after discovering non-compliant AI use in your practice What to investigate, how to document, how to mitigate, how to notify clients, and when to consult an attorney Listen here: For more, PCT Resources: PCT CE Course (on-demand): If you’re navigating exactly what we’re talking about in this episode, our on-demand CE training, , provides a clear, structured walkthrough of what to do when something goes wrong. It covers how to determine whether an incident is a breach, how to investigate and document appropriately, and how to handle client notification and reporting requirements—along with strategies to reduce risk going forward. This is a practical, real-world roadmap designed specifically for mental health practices, so you’re not left guessing about next steps when a breach situation arises. : If you want to understand what breach reporting actually looks like in practice, this resource walks you through the exact information required when submitting a report to the Office for Civil Rights (OCR). It outlines the specific details you’ll need to gather — such as the type and scope of the breach, the number of individuals affected, what kind of PHI was involved, and what actions you’ve taken in response — so you can approach reporting with clarity and confidence rather than guesswork. Reviewing these questions ahead of time can also help guide your investigation and documentation process, ensuring you’re collecting the right information from the start. Live (and recorded) PCT CE Course: is a 4-hour legal-ethical CE training co-presented by Dr. Maelisa McCaffrey and Liath Dalton, designed to help clinicians move beyond fear and guesswork into confident, responsible AI use. The course provides a structured, real-world framework for integrating AI into clinical workflows while upholding HIPAA requirements, ethical standards, and clinical standards of care. Participants will learn how to evaluate AI tools, understand what constitutes PHI (and the limits of de-identification), implement appropriate policies and safeguards, and maintain documentation quality and clinical integrity. With practical tools, decision-making frameworks, and implementation strategies, this training supports clinicians in making informed, defensible decisions about AI use in practice. Live Webinar Presentation on May 8th, 2026 Registration for live training includes receiving ownership of and perpetual access to the on-demand self-study CE training produced from recording of live presentation. Get both the content *and* the CE, even if you can’t join live. service for mental health practices — care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health practice, and a mitigation checklist to help you reduce your risks. If you're navigating filing a breach report and you haven't completed a documented "thorough and accurate" HIPAA Security Risk Analysis that meets the foundational Security Rule requirements, this is something you want/need to do so it can be reflected in your breach report to the OCR (HIPAA regulators) PCT’s Comprehensive HIPAA Security Compliance Program (discounted) bundles: For For Comprehensive HIPAA Security Policies & Procedures Forms & Logs for documenting implementation and maintenance of Policies & Procedures in practice Device & Workspace Security Suites Direct Support & Consultation from PCT team + therapist attorney Eric Ström, JD PhD LMHC (live & recorded + searchable library) Includes the Risk Analysis & Risk Mitigation Planning service + tool HIPAA Security & Privacy Ethics training Article + 18 Identifier List: In this article, Person Centered Tech breaks down one of the most misunderstood concepts in HIPAA compliance: de-identification. It clarifies the difference between simply “removing identifiers” and meeting HIPAA’s strict legal standards for de-identification (Safe Harbor or Expert Determination). The piece explains why narrative clinical information is often inherently identifying, why a session transcript cannot realistically be considered de-identified, and how AI systems introduce heightened risks of re-identification. It reinforces a critical takeaway for practice leaders: HIPAA sets the floor — not the ceiling — for protecting client information, and governance must keep pace with emerging technologies. PCT CE Course: If you’re wanting a deeper, structured framework for evaluating AI in clinical practice, this 3-credit legal-ethical on-demand training with Eric Ström, JD, PhD, LMHC, walks through the evolving legal standards, HIPAA considerations, and ethics code guidance that apply to AI use in behavioral health. You’ll gain practical strategies for assessing new technologies, understanding emerging standards of care, and implementing AI tools in a way that is legally defensible and ethically sound. Podcast: Podcast: weekly (live & recorded) direct support & consultation service, Group Practice Office Hours — including monthly session with therapist attorney Eric Ström, JD PhD LMHC Device Security Suite: assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) Remote Workspace Security Suite: assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more Additional Resources: : The Mintz Matrix is a comprehensive, regularly updated overview of U.S. state data breach notification laws, providing a state-by-state breakdown of requirements such as definitions of personal information, what constitutes a breach, and timelines for notification. This is especially relevant in the context of this episode because HIPAA is only part of the picture—state laws often impose additional requirements, including shorter notification timeframes and broader definitions of protected information. Reviewing the Mintz Matrix can help you understand your specific state obligations and ensure that your response to a breach is not only HIPAA-compliant, but also aligned with applicable state laws. The provides essential guidance on what constitutes a reportable breach and what happens after a report is submitted. It explains that a breach involves the unauthorized acquisition, access, use, or disclosure of protected health information that compromises its security or privacy, and outlines how OCR reviews, investigates, and resolves reported incidents. This is particularly relevant to this episode because it helps demystify what occurs after you file a breach report—reinforcing that reporting does not automatically trigger penalties, but instead initiates a review process that may include technical assistance, investigation, or closure without further action. Understanding this process can reduce fear and support more confident, compliant decision-making when responding to a breach.
/episode/index/show/grouppracticetech/id/40998045
info_outline
Episode 612: Free Email Isn't Worth It: Why It's a Bad Idea and What To Do Instead
04/17/2026
Episode 612: Free Email Isn't Worth It: Why It's a Bad Idea and What To Do Instead
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we explain why free email providers are inherently not HIPAA compliance compatible. We discuss: Why it’s necessary to have a Business Associate Agreement with your email service provider Why clients can’t opt out of HIPAA What requests for alternative or non-secure communication actually mean under the HIPAA Privacy Rule What counts as Protected Health Information (PHI) Why a free email address might be a red flag for prospective clients How to get a BAA protected email, with a domain name or without Listen here: For more, PCT Resources: PCT Article: PCT CE Training: Learn about the legal-ethical considerations of modern communication channels in the context of real world practice and client needs. 3 Legal-Ethical CE credit hours. On-demand. PCT’s Comprehensive HIPAA Security Compliance Program (discounted) bundles: For For Comprehensive HIPAA Security Policies & Procedures Forms & Logs for documenting implementation and maintenance of Policies & Procedures in practice Device & Workspace Security Suites Direct Support & Consultation from PCT team + therapist attorney Eric Ström, JD PhD LMHC (live & recorded + searchable library) Includes the Risk Analysis & Risk Mitigation Planning service + tool HIPAA Security & Privacy Ethics training service for mental health group practices — care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks. weekly (live & recorded) direct support & consultation service, Group Practice Office Hours — including monthly session with therapist attorney Eric Ström, JD PhD LMHC + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more
/episode/index/show/grouppracticetech/id/40904610
info_outline
Episode 611: The Real Risks of Using Non-Vetted AI Platforms with Client Information
04/10/2026
Episode 611: The Real Risks of Using Non-Vetted AI Platforms with Client Information
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we continue our series on AI use within therapy practices by sharing how to explain to your team members why using non-vetted AI platforms is not permissible. We discuss: What counts as Protected Health Information and a breakdown of the often misunderstood 18th identifier under HIPAA How therapy progress notes and clinical notes are inherently identifying AI re-identification risk and why this is possible Why AI use involving client information must be vetted and HIPAA compliance-compatible What happens when you input data into personal AI platforms What we mean by AI governance, and why personal AI platforms can’t be governed Why lack of AI governance is a significant liability Impermissible disclosures under HIPAA Why proving low probability of compromise is difficult after the fact, and what this means for your ability to mitigate risk Managing the emotional pieces of identifying risk and risk mitigation in your practice Listen here: For more, PCT Resources: Live (and recorded) PCT CE Course: is a 4-hour legal-ethical CE training co-presented by Dr. Maelisa McCaffrey and Liath Dalton, designed to help clinicians move beyond fear and guesswork into confident, responsible AI use. The course provides a structured, real-world framework for integrating AI into clinical workflows while upholding HIPAA requirements, ethical standards, and clinical standards of care. Participants will learn how to evaluate AI tools, understand what constitutes PHI (and the limits of de-identification), implement appropriate policies and safeguards, and maintain documentation quality and clinical integrity. With practical tools, decision-making frameworks, and implementation strategies, this training supports clinicians in making informed, defensible decisions about AI use in practice. Live Webinar Presentation on May 8th, 2026 Registration for live training includes receiving ownership of and perpetual access to the on-demand self-study CE training produced from recording of live presentation. Get both the content *and* the CE, even if you can't join live. Article + 18 Identifier List: In this article, Person Centered Tech breaks down one of the most misunderstood concepts in HIPAA compliance: de-identification. It clarifies the difference between simply “removing identifiers” and meeting HIPAA’s strict legal standards for de-identification (Safe Harbor or Expert Determination). The piece explains why narrative clinical information is often inherently identifying, why a session transcript cannot realistically be considered de-identified, and how AI systems introduce heightened risks of re-identification. It reinforces a critical takeaway for practice leaders: HIPAA sets the floor—not the ceiling—for protecting client information, and governance must keep pace with emerging technologies. PCT CE Course: If you’re wanting a deeper, structured framework for evaluating AI in clinical practice, this 3-credit legal-ethical on-demand training with Eric Ström, JD, PhD, LMHC, walks through the evolving legal standards, HIPAA considerations, and ethics code guidance that apply to AI use in behavioral health. You’ll gain practical strategies for assessing new technologies, understanding emerging standards of care, and implementing AI tools in a way that is legally defensible and ethically sound. Podcast: service for mental health group practices — care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks. weekly (live & recorded) direct support & consultation service, Group Practice Office Hours — including monthly session with therapist attorney Eric Ström, JD PhD LMHC Device Security Suite: assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) Remote Workspace Security Suite: assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more
/episode/index/show/grouppracticetech/id/40795760
info_outline
Episode 610: Don't Panic - But Do Pay Attention: What the Darksword iPhone Exploit Actually Means
04/03/2026
Episode 610: Don't Panic - But Do Pay Attention: What the Darksword iPhone Exploit Actually Means
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we share information about the recent Darksword iPhone exploit, and what that means for therapy practice owners regarding device security. We discuss: What you need to know about this exploit Device hardening within your security circle Device security gaps we see in everyday practice Pairing technical security measures with behavioral security measures PCT’s resources around risk management and device security Listen here: For more, PCT Resources weekly (live & recorded) direct support & consultation service, Group Practice Office Hours — including monthly session with therapist attorney Eric Ström, JD PhD LMHC Device Security Suite: assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) Remote Workspace Security Suite: assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more PCT’s Comprehensive HIPAA Security Compliance Program (discounted) bundles: For For Comprehensive HIPAA Security Policies & Procedures Forms & Logs for documenting implementation and maintenance of Policies & Procedures in practice Device & Workspace Security Suites Direct Support & Consultation from PCT team + therapist attorney Eric Ström, JD PhD LMHC (live & recorded + searchable library) Includes the Risk Analysis & Risk Mitigation Planning service + tool HIPAA Security & Privacy Ethics training service for mental health group practices — care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks. Resources Wired Article: PC Mag Article: ' Malwarebytes Labs Article:
/episode/index/show/grouppracticetech/id/40715300
info_outline
Episode 609: Update: HHS Releases Model NPP for Part 2 Changes — What It Means for Your Practice
03/17/2026
Episode 609: Update: HHS Releases Model NPP for Part 2 Changes — What It Means for Your Practice
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we discuss HHS’s new model Notice of Privacy Practice for Part 2 programs, what has changed, and what that means for your practice. We cover: The Part 2 Final Rule from 2024 Why the Feb. 16th enforcement deadline has been so confusing The model Part 2 NPP and Patient Notice from HHS, and the function of each document Who is considered a lawful holder and what that means Whether you need to switch to the HHS templates What to do if you already used our decision guide and resources ahead of the deadline Listen here: For more, Resources Updated Model HHS Additional PCT Resources weekly (live & recorded) direct support & consultation service, Group Practice Office Hours — including monthly session with therapist attorney Eric Ström, JD PhD LMHC + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more
/episode/index/show/grouppracticetech/id/40516615
info_outline
Episode 608: AI Isn’t the Problem, Lack of Governance Is – A PSA for Group Practice Leadership
03/02/2026
Episode 608: AI Isn’t the Problem, Lack of Governance Is – A PSA for Group Practice Leadership
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we share a PSA for group practice owners to address unauthorized AI use within your practice. We discuss: What we mean by governance What counts as Protected Health Information (PHI) The standard we use at PCT to determine if something is PHI Why AI tools like ChatGPT are inappropriate for PHI De-identification standards under HIPAA Ethical standards and informed consent for clinical use of AI Concrete next steps to take as a practice leader to address AI use in your practice Listen here: For more, PCT Resources: Article + 18 Identifier List: In this article, Person Centered Tech breaks down one of the most misunderstood concepts in HIPAA compliance: de-identification. It clarifies the difference between simply “removing identifiers” and meeting HIPAA’s strict legal standards for de-identification (Safe Harbor or Expert Determination). The piece explains why narrative clinical information is often inherently identifying, why a session transcript cannot realistically be considered de-identified, and how AI systems introduce heightened risks of re-identification. It reinforces a critical takeaway for practice leaders: HIPAA sets the floor—not the ceiling—for protecting client information, and governance must keep pace with emerging technologies. PCT CE Course: If you’re wanting a deeper, structured framework for evaluating AI in clinical practice, this 3-credit legal-ethical on-demand training with Eric Ström, JD, PhD, LMHC, walks through the evolving legal standards, HIPAA considerations, and ethics code guidance that apply to AI use in behavioral health. You’ll gain practical strategies for assessing new technologies, understanding emerging standards of care, and implementing AI tools in a way that is legally defensible and ethically sound. PCT CE Course: If your clinicians are feeling the pull to use AI for documentation, this 1.5-credit legal-ethical training with Dr. Maelisa McCaffrey (Hall) provides a grounded, practical framework for evaluating that decision. The course addresses how AI is currently being used in progress notes and introduces a clear thought rubric for determining the ethical risks, compliance implications, and appropriateness of integrating AI into documentation workflows. It also reinforces core documentation principles—like medical necessity and audit risk reduction—so that efficiency never comes at the expense of defensibility. A strong next step for practice leaders who want to move from reactive prohibition to thoughtful, structured governance. (Useful for all clinicians) weekly (live & recorded) direct support & consultation service, Group Practice Office Hours — including monthly session with therapist attorney Eric Ström, JD PhD LMHC + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more
/episode/index/show/grouppracticetech/id/40288965
info_outline
Episode 607: HIPAA After Retirement – How to Close Your Practice the Right Way
02/20/2026
Episode 607: HIPAA After Retirement – How to Close Your Practice the Right Way
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we discuss the HIPAA responsibilities for therapy practice owners when closing their practice or retiring. We cover: Common assumptions about responsibilities after retirement What determines your record retention length How long you must remain contactable after closing your practice and why The key functionalities you need to maintain, and the most economical ways to DIY them Outsourcing to an executor service as an alternative to the DIY approach Common mistakes that are made when shutting down a practice and how to avoid them Practice closure planning as part of client care planning Action steps to take if retirement is on the horizon Listen here: For more, PCT Resources a clear, practical guide to HIPAA compliance after retirement or practice closure. Learn what record retention laws require, how to honor clients’ Right of Access, and which secure systems you need to maintain for the full retention period — so you can close your practice with confidence and integrity. PCT CE Course: weekly (live & recorded) direct support & consultation service, Group Practice Office Hours — including monthly session with therapist attorney Eric Ström, JD PhD LMHC + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more Resources (Professional Executor Services) — A therapist-founded service offering retirement and executor support for clinicians, including options for ongoing record retention and practice closure management. We mention them as one available option for outsourcing post-retirement HIPAA responsibilities. PCT has no affiliate relationship with TheraClosure and does not specifically endorse their services; clinicians should perform their own due diligence when evaluating vendors.
/episode/index/show/grouppracticetech/id/40169075
info_outline
Episode 606: Being Findable in an AI-Shaped Referral World
02/13/2026
Episode 606: Being Findable in an AI-Shaped Referral World
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we offer actionable tips for practice owners regarding the rapidly changing landscape of online referral sources. We discuss: How online referral sources have changed over the last year Why Psychology Today is no longer the dominant referral pathway Emphasizing community based referrals How clients are using AI to find therapists How AI tools prioritize results Practical do’s and don’ts for being findable via AI Listen here: For more, PCT Resources Free companion resource: We’ve created a practical, no-hype Do’s & Don’ts checklist to help you strengthen your discoverability without chasing trends or gaming AI. It walks you through exactly what to focus on — and what to ignore — so your practice stays clear, ethical, and resilient in a changing referral landscape. On-Demand CE Course: Join AMHCA ethics committee member, therapist and HIPAA lawyer, Eric Ström, JD PhD LMHC, as he unpacks what it means to do marketing as a mental health clinician. With so much advice being shared online and between colleagues about how to grow your mental health practice and business, he’s here to set clear boundaries around what is appropriate ethically and legally when trying to bring in new clients. 3 Legal-Ethical CE Credit Hours weekly (live & recorded) direct support & consultation service, Group Practice Office Hours — including monthly session with therapist attorney Eric Ström, JD PhD LMHC + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more Resources Article from Clear Health Costs: Article from Clear Health Costs:
/episode/index/show/grouppracticetech/id/40093375
info_outline
Episode 605: 42 CFR Part 2, HIPAA NPPs, and the February 16 Deadline: What Actually Needs to Change
02/06/2026
Episode 605: 42 CFR Part 2, HIPAA NPPs, and the February 16 Deadline: What Actually Needs to Change
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we share what’s actually necessary when updating your Notice of Privacy Practices due to Part 2. We discuss: The confusion around updating NPPs without an updated model from HHS A quick refresher on Part 2 Who is considered a lawful holder under Part 2 Next steps for updating your NPP if you are a Part 2 program or lawful holder Our free resource on updating your NPP before the 2/16 enforcement deadline Listen here: For more, PCT Resources PCT Free Resource: a practical resource designed to help HIPAA-covered practices determine whether the updated 42 CFR Part 2 rules apply to them — and, if so, what belongs in their Notice of Privacy Practices. The guide includes a clear decision flow, plain-language explanations of Part 2 program vs. lawful holder obligations, and sample NPP language tailored to each category. It was created to fill the gap left by the absence of an updated HHS model NPP following the 2024 Part 2 Final Rule. Resources this HHS Fact Sheet summarizes the 2024 Final Rule updating 42 CFR Part 2, including new consent provisions, redisclosure alignment with HIPAA, enforcement changes, and the February 16, 2026 compliance deadline. It provides high-level regulatory context for healthcare organizations handling substance use disorder records. JD Supra Article: This JD Supra article from Snell & Wilmer outlines the compliance steps healthcare organizations must take in response to the 2024 Final Rule updating 42 CFR Part 2. It explains which entities are required to update their Notices of Privacy Practices by February 16, 2026, including both Part 2 programs and HIPAA-covered entities that receive or maintain Part 2-protected records. The article highlights required NPP updates, enforcement risks, and the importance of aligning privacy notices with the amended regulations.
/episode/index/show/grouppracticetech/id/40010895
info_outline
Episode 604: Don't Get Phished!
01/30/2026
Episode 604: Don't Get Phished!
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we share advice on how to avoid phishing scams. We discuss: Phishing scams in text messages and email Common scams you might encounter What not to do when you get a suspicious text message PCT resources for how to identify scams and social engineering Listen here: For more,
/episode/index/show/grouppracticetech/id/39924810
info_outline
Episode 603: HIPAA Security Rule Changes: January 2026 Update & What Practices Need to Know
01/23/2026
Episode 603: HIPAA Security Rule Changes: January 2026 Update & What Practices Need to Know
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we have an update (and are once again offering reassurance) around the proposed HIPAA Security Rule changes. We discuss: The proposed Security Rule update on the OCR’s spring regulatory agenda Why you’re already in good hands if you’re following PCT’s advice Some of the proposed changes that will impact therapy practices Reassurance about these proposed changes Effective dates versus compliance date Forecasting scenarios for these changes to take effect Steps to take now (and important things to not do now) to be proactive rather than reactive Listen here: For more, PCT Resources: Article: Explore our in-depth article unpacking the proposed HIPAA Security Rule updates — what’s really happening, why it matters, and why this is a runway, not a cliff. You can also use our free Mini Risk Tool(download link in article) for a gentle check-in to see where your practice stands and what would most meaningfully support your security and compliance foundation. PCT’s Comprehensive HIPAA Security Compliance Program (discounted) bundles: For For Comprehensive HIPAA Security Policies & Procedures Forms & Logs for documenting implementation and maintenance of Policies & Procedures in practice Device & Workspace Security Suites Direct Support & Consultation from PCT team + therapist attorney Eric Ström, JD PhD LMHC (live & recorded + searchable library) Includes the Risk Analysis & Risk Mitigation Planning service + tool HIPAA Security & Privacy Ethics training service for mental health group practices — care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks. weekly (live & recorded) direct support & consultation service, Group Practice Office Hours — including monthly session with therapist attorney Eric Ström, JD PhD LMHC + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more
/episode/index/show/grouppracticetech/id/39844345
info_outline
Episode 602: Insurance, Documentation, and Audits - With Dr. Maelisa McCaffrey
01/16/2026
Episode 602: Insurance, Documentation, and Audits - With Dr. Maelisa McCaffrey
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we chat with Dr. Maelisa McCaffrey of QA Prep about how the landscape of insurance and documentation has shifted over the last decade. We discuss: Risk adjustment audits and how they impact providers Billing codes and audit red flags AI documentation and how insurance companies are using AI Considerations when using AI for documentation Pressuring professional associations to advocate for clinicians and clients Our upcoming CE event on January 30th with Maelisa on how auditors think and why Listen here: For more, PCT Resources: PCT CE course: a 3 CE credit hour training (including 1 legal-ethical CE hour) taught by Dr. Maelisa McCaffrey (QA Prep). This updated-and-expanded 2026 session demystifies medical necessity, clarifies what auditors and payers are actually looking for (and why), and helps clinicians document with more confidence and less stress. Expect real examples, sample notes reviewed together, and practical tools you can use immediately—covering informed consent language for clients using insurance, treatment planning that supports insurance requirements without sacrificing clinical judgment, and self-auditing techniques to spot red flags before anyone else does. Includes handouts/resources such as diagnosis justification statements, common treatment goals, progress statement formulas and examples, sample progress notes, and a client file review tool. Live webinar presentation on January 30th, 2026 Registration for live training includes ownership of the on-demand self-study CE course produced from recording of live presentation — so you can get all the content *and* the CE, whether or not you can join live. In February, Dr. Maelisa McCaffrey will be hosting a Documentation-Focused Office Hours + Group Practice Office Hours session exclusively for PCT’s subscribers. This live (and recorded) Q&A is your opportunity to bring *your* real-world questions about progress notes, documentation challenges, and insurance audits directly to one of the field’s leading documentation experts. Submit your questions in advance through your dashboard and get practical, case-specific guidance in a supportive, clinician-centered space. Take a look at all the courses in our : Client-Centered Documentation: How To Write Ethical, Effective, And Efficient Progress Notes Foundations Of Documentation: Intake, Diagnosis, And Treatment Plans Modern Progress Notes: Considerations For Teletherapy, Insurance Audits, And Artificial Intelligence (AI) Rethinking Notes: Strategies For Making Documentation Simple And Meaningful weekly (live & recorded) direct support & consultation service, Group Practice Office Hours — including monthly session with therapist attorney Eric Ström, JD PhD LMHC + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more service for mental health group practices — care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks.
/episode/index/show/grouppracticetech/id/39753385
info_outline
Episode 601: Email Hacked? How to Prevent it and What to do When it Happens
01/09/2026
Episode 601: Email Hacked? How to Prevent it and What to do When it Happens
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we share what to do as a practice owner to prevent email hacks, and how to respond if one occurs. We discuss: Technical and behavioral measures to take to prevent email hacks Mandating two-factor authentication system-wide Education and staff training for prevention Creating a shame-free security culture in your practice Steps to take if you receive an email that looks suspicious Steps to take if you find out your email has been hacked Breach reporting timelines to be aware of PCT resources that guide you through security training and awareness; risk analysis and mitigation planning; and breach investigation, documentation, and reporting Ongoing training and security reminders for your team Listen here: For more, CE Training: PCT's , including a security investigation documentation form. weekly (live & recorded) direct support & consultation service, Group Practice Office Hours — including monthly session with therapist attorney Eric Ström, JD PhD LMHC + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more service for mental health group practices — care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks.
/episode/index/show/grouppracticetech/id/39665820
info_outline
Episode 544: The Big Stories of 2025 Impacting Mental Health Practices
12/19/2025
Episode 544: The Big Stories of 2025 Impacting Mental Health Practices
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we’re highlighting the stories that impacted your practices this year, and the main takeaways from each story. We discuss: The proposed changes to the HIPAA Security Rule Common sense security updates to incorporate into your practice The proliferation of AI and ways therapists can differentiate themselves from AI The proliferation of platforms offering practice management as a service How group practices can stand out from these practice management platforms Clinician burnout and clinicians returning to their clinical roots Progression of cross-jurisdictional practice mobility The uncertainty around the Medicare telehealth cliff Listen here: For more, PCT Resources The relevant episodes of our podcast as mentioned: On On the On Free handout resource: Practical prompts and responses to help clinicians talk with clients about AI use in ways that are safe, constructive, and clinically grounded. Free handout resource: A step-by-step guide for clinical supervisors and directors to make client AI use considerations an intentional part of practice culture, including team awareness, policy updates, and supervision strategies. On-Demand CE course: This 3 CE credit training with attorney and mental health counselor Eric Ström, JD, PhD, LMHC explores the rapidly evolving world of artificial intelligence in behavioral health. Learn how AI tools are being applied in clinical practice, what legal and ethical standards apply, and how to confidently evaluate whether and how to integrate new technologies. Participants gain practical strategies for aligning AI use with HIPAA, professional ethics codes, and client care standards—empowering you to implement AI tools responsibly and effectively in your practice. **Useful for all clinicians and practice leadership** weekly (live & recorded) direct support & consultation service, Group Practice Office Hours — including monthly session with therapist attorney Eric Ström, JD PhD LMHC + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more service for mental health group practices — care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks.
/episode/index/show/grouppracticetech/id/39462655
info_outline
Episode 543: Defining the Role of Secure Email Alongside your EHR - With Hushmail
12/12/2025
Episode 543: Defining the Role of Secure Email Alongside your EHR - With Hushmail
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we chat with Ben Cutler, CEO of Hushmail, about how a secure email service can be a crucial part of your practice’s tech stack. We discuss: How secure email can complement the communication features of your EHR Communication gaps in EHRs that can impact your security circle Pairing secure forms with secure email to optimize the intake process Secure communications as a marketing asset Creating more efficient streamlined services for clients and providers Addressing burnout via efficient business systems Using Hushmail to customize forms and coordinate care Misconceptions around non-secure communications The difference between HIPAA friendly and HIPAA secure Listen here: For more, Resources ! Hushmail provides HIPAA-compliant secure email and encrypted online forms designed specifically for behavioral health professionals. It fills the critical gaps your EHR can’t cover—especially during first contact, referrals, and communication with people outside your EHR’s closed messaging system. With encrypted email, customizable secure forms, legally binding e-signatures, and ready-to-use templates, Hushmail helps therapists protect client information from the very first inquiry through the entire clinical journey. Clinicians can securely manage intake, collect sensitive documents, send referrals, and maintain compliant records—even during practice transitions or retirement. Hushmail’s behavioral-health-specific plans include a signed BAA, automatic archiving to support HIPAA compliance, and access to a customer care team deeply familiar with the needs of therapy practices. Exclusive for listeners: Try Hushmail for Healthcare free for 14 days and explore secure email and forms tailored for your practice. PCT Resources PCT CE course: (3 legal-ethical CE credit hours) PCT Podcast Episode: PCT’s
/episode/index/show/grouppracticetech/id/39372360
info_outline
Episode 542: Cybersecurity Insurance for Your Practice: What to Know
12/05/2025
Episode 542: Cybersecurity Insurance for Your Practice: What to Know
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we answer a frequently asked question: whether therapy practices actually need cybersecurity insurance. We discuss: The benefits and considerations of obtaining a cybersecurity insurance policy PCT’s stance on cybersecurity insurance for solo and group practices How cyber insurance relates to your full HIPAA compliance program Common reasons for claim denials The six major areas where cyber policies differ, and how to choose your policy How a PCT risk analysis can help you determine what level of insurance makes sense for your practice Listen here: For more, PCT Resources Handout: This episode’s companion handout breaks down the six key areas to evaluate when reviewing or selecting a cybersecurity insurance policy for your mental health practice. service for mental health practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health practice, and a prioritized mitigation checklist to help you reduce your risks. (**Currently on sale!!**) PCT’s Comprehensive HIPAA Security Compliance Program (discounted) bundles: For For Comprehensive HIPAA Security Policies & Procedures Forms & Logs for documenting implementation and maintenance of Policies & Procedures in practice Device & Workspace Security Suites Direct Support & Consultation from PCT team + therapist attorney Eric Ström, JD PhD LMHC (live & recorded + searchable library) Includes the Risk Analysis & Risk Mitigation Planning service + tool HIPAA Security & Privacy Ethics training
/episode/index/show/grouppracticetech/id/39285005
info_outline
Episode 541: Five Stories We’re Grateful For This Season (and Why They Matter to Mental Health Providers)
11/28/2025
Episode 541: Five Stories We’re Grateful For This Season (and Why They Matter to Mental Health Providers)
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we share some positive stories to bring you some peace of mind at this time of year. We discuss: Increasing transparency requirements for AI service providers Cross-jurisdictional licensure portability/practice permissions expansion No telehealth cliff for Medicare clients, and the in-person visit requirement How security standards are becoming easier to adopt Practice culture becoming easier due to supportive systems Listen here: For more,
/episode/index/show/grouppracticetech/id/39184010
info_outline
Episode 540: Medicare Telehealth Update
11/21/2025
Episode 540: Medicare Telehealth Update
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we chat with Gabrielle Juliano-Villani of Medicare Consulting for Therapists about recent updates regarding Medicare and telehealth. We discuss: The extension of in-person visit requirement What that means for new and established clients Coping skills for the ups and downs of business Main takeaways for practice owners with the recent extension Where to get updates on this topic Listen here: For more,
/episode/index/show/grouppracticetech/id/39116630
info_outline
Episode 539: What are Practice Management Companies (PMCs)?
11/07/2025
Episode 539: What are Practice Management Companies (PMCs)?
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we unpack what Practice Management Companies (PMCs) are, and the legal and ethical considerations for therapists when using these platforms. We discuss: The proliferation of Practice Management Companies The difference between PMCs and EHRs Why the benefits of PMCs are so tempting to new clinicians in particular How these companies are marketed vs. what clinicians can actually expect Who owns PMCs, and the implications of that How group practice owners can use this information when hiring new clinicians How solo practitioners can weigh this information when deciding what platforms to use Our recent webinar that dives deeper into this topic with Kelly and Miranda from Zynnyme and Eric Strom, therapist attorney Listen here: For more,
/episode/index/show/grouppracticetech/id/38941835
info_outline
Episode 538: Medicare Teletherapy: What's Happening Right Now
10/24/2025
Episode 538: Medicare Teletherapy: What's Happening Right Now
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we have an update for you on what’s changed with teletherapy coverage for Medicare clients. We discuss: Our free 90 minute webinar that goes deeper into this topic What is still covered for behavioral/mental health services What has changed for behavioral/mental health services Who is considered an established client or a new client Exceptions to the in-person visit requirement Next steps to take to prepare for this change in your practice Medicare Advantage plans and Medicaid Listen here: For more,
/episode/index/show/grouppracticetech/id/38759880
info_outline
Episode 537: Sharing Apple Notes - When Convenience Turns Into a Breach
10/17/2025
Episode 537: Sharing Apple Notes - When Convenience Turns Into a Breach
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we’re sharing a PSA about how Apple Note sharing works, so therapy practices can avoid a breach. We discuss: The context that precipitated this episode What constitutes a breach How sharing works for Apple Notes and Google Keep Only using services you have a BAA with Compliance as a process, not a product Steps solo and group practitioners can take to address this Listen here: For more,
/episode/index/show/grouppracticetech/id/38607505
info_outline
Episode 536: Reproductive Health Records & HIPAA: What Therapists Need to Know
10/10/2025
Episode 536: Reproductive Health Records & HIPAA: What Therapists Need to Know
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we have an important update for therapists regarding the reproductive health Final Rule. We discuss: The Final Rule requirements that would have impacted therapists Why the Final Rule isn’t applicable now Being aware of any state laws that are applicable regarding reproductive health information Intentionality and care around sensitive info within PHI Our CE training on Law and Ethics of Clinical Documentation in a Post-Roe World Listen here: For more, PCT Resources Relevant on-demand, legal-ethical CE training: Addresses the practical applications of the US Supreme Court’s ruling in Dobbs v. Jackson Women’s Health Organization, with particular focus on the impacts this decision has on client confidentiality and documentation of clinical services weekly (live & recorded) direct support & consultation service, Group Practice Office Hours -- including monthly session with therapist attorney Eric Ström, JD PhD LMHC Resources & References HHS OCR Fact Sheet – JD SUPRA Article: Court Case – Purl v. U.S. Department of Health and Human Services, No. 2:24-cv-228-Z (N.D. Tex. June 18, 2025) (decision vacating most of the Final Rule) Legal Analysis – Law Firm Compliance Guidance –
/episode/index/show/grouppracticetech/id/38529595
info_outline
Episode 535: Passkeys and Password Managers: The Future of Secure Logins for Therapists
10/03/2025
Episode 535: Passkeys and Password Managers: The Future of Secure Logins for Therapists
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we explain what therapists should know about using passkeys in their practice. We discuss: Why we recommend password managers How passkeys differ from passwords Why passkeys are simpler and safer than passwords Which password manager we recommend Where you can use passkeys Things to consider when adopting passkeys Listen here: For more, Resources Article: PCT Resources weekly (live & recorded) direct support & consultation service, Group Practice Office Hours -- including monthly session with therapist attorney Eric Ström, JD PhD LMHC + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more
/episode/index/show/grouppracticetech/id/38442405
info_outline
Episode 534: Beyond the Cliff: What Medicare’s New Telehealth Rules Really Mean for Therapists
09/26/2025
Episode 534: Beyond the Cliff: What Medicare’s New Telehealth Rules Really Mean for Therapists
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we share what’s actually changing for therapists regarding the Medicare telehealth “cliff” after October 1st 2025, so you can prepare without panic. We discuss: Why telehealth coverage is changing for Medicare providers after 10/1 Which changes do not apply to therapists The in-person visit requirement that does apply to therapists When you would need to see both established and not established Medicare clients in-person Exceptions to the in-person visit requirement The time frame you have to make a plan for these changes in your practice Steps you can take now to prepare for these changes Dual eligibility clients Our upcoming free Q+A on these changes with Medicare expert Gabrielle Juliano Villani Listen here: For more, PCT Resources: Free Info Session + Q&A: Join Liath Dalton and Gabrielle Juliano-Villani, LCSW on October 17th for a live (and recorded) session clarifying what’s changing, what isn’t, and how to stay compliant and confident at the intersections of Medicare, Teletherapy, and HIPAA in practice. On-demand Trainings (not designated as CE) presented by Gabrielle: and weekly (live & recorded) direct support & consultation service, Group Practice Office Hours — including monthly session with therapist attorney Eric Ström, JD PhD LMHC + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more Resources: APA Services article: National Consortium of Telehealth Resource Centers: ATA Action statement:
/episode/index/show/grouppracticetech/id/38360340
info_outline
Episode 533: “Telehealth Care Coordination Policy & Procedures” — What to Know
09/19/2025
Episode 533: “Telehealth Care Coordination Policy & Procedures” — What to Know
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we explain what you should know if you’ve been asked to provide “Telehealth Care Coordination Policy & Procedures” to insurance companies. We discuss: What this policy is and why they’re needed What core elements should be included Saving lives by following these practices and procedures Secure communication standards for continuity of care What you should do to comply, for solo and group practices ROIs for coordination of care Our upcoming customizable templates and support resources around this topic Listen here: For more, PCT Resources PCT's PCT's PCT's weekly (live & recorded) direct support & consultation service, Group Practice Office Hours -- including monthly session with therapist attorney Eric Ström, JD PhD LMHC + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more For Solo Practitioners: PCT's
/episode/index/show/grouppracticetech/id/38270215
info_outline
Episode 532: From HIPAA to Part 2: Preparing for OCR’s New Role in SUD Privacy
09/05/2025
Episode 532: From HIPAA to Part 2: Preparing for OCR’s New Role in SUD Privacy
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we clarify who is impacted by the Part 2 Final Rule. We discuss: What’s included in the Part 2 Final Rule and why it’s necessary How to evaluate if you’re subject to Part 2 rules What compliance looks like under the new Part 2 rules Redisclosure under Part 2 Steps to take ahead of the February 2026 deadline for enforcement Listen here: For more, PCT Resources: Handout resource: A quick-reference tool to determine if you’re a Part 2 program, lawful holder, or not subject—and a concise summary of the new redisclosure rules under the 2024 Final Rule. Helps you prep for the Feb 16, 2026 compliance deadline with clarity and confidence. (docx version) (PDF version) weekly (live & recorded) direct support & consultation service, Group Practice Office Hours -- including monthly session with therapist attorney Eric Ström, JD PhD LMHC + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more Resources: JD Supra article:
/episode/index/show/grouppracticetech/id/38090370
info_outline
Episode 531: Quick Wins – Securing Your Wi-Fi Network for HIPAA Peace of Mind
08/29/2025
Episode 531: Quick Wins – Securing Your Wi-Fi Network for HIPAA Peace of Mind
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we walk you through a quick win for your practice security - how to secure your Wi-Fi network. We discuss: The role of Wi-Fi in a practice's security picture The tangible risks of weak Wi-Fi security Steps to take to improve your Wi-Fi security Our free Wi-Fi security checklist, included in the show notes Listen here: For more, PCT Resources: (PDF version) (.docx version) a one-page guide with simple, high-impact steps to secure your Wi-Fi, to help protect client confidentiality and strengthen HIPAA compliance weekly (live & recorded) direct support & consultation service, Group Practice Office Hours -- including monthly session with therapist attorney Eric Ström, JD PhD LMHC + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more Resources: Tom's Hardware:
/episode/index/show/grouppracticetech/id/38002795
info_outline
Episode 530: When Clients Use AI for Therapy -- Risks, Realities, and Conversations We Need to Have
08/22/2025
Episode 530: When Clients Use AI for Therapy -- Risks, Realities, and Conversations We Need to Have
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we chat about what you should know when clients use AI for therapy. We discuss: the risks and benefits of clients using AI in a therapeutic manner how clinicians can approach conversations about AI practices with clients why clients are turning to AI for therapeutic purposes, and what clinicians can do to support them safely Listen here: For more, Resources APA article: Article: Article: Article: NPR story: Article: Psychiatric Times: Stanford University article: PCT Resources Free handout resource: Practical prompts and responses to help clinicians talk with clients about AI use in ways that are safe, constructive, and clinically grounded. Free handout resource: A step-by-step guide for clinical supervisors and directors to make client AI use considerations an intentional part of practice culture, including team awareness, policy updates, and supervision strategies. On-Demand CE course: This 3 CE credit training with attorney and mental health counselor Eric Ström, JD, PhD, LMHC explores the rapidly evolving world of artificial intelligence in behavioral health. Learn how AI tools are being applied in clinical practice, what legal and ethical standards apply, and how to confidently evaluate whether and how to integrate new technologies. Participants gain practical strategies for aligning AI use with HIPAA, professional ethics codes, and client care standards—empowering you to implement AI tools responsibly and effectively in your practice. **Useful for all clinicians and practice leadership** weekly (live & recorded) direct support & consultation service, Group Practice Office Hours -- including monthly session with therapist attorney Eric Ström, JD PhD LMHC + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more
/episode/index/show/grouppracticetech/id/37914215