Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.
In this episode, we explain steps to take if your therapy practice had a HIPAA breach in 2023.Â
We discuss normalizing breaches emotionally; what constitutes a breach; the breach reporting timeframe; what the breach reporting process consists of; what to expect in terms of a response for a breach report; things regulators love to see in a breach report; the importance of preventing a breach from reoccurring; and resources we have available to support you during breach reporting.
PCT Resources
- OCR Breach Report Questions — know the contents of what is asked/what you need to provide *before* starting the breach report in the OCR’s online portal for breach reportin
- CE course: HIPAA Security Incidents & Breaches: Investigation, Documentation, And Reporting (1.5 legal-ethical CE credit hours)
- Group Practice Care Premium for weekly (live & recorded) direct support & consultation, Group Practice Office Hours, with the PCT team + Eric Ström, JD PhD LMHC (monthly)
- PCT’s Group Practice PCT Way HIPAA Compliance Manual & Materials — comprehensive customizable HIPAA Security Policies & Procedure and materials templates specifically for mental health group practices. with a detailed step-by-step project plan and guided instructions for adopting & implementing efficiently    Â
- Policies & Procedures include:Â
- Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application.
- Computing Devices and Electronic Media Technical Security Policy
- Bring Your Own Device (BYOD) Policy
- Communications Security Policy
- Information Systems Secure Use Policy
- Risk Management Policy
- Contingency Planning Policy
- Device and Document Transport and Storage Policy
- Device and Document Disposal Policy
- Security Training and Awareness Policy
- Passwords and Other Digital Authentication Policy
- Software and Hardware Selection Policy
- **Security Incident Response and Breach Notification Policy**
- Security Onboarding and Exit Policy
- Sanction Policy Policy
- Release of Information Security Policy
- Remote Access Policy
- Data Backup Policy
- Facility/Office Access and Physical Security Policy
- Facility Network Security Policy
- Computing Device Acceptable Use Policy
- Business Associate Policy
- Access Log Review Policy
- Forms & Logs include:
- Workforce Security Policies Agreement
- **Security Incident Report**
- PHI Access Determination
- Password Policy Compliance
- BYOD Registration & Termination
- Data Backup & Confirmation
- Access Log Review
- Key & Access Code Issue and Loss
- Third-Party Service Vendors
- Building Security Plan
- Security Schedule
- Equipment Security Check
- Computing System Access Granting & Revocation
- Training Completion
- Mini Risk Analysis
- **Security Incident Response**
- Security Reminder
- Practice Equipment Catalog
- + Workforce Security Manual & Leadership Security Manual — the role-based practical application oriented distillation of the formal Policies & Procedures
- + 2 complimentary seats of the Security Officer Endorsement Training Program (1 for Security Officer; 1 for Deputy (or future Deputy) Security Officer.
- Policies & Procedures include:Â