Sensible HIPAA Security For Mental Health Pros

An educational article series in 9 articles, with Further Reading and Resources at the end

We often hear from our colleagues that working with HIPAA Security is a mysterious and arduous process. At Person-Centered Tech, we think this need not be true. For most of us, HIPAA only comes across that way because the information we get only skims the surface or, in the worst cases, is completely wrong.

What’s more, many commercial interests will play on our fear of punishment from an authority to get us to buy products related to HIPAA. Unfortunately, playing on fear will only serve to make our understanding worse, and it drives us to engage in reactive behaviors detrimental to achieving HIPAA compliance.

To help turn that around, Person-Centered Tech is pleased to present the following collection of articles on the subject of HIPAA Security. Please enjoy them in good health with the reassurance that we have a number of additional affordable options for support available.

What Is This Again?

Person-Centered Tech has been publishing free articles on technology in mental health practice since 2012. The following is a curated series of those articles, painstakingly updated for the current moment and placed in an order to help you get the most benefit from them.

Along these lines, we also offer a free continuing education course on HIPAA Security in Mental Health. If you would like CE credit for your study time, and also like free things, sign up for our free courses here.

The following articles are numbered according to our recommended reading order. Of course you may buck our system and read them however you wish.

Seem Like a Lot of Articles To Read At Once??

The Articles

First things first! Are you even subject to HIPAA? You might or might not be. And just as importantly, what does it even mean if you aren’t? The answer to the first question is somewhat simple, the second one isn’t. This article helps make sense of it.

1) Am I a HIPAA Covered Entity? How Much Does It Matter If I Am Or Not? (2016 Update)

Law Book and Gavel

Did you know that just because you practice health care in the United States, you’re not necessarily legally required to comply with HIPAA? The followup question, of course, is, “Does it really change anything if you’re not?”

This next one covers a basic concept, but it’s one that not every mental health pro is very familiar with. Even if you do know what HIPAA Business Associates are, may we recommend skimming the article? It does contain some details and particulars that clinicians are often confused about. Our goal is to make sure you’ve got the basics down solid!

Okay, so some folks find the name of this next article a little intimidating. And perhaps the content, too. But I assure you that the news we’re giving you here is good. HIPAA’s way of dealing with security breaches is actually really flexible and reasonable. And what’s more, understanding how it works will make you far more prepared to understand how to avoid it all together! (Hint: the next article after this one will give you a hugely useful tip on how to do that.)

Okay, “breach notification” doesn’t sound so great. Luckily this next article delivers some mighty good news on the issue. Many people may want to read it right after reading the one on breach notification!

Would You Rather These Articles Were Sent to You by Email?

Now that we’ve made all these references to how HIPAA Security actually works, let’s get a very high-level view of the real process. This next article looks innocuous, but for many of our colleagues it’s quite revolutionary.

So if the process of HIPAA Security compliance looks like the three steps mentioned in the previous article, where do “HIPAA compliant” products come in? Well, they may not be a part of it at all! This next article clarifies.

Hopefully you’re getting the idea that “risk analysis and risk management” is the name of the HIPAA game. These next two articles get into some details of why that’s a good thing for you and your practice, and also provide some guidance on how to do it.

By this point in the article series, our readers start to wonder how they can go about accomplishing the risk analysis portion of HIPAA Security compliance. It’s still not a simple answer at this point in history, but it doesn’t have to be as hard as it sounds. Read on for details.

And lastly, we offer an article with great links to a few resources that can help you with your compliance process.

Further Reading and Resources

We’ve produced a ton of articles on HIPAA Security-related topics just for mental health professionals. Below are several that we think are worth reading your way through over time.