At Person Centered Tech we often hear that working with HIPAA Security is a mysterious and arduous process. We think this need not be true. HIPAA only comes across that way because the information mental health professionals often get is either wrong or just skims the surface. And many commercial interests will play on our fear of punishment from an authority to get us to buy products related to HIPAA. But fear only makes understanding worse, and it may drive reactive behaviors that won’t help achieve HIPAA compliance.
To help turn this situation around, Person Centered Tech is pleased to present the following collection of articles about HIPAA Security. Click an arrow or title below to see a summary of the article and a link to open it. Person Centered Tech has been publishing free articles on technology in mental health practice since 2012. We also offer a free continuing education course on HIPAA Security in Mental Health. If you would like CE credit for your study time, and also like free things, sign up for our free courses.
First things first! Are you even subject to HIPAA? You might or might not be. Just because you practice health care in the United States, you’re not necessarily legally required to comply with HIPAA. But what does it mean even if you aren’t? Does it really change anything? This article helps make sense of these important questions and more. 
This article covers a basic concept, but it’s one that not every mental health professional is very familiar with. What if companies that handle your clients’ info signed contracts promising to safeguard the information? HIPAA calls that a Business Associate Agreement. Even if you do know what HIPAA Business Associates are, this article contains some details and particulars that clinicians are often confused about. 
Some find the name and content of this article a little intimidating. But HIPAA’s way of dealing with security breaches is actually really flexible and reasonable. And understanding how it works will make you far more prepared to know how to avoid it all together! Preparing yourself for when an information breach does happen is like preparing for a suicidal client: a bit scary, but also something you can work with. 
“Breach notification” doesn’t sound so great, but this article delivers some mighty good news on the issue. Wouldn’t it be great if your computer and smartphone could be made impervious to security breaches under HIPAA? Well, they kind of can be. You may want to read this article right after reading the one on breach notification! 
Previous articles in this series reference how HIPAA Security works, but this one gets into a very high-level view of the real process and busts some myths. This article contains a simplified, chunked-down look at the process of (actual) compliance with the HIPAA Security Rule, split into three steps. 
Given that the process of HIPAA Security compliance looks like the three steps mentioned in the previous article, where do “HIPAA-compliant” products come in? Well, they may not be a part of it at all! This article clarifies how the phrase “HIPAA-compliant” has become meaningless — like “inflammable” and “awesome.” It’s time for better terminology. 
At this point in the article series, hopefully you’re getting the idea that “risk analysis and risk management” is the name of the HIPAA game. This article goes into detail about why that’s a good thing for you and for your practice. In fact, HIPAA’s approach to security might just be the most empowering thing available to you and your clients. 
HIPAA Security compliance requires doing a risk analysis and making a risk management plan. Many wonder how to go about accomplishing this. It’s not a simple answer, but it doesn’t have to be as hard as it sounds. Can you do it yourself? (Hint: Yes, you can. Read on for details!) 
There’s a lot of technology out there for mental health professionals to choose from, but what do you actually need for your practice? This article breaks it down to the eight tools/services you’ll need to support HIPAA-compliance and overall functioning in your practice. 
In this final article of the HIPAA series we offer links to great resources that can help you with your compliance process. There are a number of helpful sources that provide free HIPAA forms like the Notices of Privacy Practices, BAAs, and Risk Analysis Tools. We list our favs.