by Evan Dumas | Jun 18, 2026 | Clinician Resources, Podcasts
In our latest episode, we share what we know about the proposed HIPAA Security Rule and steps to take to safeguard your practice in the meantime until we know more.
We discuss:
The current status of the proposed HIPAA Security Rule
How regulatory uncertainty does not equal security uncertainty
Takeaways from OCR Director Paula Stannard’s comments at the National HIPAA Summit that give insight into the rationale behind the proposed rule
Risk analysis, encryption, reasonable and appropriate safeguards, and meaningful protection of client information
Our recommendation for building your compliance strategy
Four steps practice owners should take right now to safeguard your practice
PCT resources that can help you take those steps
by Evan Dumas | Jun 11, 2026 | Clinician Resources, Podcasts
In our latest episode, we have an important update for practice owners who bill insurance.
We discuss:
Why the change from CAQH to DataSpring is not just an administrative rebrand, as DataSpring is trying to position it
Why this change is a big deal for practice owners who bill insurance
The action steps recommended by The Group Practice Exchange
Additional PCT-recommended action steps
Who owns the infrastructure that healthcare depends on?
Looking at this change from a risk management perspective
by Evan Dumas | Jun 4, 2026 | Clinician Resources, Podcasts
In our latest episode, we have exciting updates for cross-jursidictional and multi-jurisdictional practice.
We discuss:
The Counseling Compact, and the states in which it is live
The ETA for the Social Work Licensure Compact going live
Access MFT’s licensure portability effort
Portability-friendly laws and how they differ from rights for temporary practice
PSYPACT updates
Physical location restrictions and requirements for providers under compacts
Details of our upcoming CE training: Legal-Ethical Cross-Jurisdictional Telemental Health in 2026: Interstate, International, and Complex Practice Considerations
by Evan Dumas | May 7, 2026 | Clinician Resources, Podcasts
In our latest episode, we share a cautionary tale about a Talkspace client whose healthcare information was weaponized against them.
We discuss:
Venture capital firms buying therapy practices, monetizing, and weaponizing client data to make more money
A recent case where a Talkspace client’s data was read aloud in court
Platforms using client communication to train LLMs and AI platforms
How these platforms are profoundly detrimental to clients, therapists, and the profession
Why when something seems too easy and convenient, you are often the product (and your clients are the product)
How these companies operate outside of HIPAA Security Rule standards
The importance of vetting platforms and having BAAs for safeguarding client information
by Evan Dumas | Apr 29, 2026 | Clinician Resources, Podcasts
In our latest episode, we talk about the importance of proficiency and competency with any tool or modality used in your practice.
We discuss:
Why training is necessary with any tool or modality used in your practice, not just AI
What the professional ethics codes say about competence and proficiency for tools and modalities used
How PCT evolved to help clinicians manage the advent of new technology
Our upcoming CE training on how to evaluate AI and incorporate it into your practice and workflow ethically and effectively
How training can set you apart and strengthen the therapeutic alliance
by Liathana Dalton | Apr 23, 2026 | Clinician Resources, Podcasts
In this episode, we share concrete steps to take if you’ve discovered staff members using non-approved AI platforms in your practice.
We discuss:
The misconceptions around what constitutes PHI (and why information used to write a progress note absolutely is PHI)
Why this is a reportable HIPAA breach
Why reporting a HIPAA breach is nowhere near as scary or impactful as you may fear
The difference between a large breach and a small breach, and reporting deadlines for each
Client notification deadlines for breaches
How state law can impact or add to reporting deadlines
Steps to take after discovering non-compliant AI use in your practice
What to investigate, how to document, how to mitigate, how to notify clients, and when to consult an attorney
by Evan Dumas | Apr 16, 2026 | Clinician Resources, Podcasts
In our latest episode, we explain why free email providers are inherently not HIPAA compliance compatible.
We discuss:
Why it’s necessary to have a Business Associate Agreement with your email service provider
Why clients can’t opt out of HIPAA
What requests for alternative or non-secure communication actually mean under the HIPAA Privacy Rule
What counts as Protected Health Information (PHI)
Why a free email address might be a red flag for prospective clients
How to get a BAA protected email, with a domain name or without
by Evan Dumas | Apr 9, 2026 | Clinician Resources, Podcasts
In our latest episode, we continue our series on AI use within therapy practices by sharing how to explain to your team members why using non-vetted AI platforms is not permissible.
We discuss:
What counts as Protected Health Information and a breakdown of the often misunderstood 18th identifier under HIPAA
How therapy progress notes and clinical notes are inherently identifying
AI re-identification risk and why this is possible
Why AI use involving client information must be vetted and HIPAA compliance-compatible
What happens when you input data into personal AI platforms
What we mean by AI governance, and why personal AI platforms can’t be governed
Why lack of AI governance is a significant liability
Impermissible disclosures under HIPAA
Why proving low probability of compromise is difficult after the fact, and what this means for your ability to mitigate risk
Managing the emotional pieces of identifying risk and risk mitigation in your practice
by Evan Dumas | Apr 2, 2026 | Clinician Resources, Podcasts
In our latest episode, we share information about the recent Darksword iPhone exploit, and what that means for therapy practice owners regarding device security.
We discuss:
What you need to know about this exploit
Device hardening within your security circle
Device security gaps we see in everyday practice
Pairing technical security measures with behavioral security measures
PCT’s resources around risk management and device security
by Evan Dumas | Mar 18, 2026 | Clinician Resources, Podcasts
In our latest episode, we discuss HHS’s new model Notice of Privacy Practice for Part 2 programs, what has changed, and what that means for your practice.
We cover:
The Part 2 Final Rule from 2024
Why the Feb. 16th enforcement deadline has been so confusing
The model Part 2 NPP and Patient Notice from HHS, and the function of each document
Who is considered a lawful holder and what that means
Whether you need to switch to the HHS templates
What to do if you already used our decision guide and resources ahead of the deadline
