Practical Application of HIPAA and Mental Health Ethics for Admin Staff

2 Hours. Security and Privacy Training for Administrative Staff.

Developed by: Roy Huggins, LPC NCC
Presented By: Roy Huggins, LPC NCC; Nicole Kramer, MBA

Course Description

Lions on a rock

This course is designed to give administrative staff the knowledge and confidence to own their domain! Much like a lion gazing over the grasslands of the Serengeti, you are charged with doing your part in keeping the practice and clients safe and secure.

Mental health practice office administrators are often the first and last members of the staff clients interact with during their office visits. And HIPAA security and privacy doesn’t simply begin or end while clients are within the practice walls. Keeping clients safe involves policies, procedures, best practice behaviors, laws, and ethics; it’s enough to keep our heads spinning without proper guidance on what our roles as administrators actually entails.

Cue office administration technology.

Practice tech offers the ability to keep our clients information safe and accessible and streamline the work we do making us more efficient administrators, and in turn, better serving the clients.

This is a comprehensive, introductory-level course for mental health practice office administrators to support HIPAA Security compliance with particular attention to technology and digital ethics. The course uses a combination of video and learning activities with the intention that you can apply what you learn in order to perform your administrative tasks that keep client information secure, accessible and confidential.

This is not a continuing education course

Educational Objectives

  • Describe how security and privacy are important to an admin staff member’s role in a mental/behavioral health practice.
  • Perform releases of information and reception services in a manner that protects client privacy and adheres to practice policies and procedures.
  • Describe and apply tech concepts as they apply to an admin staff member’s role in a mental/behavioral health clinic.
  • Engage, from the admin staff member’s perspective, with the practice’s policies & procedures around security risk mitigation and contingency planning.


  1. Getting Into a Security Mindset
    • Apply mental health professional ethics of confidentiality, records maintenance, and professional boundaries to support effective therapeutic conditions as an administrator.
    • Describe the HIPAA Security and Privacy Rules and apply them to the administrator’s role in confidentiality and record maintenance.
    • Identify common behavior mistakes administrators make in their role in office security and privacy and implement best practice HIPAA secure behavioral procedures.
  2. HIPAA and Client Privacy
    • Demonstrate the ability to identify Protected Health Information (PHI).
    • Describe under what circumstances it is appropriate to release PHI and identify what PHI is appropriate to disclose.
    • List the required information a HIPAA-compliant Release of Information (ROI) form must contain and use form to perform HIPAA-compliant Releases of Information.
    • Implement best practice behaviors to properly maintain security when performing a Release of Information.
  3. Using the Practice’s Tech In the Admin Role
    • Determine what methods of secure communication the practice utilizes and assess what communication methods are specific to your role as an administrator.
    • Demonstrate knowledge of client’s rights to secure communication under HIPAA and explain to clients the risk of nonsecure communication.
    • Prepare for accidental exposure to PHI and demonstrate competency of best practice behaviors of how administrators respond to accidental exposure.
    • Utilize the practice’s Bring Your Own Device Policy to determine how to keep your personal electronic device secure and use your device securely.
  4. Participating in the Practices’ Risk Management Activity
    • Demonstrate competency of the practice’s Security Policies and Procedures and assess how the policies and procedures apply to your role as an administrator.
    • Assess your role in office security and apply knowledge to support office safety.
    • Prepare to use the practice’s contingency plan in the event of a disaster, emergency, or outage and describe your role as an administrator in contingency plan execution.


2 Hours.

Please purchase 1 copy for each person who will be taking the course. Click here to purchase additional copies.

Presented/Developed By

Roy Huggins, LPC NCCRoy Huggins, LPC NCC, is a counselor in private practice who also directs Person-Centered Tech. Roy worked as a professional Web developer for 7 years before changing paths, and makes it his mission to grow clinicians’ understanding of the Internet and other electronic communications mediums for the future of our practices and our professions.

Roy is an adjunct instructor at the Portland State University Counseling program where he teaches Ethics, and is a member of the Zur Institute advisory board. He has acted as a subject matter expert on HIPAA, security and clinical use of technology for Counseling licensure boards and both state and national mental health professional organizations. He has co-authored or authored 2 book chapters, and he routinely consults with mental health colleagues on ethical and practical issues surrounding tech in clinical practice. He served for 5 years on the board of the Oregon Mental Health Counselors Association and then the Oregon Counseling Association as the Technology Committee Chair.

He really likes this stuff.

Nicole Kramer, MBA received her MBA in healthcare administration from Western Governors University in 2017.  Before healthcare, she worked as a licensed insurance producer where she helped individuals and businesses assess risk and mitigate liability. Her working experience includes medical clinic office management which included overseeing and implementing technology operations and HIPAA compliance.

Nicole is the Business Development Manager at Person Centered Tech.

Course Materials Co-Developer

Liz Knutsen, MSW CSWA, received her MSW in advocacy, leadership and social change from the University of Illinois Urbana-Champaign in 2012. Liz has worked in various macro-level social work positions including geriatric healthcare and holistic horticulture healthcare. She is also a trauma informed sex therapist in a private practice in Portland working towards her LCSW licensure.

Liz is the Engagement Manager at Person Centered Tech.


Program Notices

Accuracy, Utility, and Risks Statement: The contents of this program are based primarily on publications from the federal Department of Health and Human Services, and on the ethics codes of these professional organizations: AAMFT, ACA, APA, NASW, NBCC. Contents are also guided by statements from leadership in those organizations. Some interpretation and analysis presented is made by the presenter, in consultation with knowledgeable colleagues and expert consultants. Statements about applications to technology are according to presenter’s understanding of the technology at the time of the program. The presenter may not know how to apply all principles discussed to every technology type or product. This program discusses strategies for complying with HIPAA and covered ethics codes, and for improving security. It may not include information on all applicable state laws. Misapplication of the materials, or errors in the materials, could result in security problems, data breaches, or non-compliance with applicable laws or ethics codes.

Conflicts of Interest: None.

Commercial Support: None.

This course is subject to our cancellation/refund policy and complaint policy.

2 Hours.

Please purchase 1 copy for each person who will be taking the course. Click here to purchase additional copies.

Lions on a rock

2 Hours. Security and Privacy Training for Administrative Staff.

This is not a continuing education course


Please purchase 1 copy for each person who will be taking the course. Click here to purchase additional copies.

You are not currently logged in to this site. Need to log in? Click here→


Scheduled Maintenance

We will be temporarily taking the website offline at 10:00 PM Pacific (1:00 AM Eastern) tonight, July 6, in order to make some improvements. We plan to be back online by midnight Pacific (3:00 AM Eastern). We apologize for any inconvenience this may cause. Dismiss