Practical Application of HIPAA and Mental Health Ethics for Admin Staff

Course Materials

Unit 1: Understanding Mental/Behavioral Health Professional Ethics as an Admin Staff Member
Unit 2: Understanding HIPAA at the Introductory Level
Unit 3: Stopping Commonly Overlooked Behaviors
Module 1 Wrap Up
Module 2: HIPAA and Client Privacy
Unit 1: Understanding Protected Health Information (PHI)
Unit 2: Understanding Disclosures and Releases
Unit 3: Performing Disclosures and Releases
Unit 4: Maintaining Security While Disclosing and Releasing
Module 2 Wrap Up
Module 3: Using the Practice’s Tech In the Admin Role
Unit 1: Understanding the Records and Communications Setup of the Practice
Unit 2: Understanding the Collaborative Risk Analysis for Client Communication
Unit 3: Accessing Restricted Information
Unit 4: Following and Supporting BYOD Policies
Module 3 Wrap Up
Module 4: Participating in the Practices’ Risk Management Activity
Unit 1: Understanding Security Policies and Procedures
Unit 2: Supporting Office Safety
Unit 3: Supporting Contingency Plans
Module 4 Wrap Up
Course Wrap Up


  1. Getting Into a Security Mindset
    • Apply mental health professional ethics of confidentiality, records maintenance, and professional boundaries to support effective therapeutic conditions as an administrator.
    • Describe the HIPAA Security and Privacy Rules and apply them to the administrator’s role in confidentiality and record maintenance.
    • Identify common behavior mistakes administrators make in their role in office security and privacy and implement best practice HIPAA secure behavioral procedures.
  2. HIPAA and Client Privacy
    • Demonstrate the ability to identify Protected Health Information (PHI).
    • Describe under what circumstances it is appropriate to release PHI and identify what PHI is appropriate to disclose.
    • List the required information a HIPAA-compliant Release of Information (ROI) form must contain and use form to perform HIPAA-compliant Releases of Information.
    • Implement best practice behaviors to properly maintain security when performing a Release of Information.
  3. Using the Practice’s Tech In the Admin Role
    • Determine what methods of secure communication the practice utilizes and assess what communication methods are specific to your role as an administrator.
    • Demonstrate knowledge of client’s rights to secure communication under HIPAA and explain to clients the risk of nonsecure communication.
    • Prepare for accidental exposure to PHI and demonstrate competency of best practice behaviors of how administrators respond to accidental exposure.
    • Utilize the practice’s Bring Your Own Device Policy to determine how to keep your personal electronic device secure and use your device securely.
  4. Participating in the Practices’ Risk Management Activity
    • Demonstrate competency of the practice’s Security Policies and Procedures and assess how the policies and procedures apply to your role as an administrator.
    • Assess your role in office security and apply knowledge to support office safety.
    • Prepare to use the practice’s contingency plan in the event of a disaster, emergency, or outage and describe your role as an administrator in contingency plan execution.

Scheduled Maintenance

We will be temporarily taking the website offline at 10:00 PM Pacific (1:00 AM Eastern) tonight, July 6, in order to make some improvements. We plan to be back online by midnight Pacific (3:00 AM Eastern). We apologize for any inconvenience this may cause. Dismiss