Privacy Ethics and HIPAA Fundamentals for Mental Health Professionals in the Agency or Group Practice Context

2 CE Credit Hours. Legal-Ethical. Security and Privacy Training for Clinical Staff. 

Developed by: Roy Huggins, LPC NCC
Presented By: Roy Huggins, LPC NCC; Liath Dalton

This course is also included in our Group Service Plans→

Course Description

Lifeguards meeting in a circle on the sand

Mental health clinicians working in a group practice or agency context have a variety of security and privacy concerns to be aware of. They need to ensure that their behaviors maintain the practice’s HIPAA compliance as well as ensuring that they, themselves, act in accordance with the ethical standards of their own professions.

This introductory-level course is for counselors, clinical social workers, marriage and family therapists, and clinical and counseling psychologists working as staff in a group practice or agency context. It will cover fundamental security and privacy standards defined in HIPAA and contextualized for the group practice/agency setting. Those organizational security and privacy concepts will also be compared and contrasted with professional mental/behavioral health ethics in order to ensure that learners understand the security and privacy standards relevant to their work.

Educational Objectives

  • Describe how HIPAA’s security and privacy rules apply to a clinician in a mental/behavioral health practice.
  • Describe technical security standards as they apply to a clinician’s role in a mental/behavioral health practice.
  • Engage, from the clinician’s perspective, with the practice’s policies & procedures around security risk mitigation and contingency planning.


  1. Getting Into the Security Mindset
    • The relationship between professional mental health ethics and security
    • Understanding HIPAA at the introductory level
    • Confidentiality and availability in both HIPAA and professional ethical standards
    • Common behaviors to avoid
  2. HIPAA and Client Privacy
    • What constitutes Protected Health Information (PHI)?
    • Permitted and required disclosures and releases of PHI
    • Communication with coordinating clinicians outside the practice
  3. Using the Practice’s Tech in the Clinician Role
    • Maintaining the practice’s “circle of secure information”
    • Following and Supporting Bring Your Own Device Policies
    • Using the practice’s records and communications setup securely
    • Understanding the Collaborative Risk Analysis for Client Communication
  4. Participating in the Practices’ Risk Management Activity
    • Understanding Security Policies and Procedures
    • Supporting Office Safety
    • Supporting Contingency Plans


  • American Association of Marriage and Family Therapists. (2015). Code of Ethics . Alexandria, VA: Author.
  • American Counseling Association. (2014). ACA Code of Ethics. Alexandria, VA: Author.
  • American Psychological Association. (2010). American Psychological Association Ethical Principles of Psychologists and Code of Conduct . Washington, DC: Author.
  • National Association of Social Workers. (2017). Code of Ethics . Washington, DC: Author.
  • National Board for Certified Counselors. (2012). Code of Ethics . Greensboro, NC: Author.
  • US Dept. of Health and Human Services. (2006). HIPAA Administrative Simplification . Washington, DC: Author.
  • US Dept. of Health and Human Services. (2013). HIPAA Omnibus Final Rule . Washington, DC: Author.
2 CE Credit Hours.

Please purchase 1 copy for each person who will be taking the course. Click here to purchase additional copies.

Presented/Developed By

Roy Huggins, LPC NCCRoy Huggins, LPC NCC, is a counselor in private practice who also directs Person-Centered Tech. Roy worked as a professional Web developer for 7 years before changing paths, and makes it his mission to grow clinicians’ understanding of the Internet and other electronic communications mediums for the future of our practices and our professions.

Roy is an adjunct instructor at the Portland State University Counseling program where he teaches Ethics, and is a member of the Zur Institute advisory board. He has acted as a subject matter expert on HIPAA, security and clinical use of technology for Counseling licensure boards and both state and national mental health professional organizations. He has co-authored or authored 2 book chapters, and he routinely consults with mental health colleagues on ethical and practical issues surrounding tech in clinical practice. He served for 5 years on the board of the Oregon Mental Health Counselors Association and then the Oregon Counseling Association as the Technology Committee Chair.

He really likes this stuff.

Course Co-Presenters

Liath Dalton is a Ph.D candidate in Religious Studies. She began her academic career at Reed College and continued her graduate work at the University of Cape Town.

Liath is the Deputy Director for Person Centered Tech and runs our HIPAApropriateness review program. Through her combination of experience evaluating products for their utility and security in regards to how they can meet risk management needs and providing guidance to members around what product options will best meet their specific practice needs, Liath has an intimate knowledge of both what the practice tech needs are for mental health professionals and what it takes for a product to meet those needs.

Course Materials Co-Developer

Liz Knutsen, MSW CSWA, received her MSW in advocacy, leadership and social change from the University of Illinois Urbana-Champaign in 2012. Liz has worked in various macro-level social work positions including geriatric healthcare and holistic horticulture healthcare. She is also a trauma informed sex therapist in a private practice in Portland working towards her LCSW licensure.

Liz is the Engagement Manager at Person Centered Tech.

Program Notices

Accuracy, Utility, and Risks Statement: The contents of this program are based primarily on publications from the federal Department of Health and Human Services, and on the ethics codes of these professional organizations: AAMFT, ACA, APA, NASW, NBCC. Contents are also guided by statements from leadership in those organizations. Some interpretation and analysis presented is made by the presenter, in consultation with knowledgeable colleagues and expert consultants. Statements about applications to technology are according to presenter’s understanding of the technology at the time of the program. The presenter may not know how to apply all principles discussed to every technology type or product. This program discusses strategies for complying with HIPAA and covered ethics codes, and for improving security. It may not include information on all applicable state laws. Misapplication of the materials, or errors in the materials, could result in security problems, data breaches, or non-compliance with applicable laws or ethics codes.

Conflicts of Interest: None

Commercial Support: None

This course is subject to our cancellation/refund policy and complaint policy.

2 CE Credit Hours.

Please purchase 1 copy for each person who will be taking the course. Click here to purchase additional copies.

Lifeguards meeting in a circle on the sand

2 CE Credit Hours. Legal-Ethical. Security and Privacy Training for Clinical Staff. 


Please purchase 1 copy for each person who will be taking the course. Click here to purchase additional copies.

You are not currently logged in to this site. Need to log in? Click here→


Scheduled Maintenance

We will be temporarily taking the website offline at 10:00 PM Pacific (1:00 AM Eastern) tonight, July 6, in order to make some improvements. We plan to be back online by midnight Pacific (3:00 AM Eastern). We apologize for any inconvenience this may cause. Dismiss