How to Create a HIPAA-Compliant Contingency Plan
1 CE Credit Hour. Legal-Ethical. Continuing Education Session Replay
Presented By: Roy Huggins, LPC NCC; Liath Dalton
Contingency planning is an important, but under-discussed, part of complying with HIPAA’s Security Rule. Many risk mitigation plans call for contingency planning to help mitigate special security risks that arise during emergencies. Contingency planning is also required by professional ethics and most mental health licensing boards.
This introductory-level course for counselors, clinical social workers, marriage and family therapists, and clinical and counseling psychologists will help learners understand the role of contingency planning in professional, HIPAA-compliant practice and in ethical practice, as well.
- Describe the set of HIPAA security standards which need to be addressed through contingency planning.
- Describe ethical considerations that need to be addressed through contingency planning.
- Apply the Person Centered Tech model of contingency planning to create a HIPAA-compliant contingency plan for the attendee’s practice.
- What are the HIPAA Security standards that require contingency planning?
- Contingency plan standard.
- Other standards that need contingency plans in order to be met.
- What are the ethical standards that require contingency planning?
- Standards for preparation for clinician becoming unavailable.
- Records custodians and other other non-HIPAA legal-ethical contingency planning requirements.
- Tools for non-HIPAA-related contingency planning.
- What tools are available to help author security a contingency plan?
- Survey of tools that provide templates and guidance for HIPAA-compliant contingency planning.
- Concrete demonstration of contingency planning process using Person Centered Tech tool.
- What do I do with my contingency plan?
- HIPAA and security training.
- Requirements for maintaining compliance documents.
- US Dept. of Health and Human Services. (2006). HIPAA Administrative Simplification . Washington, DC: Author.
- US Dept. of Health and Human Services. (2013). HIPAA Omnibus Final Rule . Washington, DC: Author.
Roy Huggins, LPC NCC, is a counselor in private practice who also directs Person-Centered Tech. Roy worked as a professional Web developer for 7 years before changing paths, and makes it his mission to grow clinicians’ understanding of the Internet and other electronic communications mediums for the future of our practices and our professions.
Roy is an adjunct instructor at the Portland State University Counseling program where he teaches Ethics, and is a member of the Zur Institute advisory board. He has acted as a subject matter expert on HIPAA, security and clinical use of technology for Counseling licensure boards and both state and national mental health professional organizations. He has co-authored or authored 2 book chapters, and he routinely consults with mental health colleagues on ethical and practical issues surrounding tech in clinical practice. He served for 5 years on the board of the Oregon Mental Health Counselors Association and then the Oregon Counseling Association as the Technology Committee Chair.
He really likes this stuff.
Liath Dalton is a Ph.D candidate in Religious Studies. She began her academic career at Reed College and continued her graduate work at the University of Cape Town.
Liath is the Deputy Director for Person Centered Tech and runs our HIPAApropriateness review program. Through her combination of experience evaluating products for their utility and security in regards to how they can meet risk management needs and providing guidance to members around what product options will best meet their specific practice needs, Liath has an intimate knowledge of both what the practice tech needs are for mental health professionals and what it takes for a product to meet those needs.
Accuracy, Utility, and Risks Statement: The contents of this program are based on publications and reports from the federal Department of Health and Human Services and the National Institutes for Standards and Technology; consultation with experts on HIPAA Security standards and their implementation; and personal study from the program developers. Some interpretation and analysis presented is made by the presenter, in consultation with knowledgeable colleagues and expert consultants. Statements about applications to technology are according to presenter’s understanding of the technology at the time of the program. The presenter may not know how to apply all principles discussed to every technology type or product. This program discusses strategies for complying with HIPAA and covered ethics codes. It may not include information on all applicable state laws. Misapplication of the materials, or errors in the materials, could result in security problems, data breaches, or non-compliance with applicable laws or ethics codes.
Conflicts of Interest: None.
Commercial Support: None.