How to Protect Clients and Comply with HIPAA’s Device Security Standards in One Afternoon
1 CE Credit Hour. Legal-Ethical. Continuing Education Session Replay.
Developed by: Roy Huggins, LPC NCC
Presented By: Roy Huggins, LPC NCC; Liath Dalton
Purchasing this course includes the Device Security Pack→
All therapists want to protect our clients from harm and our practices from liability — especially HIPAA-related liabilities. While full compliance with HIPAA is a high-level and holistic process, there is a very important piece that can be accomplished by most practitioners in just one afternoon. What’s more, this piece of the compliance picture does an enormous amount to protect your clients from confidentiality breaches and to protect your practice from security breaches.
What is that important piece?: Applying HIPAA’s security standards to your electronic devices — e.g. smartphones and computers.
When combined with the checklists and tutorials in our Device Security Instructions Center (which is included with this course), this course will provide both understanding of the legal-ethical issues being addressed when you harden devices, as well as the step-by-step instructions you need to perform hardening on your own particular devices. Most individual practitioners will be able to complete the course and then apply the checklists and tutorials in an afternoon. (Note: the process of applying the checklists and tutorials is not a continuing education activity.)
This introductory-level update course for counselors, clinical social workers, marriage and family therapists, and clinical and counseling psychologists will help learners to judge what legal-ethical standards arise in the use of their personal devices during professional practice, and will provide guidance on how to meet those standards in a sustainable way.
- Describe the HIPAA Security Rule’s technical security standards that apply to electronic devices which are commonly employed in mental health practice
- Choose technical security measures for electronic devices that address the safe harbors in HIPAA’s Breach Notification Final Rule
- Protect client confidentiality when using electronic devices to access and use client information online
- What are HIPAA’s Security Rule standards and how do they apply to my practice devices?
- Technical security measures
- Standards calling for encryption, antivirus and firewalls, strong passwords
- What do I need my devices to do in order to prevent security breaches and prevent liability under HIPAA’s Breach Notification Final Rule?
- How breach notification works
- Proving breaches didn’t happen
- The safe harbor for encrypted information
- What online services should I use, or not use, with my devices in order to comply with HIPAA’s Security Standards?
- Business Associates
- Synchronizing with iCloud, Google, and others
- Using personal online services in group practice settings
- How do I actually do the things recommended in this course?
- Finding devices and computers that support your security
- Finding tutorials online
- Using PCT’s Help Center
- US Dept. of Health and Human Services. (2006). HIPAA Administrative Simplification . Washington, DC: Author.
- US Dept. of Health and Human Services. (2013). HIPAA Omnibus Final Rule . Washington, DC: Author.
- US Dept. of Health and Human Services. (n.d.). Breach Notification Rule. Retrieved March 28th, 2019, from HHS.gov: https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html
- US Dept. of Health and Human Services. (n.d.). Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals. Retrieved March 28th, 2019, from HHS.gov: http://www.hhs.gov/hipaa/for-professionals/breach-notification/guidance/index.html
Roy Huggins, LPC NCC, is a counselor in private practice who also directs Person-Centered Tech. Roy worked as a professional Web developer for 7 years before changing paths, and makes it his mission to grow clinicians’ understanding of the Internet and other electronic communications mediums for the future of our practices and our professions.
Roy is an adjunct instructor at the Portland State University Counseling program where he teaches Ethics, and is a member of the Zur Institute advisory board. He has acted as a subject matter expert on HIPAA, security and clinical use of technology for Counseling licensure boards and both state and national mental health professional organizations. He has co-authored or authored 2 book chapters, and he routinely consults with mental health colleagues on ethical and practical issues surrounding tech in clinical practice. He served for 5 years on the board of the Oregon Mental Health Counselors Association and then the Oregon Counseling Association as the Technology Committee Chair.
He really likes this stuff.
Liath Dalton is a Ph.D candidate in Religious Studies. She began her academic career at Reed College and continued her graduate work at the University of Cape Town.
Liath is the Deputy Director for Person Centered Tech and runs our HIPAApropriateness review program. Through her combination of experience evaluating products for their utility and security in regards to how they can meet risk management needs and providing guidance to members around what product options will best meet their specific practice needs, Liath has an intimate knowledge of both what the practice tech needs are for mental health professionals and what it takes for a product to meet those needs.
Accuracy, Utility, and Risks Statement: The contents of this program are based on publications and reports from the federal Department of Health and Human Services; consultation with experts on HIPAA Security standards and their implementation; and personal study from the program developers. Some interpretation and analysis presented is made by the presenter, in consultation with knowledgeable colleagues and expert consultants. Statements about applications to technology are according to presenter’s understanding of the technology at the time of the program. The presenter may not know how to apply all principles discussed to every technology type or product. This program discusses strategies for complying with HIPAA and covered ethics codes. It may not include information on all applicable state laws. Misapplication of the materials, or errors in the materials, could result in security problems, data breaches, or non-compliance with applicable laws or ethics codes.
Conflicts of Interest: None.
Commercial Support: None.