How to Protect Clients and Comply with HIPAA’s Device Security Standards in One Afternoon

Course Materials

How to Protect Clients and Comply with HIPAA’s Device Security Standards in One Afternoon

1 CE Hour. Continuing Education Session Replay.

Developed by Roy Huggins, LPC NCC
Presented by Roy Huggins, LPC NCC; Liath Dalton

Cat half-in and half-out of a birdhouse

This course is included with our membership at no additional cost! View membership options and save money here.
You are not currently logged in to this site. Need to log in? Click here→

The full Device Security Instruction Center is included with purchase of this course

All therapists want to protect our clients from harm and our practices from liability — especially HIPAA-related liabilities. While full compliance with HIPAA is a high-level and holistic process, there is a very important piece that can be accomplished by most practitioners in just one afternoon. What’s more, this piece of the compliance picture does an enormous amount to protect your clients from confidentiality breaches and to protect your practice from security breaches.

What is that important piece?: Applying HIPAA’s security standards to your electronic devices — e.g. smartphones and computers.

When combined with the checklists and tutorials in our Device Security Instructions Center (which is included with this course), this course will provide both understanding of the legal-ethical issues being addressed when you harden devices, as well as the step-by-step instructions you need to perform hardening on your own particular devices. Most individual practitioners will be able to complete the course and then apply the checklists and tutorials in an afternoon. (Note: the process of applying the checklists and tutorials is not a continuing education activity.)

This introductory-level update course for counselors, clinical social workers, marriage and family therapists, and clinical and counseling psychologists will help learners to judge what legal-ethical standards arise in the use of their personal devices during professional practice, and will provide guidance on how to meet those standards in a sustainable way.

1 CE Hour. Continuing Education Session Replay.

Educational Objectives

  • Describe the HIPAA Security Rule’s technical security standards that apply to electronic devices which are commonly employed in mental health practice
  • Choose technical security measures for electronic devices that address the safe harbors in HIPAA’s Breach Notification Final Rule
  • Protect client confidentiality when using electronic devices to access and use client information online

Syllabus

1. What are HIPAA’s Security Rule standards and how do they apply to my practice devices?

  • Technical security measures
  • Standards calling for encryption, antivirus and firewalls, strong passwords

2. What do I need my devices to do in order to prevent security breaches and prevent liability under HIPAA’s Breach Notification Final Rule?

  • How breach notification works
  •  Proving breaches didn’t happen
  • The safe harbor for encrypted information

3. What online services should I use, or not use, with my devices in order to comply with HIPAA’s Security Standards?

  • Business Associates
  • Synchronizing with iCloud, Google, and others
  • Using personal online services in group practice settings

4. How do I actually do the things recommended in this course?

  • Finding devices and computers that support your security
  • Finding tutorials online
  • Using PCT’s Help Center

Citations:

This course is included with our membership at no additional cost! View membership options and save money here.
You are not currently logged in to this site. Need to log in? Click here→

Course Developer/Primary Presenter

Roy Huggins, LPC NCCRoy Huggins, LPC NCC, is a counselor in private practice who also directs Person-Centered Tech. Roy worked as a professional Web developer for 7 years before changing paths, and makes it his mission to grow clinicians’ understanding of the Internet and other electronic communications mediums for the future of our practices and our professions.

Roy is an adjunct instructor at the Portland State University Counseling program where he teaches Ethics, and is a member of the Zur Institute advisory board. He has acted as a subject matter expert on HIPAA, security and clinical use of technology for Counseling licensure boards and both state and national mental health professional organizations. He has co-authored or authored 2 book chapters, and he routinely consults with mental health colleagues on ethical and practical issues surrounding tech in clinical practice. He served for 5 years on the board of the Oregon Mental Health Counselors Association and then the Oregon Counseling Association as the Technology Committee Chair.

He really likes this stuff.

Course Co-Presenters

Liath Dalton is a Ph.D candidate in Religious Studies. She began her academic career at Reed College and continued her graduate work at the University of Cape Town.

Liath is the Deputy Director for Person Centered Tech and runs our HIPAApropriateness review program. Through her combination of experience evaluating products for their utility and security in regards to how they can meet risk management needs and providing guidance to members around what product options will best meet their specific practice needs, Liath has an intimate knowledge of both what the practice tech needs are for mental health professionals and what it takes for a product to meet those needs.

Program Notices

Accuracy, Utility, and Risks Statement: The contents of this program are based on publications and reports from the federal Department of Health and Human Services; consultation with experts on HIPAA Security standards and their implementation; and personal study from the program developers. Some interpretation and analysis presented is made by the presenter, in consultation with knowledgeable colleagues and expert consultants. Statements about applications to technology are according to presenter’s understanding of the technology at the time of the program. The presenter may not know how to apply all principles discussed to every technology type or product. This program discusses strategies for complying with HIPAA and covered ethics codes. It may not include information on all applicable state laws. Misapplication of the materials, or errors in the materials, could result in security problems, data breaches, or non-compliance with applicable laws or ethics codes. 

Conflicts of Interest: None.

Commercial Support: This program has no commercial support.

All events for this program will be subject to our cancellation/refund policy and complaint policy.

Photo by Eduardo Sánchez on Unsplash

ACEP LogoPerson Centered Tech Incorporated is approved by the American Psychological Association to sponsor continuing education for psychologists. Person Centered Tech Incorporated maintains responsibility for this program and its content.

ACEP LogoPerson Centered Tech Incorporated has been approved by NBCC as an Approved Continuing Education Provider, ACEP No. 6582. Programs that do not qualify for NBCC credit are clearly identified. Person Centered Tech Incorporated is solely responsible for all aspects of the programs.

State Approvals

Pre-approved by the Texas Social Work Board (#6357) and Texas Counseling Board (#1883)

Ohio CSWMFT Pre-Approved Provider #: RCST071601

Person Centered Tech Incorporated is recognized by the New York State Education Department's State Board for Social Work as an approved provider of continuing education for licensed social workers #SW-0540.

This course is included with our membership at no additional cost! View membership options and save money here.
You are not currently logged in to this site. Need to log in? Click here→