Engaging in HIPAA Security and Digital Confidentiality as a Mental Health Professional

Course Materials

What You Already Know About Security
How to Tune in Emotionally
Your Risk Management Lens
The Ethical and Legal Context
Module 1 Wrap Up
Module 2: Grasping the Basics of HIPAA Security Rule Compliance
Covered Entity Status
What the HIPAA Security Rule Says
Steps to HIPAA Security Compliance
Who/What Can Be HIPAA-Compliant?
Personally-Identifying Information
Business Associates and Business Associate Agreements
Workforce Management Standards
What the HIPAA Security Rule’s Scope Means to You
Module 2 Wrap Up
Module 3: Understanding Basic Technical Concepts
Moving vs. Sitting Data
What Is the Internet?
What Is Encryption?
What Is Authentication?
Tie in to HIPAA and Ethics
Module 3 Wrap Up
Module 4: Using Email, Text, Phone, and Video in a HIPAA-Compliant Manner
Types of Email
Different Ways to Text
Secure vs. Nonsecure Communication
Types of Phone Service
Videoconferencing Options
Your Communications Policy
Module 4 Wrap Up
Module 5: Handling Security Incidents and Breaches
Incidents vs. Breaches
Safe Harbor from Breach Reporting
Let Breach Notification Serve as Your Guide
Module 5 Wrap Up
Module 6: Protecting Your Technological Devices
Potential Threats
Digitally Protecting Your Devices
Using Encryption
Using Secure WiFi
Backing Up Your Data
Choosing Unique Logins
Physically Protecting Your Devices
Module 6 Wrap Up
Module 7: Using Cloud Services Effectively and Safely
What Is the Cloud?
How Safe Is the Cloud?
Advantages of Cloud Services
Your Role in Cloud Security
Data Synchronization
Financial Institutions in the Cloud
Module 7 Wrap Up
Module 8: Analyzing Information Risks
Trace the Information
Assess the Technology
Engage in Compliance
Module 8 Wrap Up
Course Wrap Up

Syllabus

  1. Getting Into a Security Mindset
    • Relating your existing skillset around security to the HIPAA way of doing security.
    • Emotional norming regarding how you relate to security activities and to security regulations.
    • Relating your existing risk management skills to the way HIPAA uses risk management.
    • Explaining our ethical and legal contexts for engaging in security activities.
  2. Grasping the Basics of HIPAA Security Rule Compliance
    • Determining who is subject to HIPAA
    • Learning what the HIPAA Security Rule requires
    • Performing the steps to become compliant with HIPAA’s Security Rule
    • Critically analyzing what it means when a product says it is “HIPAA Compliant”
    • Determining what kind of information is personally identifying
    • Understanding Business Associates and Business Associate Agreements
    • Grasping the scope of HIPAA as it pertains to your practice
    • Learning HIPAA Security’s workforce management standards
  3. Understanding Basic Technical Concepts
    • Conceptualizing the difference in HIPAA Security standards for “data in motion” vs. “data at rest”
    • Conceptualizing an Internet transmission and how it impacts HIPAA Security standards
    • Conceptualizing encryption and its application to HIPAA Security Standards
    • Conceptualizing authentication and its application to HIPAA Security Standards
  4. Using Email, Text, Phone, and Video in a HIPAA-Compliant Manner
    • Comparing the different types of secure (and nonsecure) email
    • Understanding what is meant by “texting” and how it impacts HIPAA compliance
    • HIPAA and ethical standards of secure communication vs nonsecure communication with clients
    • Comparing the different types of phone service and their relationship to HIPAA Security standards
    • Understanding videoconferencing options and their relationship to HIPAA Security standards
    • Using Communications Policies with clients for ethical and HIPAA-compliance purposes
  5. Handling Security Incidents and Breaches
    • Understanding how a security “incident” becomes a security “breach”
    • Qualifying for the safe harbor in HIPAA’s breach notification rule
    • Using HIPAA’s breach notification rule to guide compliance strategy
  6. Protecting Your Technological Devices
    • Identifying potential threats to the security of protected health information on your devices
    • Digitally protecting your devices to comply with HIPAA Security standards
    • Using encryption to protect information on your devices and comply with HIPAA Security standards
    • Using secure WiFi to protect information on your devices and comply with HIPAA Security standards
    • Backing up your data to protect information on your devices and comply with HIPAA Security standards
    • Choosing unique logins to protect information on your devices and comply with HIPAA Security standards
    • Physically protecting your devices to protect information on your devices and comply with HIPAA Security standards
  7. Using Cloud Services Effectively and Safely
    • Understanding what “the cloud” is
    • Evaluating cloud services for security
    • Using cloud services to help achieve HIPAA Security compliance
    • Doing your part to keep your cloud services secured to HIPAA Security standards
    • Identifying and using (or preventing) “data synchronization” to achieve HIPAA Security standards
    • Learning how financial services in the cloud relate to HIPAA Security and the Business Associate Rule
  8. Analyzing Information Risks
    • Tracing where your information is
    • Assessing your technology
    • Engaging in HIPAA Security Rule compliance
v1.25.07

Scheduled Maintenance

We will be temporarily taking the website offline at 10:00 PM Pacific (1:00 AM Eastern) tonight, July 6, in order to make some improvements. We plan to be back online by midnight Pacific (3:00 AM Eastern). We apologize for any inconvenience this may cause. Dismiss