HIPAA Security Compliance in Mental Health, a Guided Reading
1 CE Credit Hour. Legal-Ethical. Guided Reading Course.
Presented By: Roy Huggins, LPC NCC
This course is also available for free to our newsletter subscribers. Learn about our free CE offer here→.
The process of complying with the HIPAA Security Rule — which is the part of HIPAA that governs digital tech like email, phones and computers — is a relatively flexible and personalizable process. We and our colleagues in mental health technology have published a lot of material covering it.
This is a guided reading, with resource links, meant to help guide you through the process of understanding and getting in compliance with the Security Rule.
This is an introductory-level guided reading course for counselors, marriage and family therapists, clinical social workers, and counseling and clinical psychologists to introduce them to some of the most important basic concepts in HIPAA Security.
- Determine the clinician’s responsibilities for complying with the HIPAA Security Rule
- Identify when a third-party service provider is the clinician’s HIPAA Business Associate and what documentation or procedures are necessary for working with that third party
- Respond to security incidents in a HIPAA compliant manner
This course is a guided reading, which means it is made up of a series of related articles. Below are the articles included in this course:
- Am I a HIPAA Covered Entity? How Much Does It Matter If I Am Or Not?: Explores the manner in which one becomes covered under HIPAA and some of the legal-ethical ramifications of both being a covered entity and not being one.
- Mental Health Pros’ 3 Steps to (Actually) Be HIPAA Security Compliant: Explores a breakdown of the process of HIPAA Security Rule compliance into three steps, with some resources for doing each step.
- What Is a HIPAA Business Associate?: A very basic exploration of HIPAA’s Business Associate Rule and how it applies to a variety of situations.
- What is HIPAA Breach Notification?: A very basic exploration of both the concept of security breach notification and the manner in which HIPAA requires it be done.
- American Psychological Association. (2010). American Psychological Association Ethical Principles of Psychologists and Code of Conduct . Washington, DC: Author.
- American Association of Marriage and Family Therapists. (2015). Code of Ethics . Alexandria, VA: Author.
- American Counseling Association. (2014). ACA Code of Ethics. Alexandria, VA: Author.
- Mintz Levin. (2016). State Data Security Breach Notification Laws. Boston: Author.
- National Association of Social Workers. (2008). Code of Ethics . Washington, DC: Author.
- National Board for Certified Counselors. (2012). Code of Ethics . Greensboro, NC: Author.
- Office for Civil Rights. (n.d.). Breach Notification Rule. Retrieved August 25th, 2016 from HHS.gov: http://www.hhs.gov/hipaa/for-professionals/breach-notification/
- Stewart, J.; Chapple, M.; Gibson, D. (2015). Certified Information Systems Security Professional Official Study Guide. Indianapolis, IN: John Wiley and Sons, Inc.
- US Dept. of Health and Human Services. (2005). Basics of Risk Analysis and Risk Management. Washington, DC: Author.
- US Dept. of Health and Human Services. (2006). HIPAA Administrative Simplification. Washington, DC: Author.
- US Department of Health and Human Services. (2013). HIPAA Omnibus Final Rule. US Federal Register.
Roy Huggins, LPC NCC, is a counselor in private practice who also directs Person-Centered Tech. Roy worked as a professional Web developer for 7 years before changing paths, and makes it his mission to grow clinicians’ understanding of the Internet and other electronic communications mediums for the future of our practices and our professions.
Roy is an adjunct instructor at the Portland State University Counseling program where he teaches Ethics, and is a member of the Zur Institute advisory board. He has acted as a subject matter expert on HIPAA, security and clinical use of technology for Counseling licensure boards and both state and national mental health professional organizations. He has co-authored or authored 2 book chapters, and he routinely consults with mental health colleagues on ethical and practical issues surrounding tech in clinical practice. He served for 5 years on the board of the Oregon Mental Health Counselors Association and then the Oregon Counseling Association as the Technology Committee Chair.
He really likes this stuff.
Accuracy, Utility, and Risks Statement: The contents of this program are based primarily on publications from the federal Department of Health and Human Services, and on the ethics codes of these professional organizations: AAMFT, ACA, APA, NASW, NBCC. Contents are also guided by statements from leadership in those organizations. Some interpretation and analysis presented is made by the presenter, in consultation with knowledgeable colleagues and expert consultants. Statements about applications to technology are according to presenter’s understanding of the technology at the time of the program. The presenter may not know how to apply all principles discussed to every technology type or product. This program discusses strategies for complying with HIPAA and covered ethics codes, and for improving security. It may not include information on all applicable state laws. Misapplication of the materials, or errors in the materials, could result in security problems, data breaches, or non-compliance with applicable laws or ethics codes.
Conflicts of Interest: None.
Commercial Support: None.