HIPAA Security Compliance in Mental Health, a Guided Reading

Course Materials

Mental Health Pros’ 3 Steps to (Actually) Be HIPAA Security Compliant
What Is a HIPAA Business Associate?
What is HIPAA Breach Notification?

HIPAA Security Compliance in Mental Health, a Guided Reading

1 CE Hour. Guided Reading.

Developed and written by Roy Huggins, LPC NCC

This course is also available for free to our newsletter subscribers. Learn about our free CE offer here→.

You are not currently logged in to this site. Need to log in? Click here→

Books on Beach

The process of complying with the HIPAA Security Rule — which is the part of HIPAA that governs digital tech like email, phones and computers — is a relatively flexible and personalizable process. We and our colleagues in mental health technology have published a lot of material covering it.

This is a guided reading, with resource links, meant to help guide you through the process of understanding and getting in compliance with the Security Rule.

This is an introductory-level guided reading course for counselors, marriage and family therapists, clinical social workers, and counseling and clinical psychologists to introduce them to some of the most important basic concepts in HIPAA Security.

1 CE Hour. Guided reading.

Educational Objectives

  • Determine the clinician’s responsibilities for complying with the HIPAA Security Rule
  • Identify when a third-party service provider is the clinician’s HIPAA Business Associate and what documentation or procedures are necessary for working with that third party
  • Respond to security incidents in a HIPAA compliant manner


This course is a guided reading, which means it is made up of a series of related articles. Below are the articles included in this course:

  • Am I a HIPAA Covered Entity? How Much Does It Matter If I Am Or Not?: Explores the manner in which one becomes covered under HIPAA and some of the legal-ethical ramifications of both being a covered entity and not being one.
  • Mental Health Pros’ 3 Steps to (Actually) Be HIPAA Security Compliant: Explores a breakdown of the process of HIPAA Security Rule compliance into three steps, with some resources for doing each step.
  • What Is a HIPAA Business Associate?: A very basic exploration of HIPAA’s Business Associate Rule and how it applies to a variety of situations.
  • What is HIPAA Breach Notification?: A very basic exploration of both the concept of security breach notification and the manner in which HIPAA requires it be done.

You are not currently logged in to this site. Need to log in? Click here→


Roy Huggins, LPC NCCRoy Huggins, LPC NCC, is a counselor in private practice who also directs Person-Centered Tech. Roy worked as a professional Web developer for 7 years before changing paths, and makes it his mission to grow clinicians’ understanding of the Internet and other electronic communications mediums for the future of our practices and our professions.

Roy is an adjunct instructor at the Portland State University Counseling program where he teaches Ethics, and is a member of the Zur Institute advisory board. He has acted as a subject matter expert on HIPAA, security and clinical use of technology for Counseling licensure boards and both state and national mental health professional organizations. He has co-authored or authored 2 book chapters, and he routinely consults with mental health colleagues on ethical and practical issues surrounding tech in clinical practice. He served for 5 years on the board of the Oregon Mental Health Counselors Association and then the Oregon Counseling Association as the Technology Committee Chair.

He really likes this stuff.

Program Notices

Accuracy, Utility, and Risks Statement: The contents of this program are based primarily on publications from the federal Department of Health and Human Services, and on the ethics codes of these professional organizations: AAMFT, ACA, APA, NASW, NBCC. Contents are also guided by statements from leadership in those organizations. Some interpretation and analysis presented is made by the presenter, in consultation with knowledgeable colleagues and expert consultants. Statements about applications to technology are according to presenter’s understanding of the technology at the time of the program. The presenter may not know how to apply all principles discussed to every technology type or product. This program discusses strategies for complying with HIPAA and covered ethics codes, and for improving security. It may not include information on all applicable state laws. Misapplication of the materials, or errors in the materials, could result in security problems, data breaches, or non-compliance with applicable laws or ethics codes.

Conflicts of Interest: Program presenter has no known conflicts of interest.

Commercial Support: This program has no commercial support.

All events for this program will be subject to our cancellation/refund policy and complaint policy.

ACEP LogoPerson Centered Tech Incorporated is approved by the American Psychological Association to sponsor continuing education for psychologists. Person Centered Tech Incorporated maintains responsibility for this program and its content.

ACEP LogoPerson Centered Tech Incorporated has been approved by NBCC as an Approved Continuing Education Provider, ACEP No. 6582. Programs that do not qualify for NBCC credit are clearly identified. Person Centered Tech Incorporated is solely responsible for all aspects of the programs.

State Approvals

Pre-approved by the Texas Social Work Board (#6357) and Texas Counseling Board (#1883)

Ohio CSWMFT Pre-Approved Provider #: RCST071601

Person Centered Tech Incorporated is recognized by the New York State Education Department's State Board for Social Work as an approved provider of continuing education for licensed social workers #SW-0540.

You are not currently logged in to this site. Need to log in? Click here→