How to Create and Use HIPAA Security Policies and Procedures

Course Materials

How to Create and Use HIPAA Security Policies and Procedures

1 CE Hour. Legal-Ethical. Continuing Education Session Replay.

Developed by Roy Huggins, LPC NCC
Presented by Roy Huggins, LPC NCC; Liath Dalton; and Nicole Kramer, MBA

Kid With Crayons

HIPAA requires mental health professionals to create a set (or “manual”) of security policies and procedures as part of their compliance process. It sounds like a big task — and it can be, if you’re not careful! This CE for Office Hours session replay will teach you the basic requirements along with providing tips and resources for getting the task done legally, ethically, and simply.

This introductory-level course for counselors, clinical social workers, marriage and family therapists, and clinical and counseling psychologists will help learners both understand the role of security policies and procedures in professional, HIPAA-compliant practice and to actually author and adopt security policies and procedures using the templates from HIPAACOW, NASW, or Person Centered Tech.

This course is included with our membership at no additional cost! View membership options and save money here.
You are not currently logged in to this site. Need to log in? Click here→

1 CE Hour. Legal-Ethical. Continuing Education Session Replay.

Educational Objectives

  • Describe the set of HIPAA security standards which need to be addressed in policies and procedures for compliance.
  • Choose practice-appropriate tools for assisting in authoring HIPAA-compliant security policies and procedures.
  • Describe how the risk analysis process informs the policies and procedures authoring process.


  1. What are HIPAA security policies and procedures and why do I need them?
    • Addressing HIPAA Security standards.
    • The relationship between HIPAA-compliant risk analysis and policies and procedures.
    • HIPAA investigations and policies and procedures.
    • Efficient practices and policies and procedures.
  2. How and when do I create or update my policies and procedures?
    • HIPAA policy and procedure authoring guidance from the Center for Medicare and Medicaid Studies (CMS.)
    • High-level best practices around security policies and procedures and how they relate to mental health practices.
  3. What tools are available to help author security policies and procedures?
    • Survey of tools that provide templates and guidance for HIPAA security policies and procedures, with a focus on mental health-oriented tools.
  4. What do I do with my policies and procedures?
    • HIPAA and security training.
    • Requirements for maintaining compliance documents.

This course is included with our membership at no additional cost! View membership options and save money here.
You are not currently logged in to this site. Need to log in? Click here→

Course Developer/Primary Presenter

Roy Huggins, LPC NCCRoy Huggins, LPC NCC, is a counselor in private practice who also directs Person-Centered Tech. Roy worked as a professional Web developer for 7 years before changing paths, and makes it his mission to grow clinicians’ understanding of the Internet and other electronic communications mediums for the future of our practices and our professions.

Roy is an adjunct instructor at the Portland State University Counseling program where he teaches Ethics, and is a member of the Zur Institute advisory board. He has acted as a subject matter expert on HIPAA, security and clinical use of technology for Counseling licensure boards and both state and national mental health professional organizations. He has co-authored or authored 2 book chapters, and he routinely consults with mental health colleagues on ethical and practical issues surrounding tech in clinical practice. He served for 5 years on the board of the Oregon Mental Health Counselors Association and then the Oregon Counseling Association as the Technology Committee Chair.

He really likes this stuff.

Course Co-Presenters

Liath Dalton is a Ph.D candidate in Religious Studies. She began her academic career at Reed College and continued her graduate work at the University of Cape Town.

Liath is the Deputy Director for Person Centered Tech and runs our HIPAApropriateness review program. Through her combination of experience evaluating products for their utility and security in regards to how they can meet risk management needs and providing guidance to members around what product options will best meet their specific practice needs, Liath has an intimate knowledge of both what the practice tech needs are for mental health professionals and what it takes for a product to meet those needs.

Nicole Kramer, MBANicole Kramer, MBA received her MBA in healthcare administration from Western Governors University in 2017.  Before healthcare, she worked as a licensed insurance producer where she helped individuals and businesses assess risk and mitigate liability. Her working experience includes medical clinic office management which included overseeing and implementing technology operations and HIPAA compliance.

Nicole is the Business Development Manager at Person Centered Tech.

Program Notices

Accuracy, Utility, and Risks Statement: The contents of this program are based on publications and reports from the federal Department of Health and Human Services and the National Institutes for Standards and Technology; consultation with experts on HIPAA Security standards and their implementation; and personal study from the program developers. Some interpretation and analysis presented is made by the presenter, in consultation with knowledgeable colleagues and expert consultants. Statements about applications to technology are according to presenter’s understanding of the technology at the time of the program. The presenter may not know how to apply all principles discussed to every technology type or product. This program discusses strategies for complying with HIPAA and covered ethics codes. It may not include information on all applicable state laws. Misapplication of the materials, or errors in the materials, could result in security problems, data breaches, or non-compliance with applicable laws or ethics codes.

Conflicts of Interest: Person Centered Tech sells services and tools for HIPAA compliance, including security policies and procedures templates.

Commercial Support: This program has no commercial support.

All events for this program will be subject to our cancellation/refund policy and complaint policy.

Photo by Aaron Burden on Unsplash

ACEP LogoPerson Centered Tech, LLC is approved by the American Psychological Association to sponsor continuing education for psychologists. Person Centered Tech, LLC maintains responsibility for this program and its content.

ACEP LogoPerson-Centered Tech, LLC has been approved by NBCC as an Approved Continuing Education Provider, ACEP No. 6582. Programs that do not qualify for NBCC credit are clearly identified. Person-Centered Tech, LLC is solely responsible for all aspects of the programs.

State Approvals

Pre-approved by the Texas Social Work Board (#6357) and Texas Counseling Board (#1883)

Ohio CSWMFT Pre-Approved Provider #: RCST071601

Person-Centered Tech, LLC is recognized by the New York State Education Department's State Board for Social Work as an approved provider of continuing education for licensed social workers #SW-0540.

This course is included with our membership at no additional cost! View membership options and save money here.
You are not currently logged in to this site. Need to log in? Click here→