HIPAA Investigation Repellent: Easy Ways to Prevent Most Security Breaches

1 CE Credit Hour. Continuing Education Session Replay

Presented By: Roy Huggins, LPC NCC

Course Description

Female superhero making a stop sign with her hand

After the Office of Civil Rights’ (The HIPAA People) announcement that they will start investigating small security breaches, we decided that a course on preventing those breaches was in order. This 1-hr introductory level course will not only tell counselors, marriage and family therapists, clinical social workers, and counseling and clinical psychologists the simplest and easiest things they can do to prevent breaches, it will also provide resources to help actually do them!

The course is a recording of our special webinar presentation. It includes a 1-hour video, with Q&A from the live attendees. It is in a lecture format with a handout.

In addition to the 1 CE hour and solid advice on plugging major security holes in your practice tech, this course also comes with access to six of our exclusive, premium access walkthrough videos that show you how to implement the advice from this course on your Windows or Mac computer, and on your iPhone, iPad, or Android phone or tablet. All those devices are covered, and the videos are slow-paced, step-by-step walkthroughs that show you how to:

  • Encrypt your computer, phone, or tablet
  • Encrypt external stuff like USB thumb drives and external hard drives
  • Set stronger passwords on your phones and tablets
  • Activate the antivirus on your device
  • Activate the firewall on your device
  • Know when a WiFi network is safe and when it isn’t

Educational Objectives

  • Identify the most common causes of health care security and confidentiality breaches
  • Implement simple security measures to prevent the most common causes of health care security breaches
  • Describe the channels by which a HIPAA covered entity may come under investigation by the Office of Civil Rights


  1. How do HIPAA investigations get started?
  2. How to prevent security breaches involving you gear that holds on to information.
    1. Preventing breaches with easy-to-implement encryption.
    2. Which computers, smartphones and tablets work best with encryption.
  3. How to prevent security breaches in your cloud services.
    1. Using 2-factor authentication.
    2. Easy strategies for making very strong passwords that you can remember.
  4. How Business Associate Agreements prevent HIPAA investigations.


  • US Dept. of Health and Human Services. (2006). HIPAA Administrative Simplification . Washington, DC: Author.
  • US Dept. of Health and Human Services. (2013). HIPAA Omnibus Final Rule . Washington, DC: Author.
  • US Dept. of Health and Human Services. (n.d.). Breach Notification Rule. Retrieved September 25, 2016, from HHS.gov: http://www.hhs.gov/hipaa/for- professionals/breach-notification/
  • US Dept. of Health and Human Services. (n.d.). Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals. Retrieved September 25, 2016, from HHS.gov: http://www.hhs.gov/hipaa/for-professionals/breach-notification/guidance/index.html
  • US Dept. of Health and Human Services. (2016, August 18). OCR Announces Initiative to More Widely Investigate Breaches Affecting Fewer than 500 Individuals [E-mail].
  • Verizon. (2016). 2016 Data Breach Investigation Report [PDF].
1 CE Credit Hour.

Presented/Developed By

Roy Huggins, LPC NCCRoy Huggins, LPC NCC, is a counselor in private practice who also directs Person-Centered Tech. Roy worked as a professional Web developer for 7 years before changing paths, and makes it his mission to grow clinicians’ understanding of the Internet and other electronic communications mediums for the future of our practices and our professions.

Roy is an adjunct instructor at the Portland State University Counseling program where he teaches Ethics, and is a member of the Zur Institute advisory board. He has acted as a subject matter expert on HIPAA, security and clinical use of technology for Counseling licensure boards and both state and national mental health professional organizations. He has co-authored or authored 2 book chapters, and he routinely consults with mental health colleagues on ethical and practical issues surrounding tech in clinical practice. He served for 5 years on the board of the Oregon Mental Health Counselors Association and then the Oregon Counseling Association as the Technology Committee Chair.

He really likes this stuff.

Program Notices

Accuracy, Utility, and Risks Statement: The contents of this program are based primarily on publications and reports from the federal Department of Health and Human Services and reports from Verizon. Contents are also guided by statements from leadership in those organizations. Some interpretation and analysis presented is made by the presenter, in consultation with knowledgeable colleagues and expert consultants. Statements about applications to technology are according to presenter’s understanding of the technology at the time of the program. The presenter may not know how to apply all principles discussed to every technology type or product. This program discusses strategies for complying with HIPAA and covered ethics codes, and for improving security. It may not include information on all applicable state laws. Misapplication of the materials, or errors in the materials, could result in security problems, data breaches, or non-compliance with applicable laws or ethics codes.

Conflicts of Interest: None.

Commercial Support: None.

This course is subject to our cancellation/refund policy and complaint policy.

1 CE Credit Hour.
Female superhero making a stop sign with her hand

1 CE Credit Hour. Continuing Education Session Replay


You are not currently logged in to this site. Need to log in? Click here→


Scheduled Maintenance

We will be temporarily taking the website offline at 10:00 PM Pacific (1:00 AM Eastern) tonight, July 6, in order to make some improvements. We plan to be back online by midnight Pacific (3:00 AM Eastern). We apologize for any inconvenience this may cause. Dismiss