Syllabus

This course is a guided reading, which means it is made up of a series of related articles. Below are the articles included in this course:

• Banks and HIPAA: Checks & Credit Cards vs. Receipts & Invoices: HIPAA has a special relationship to banks and financial institutions, and thus we treat them differently when working on our HIPAA compliance. This article explores that relationship and pitfalls to avoid.
• Ethics of Disclosure to Clients Who Pay With Plastic or Online Transfers: Modern credit card and online payment services make the process of payment very smooth, but they include a number of communicative elements that can put our clients’ confidentiality at risk. This article explores those risks and how to manage them, and supplies a handout item to help you do it in your practice.
• Passing Credit Card Fees On To Clients: Is It Ethical, Legal or Good Business Practice?: Many therapists shy away from the finance fees involved in taking cards, and wish to pass those fees on to clients. This practice may not be legal, and doing so legally is often onerous. This article discusses the legal ins and outs as well as the ethical ones involved in this practice.
• What is PCI DSS and Why Do I Care?: PCI DSS is what we like to call “payment card HIPAA.” It’s an industry regulation standard that defines how we need to keep payment cards secure and clients’ sensitive payment information safe. This article described what it is and what you’re required to do for it.
• Holding Client Credit Card Info On File: Why and How To Do It, How Not To Do It: Many private practitioners choose to hold on to client payment card information so they can charge it later. This practice is fraught with issues both in HIPAA and in PCI DSS, but there are ways to make it work. This article explores the issues and presents solutions.