How to Make Ethical & HIPAA Compliant Decisions for Internet Phone & Secure Email in Your Practice

Course Materials

How to Make Ethical & HIPAA Compliant Decisions for Internet Phone & Secure Email in Your Practice

1 CE Hour. Legal-Ethical CE. Office Hours Session Replay.

Developed and presented by Roy Huggins, LPC NCC and Liath Dalton

Roy lecturing to the camera

The October, 2017 session of “CE for OH,” our continuing education program for Office Hours.

In this CE for OH session, we answer commonly-asked questions about phone service under HIPAA and the differences between secure email and email that simply carries a HIPAA Business Associate Agreement.

This presentation is developed and presented at a beginner level for counselors, marriage and family therapists, clinical social workers, and counseling and clinical psychologists. We will help learners understand which phone service options work under HIPAA and which do not. We will also help them make good decisions about when to send email and when not to, depending on the kind of email service they employ in their practices.

This program is accessible only to our full members. If you would like to access it and a huge array of other benefits, check out our membership service here.

1 CE Hour. Office Hours Replay.

Educational Objectives

  • Describe what kinds of phone services trigger HIPAA Business Associate relationships with the clinician.
  • Describe the administrative and technical measures clinicians must take to use secure email services ethically and in compliance with HIPAA.
  • Choose email and phone service products that support HIPAA compliance and ethical decision making.


  1. What HIPAA Security standards and ethical standards impact email and phone service?
  2. What kinds of phone service are available these days? Which ones are therapists likely to be attracted to and why?
  3. When do phone services require a BAA?
    1. Is your phone service a “conduit?” If yes, is that a good thing?
  4. What’s the difference between secure email and email that is simply “HIPAA-friendly?”
    1. Secure email
    2. Standard email that is used under a HIPAA Business Associate Agreement.

Course Developer-Presenters

Roy Huggins, LPC NCCRoy Huggins, LPC NCC, is a counselor in private practice who also directs Person-Centered Tech. Roy worked as a professional Web developer for 7 years before changing paths, and makes it his mission to grow clinicians’ understanding of the Internet and other electronic communications mediums for the future of our practices and our professions.

Roy is an adjunct instructor at the Portland State University Counseling program where he teaches Ethics, and is a member of the Zur Institute advisory board. He has acted as a subject matter expert on HIPAA, security and clinical use of technology for Counseling licensure boards and both state and national mental health professional organizations. He has co-authored or authored 2 book chapters, and he routinely consults with mental health colleagues on ethical and practical issues surrounding tech in clinical practice. He served for 5 years on the board of the Oregon Mental Health Counselors Association and then the Oregon Counseling Association as the Technology Committee Chair.

He really likes this stuff.

Liathana DaltonLiath Dalton is a Ph.D candidate in Religious Studies. She began her academic career at Reed College and continued her graduate work at the University of Cape Town.

Liath is the customer success manager for Person Centered Tech and runs our HIPAApropriateness review program. Through her combination of experience evaluating products for their utility and security in regards to how they can meet risk management needs and providing guidance to members around what product options will best meet their specific practice needs, Liath has an intimate knowledge of both what the practice tech needs are for mental health professionals and what it takes for a product to meet those needs.

Program Notices

Accuracy, Utility, and Risks Statement: The contents of this program are based primarily on publications and reports from the federal Department of Health and Human Services and consultation with experts on HIPAA Security standards and their implementation. Some interpretation and analysis presented is made by the presenter, in consultation with knowledgeable colleagues and expert consultants. Statements about applications to technology are according to presenter’s understanding of the technology at the time of the program. The presenter may not know how to apply all principles discussed to every technology type or product. This program discusses strategies for complying with HIPAA and covered ethics codes, and for improving security. It may not include information on all applicable state laws. Misapplication of the materials, or errors in the materials, could result in security problems, data breaches, or non-compliance with applicable laws or ethics codes.

Conflicts of Interest: Program presenters have no known conflicts of interest.

Commercial Support: This program has no commercial support.

All events for this program will be subject to our cancellation/refund policy and complaint policy.

ACEP LogoPerson Centered Tech Incorporated is approved by the American Psychological Association to sponsor continuing education for psychologists. Person Centered Tech Incorporated maintains responsibility for this program and its content.

ACEP LogoPerson Centered Tech Incorporated has been approved by NBCC as an Approved Continuing Education Provider, ACEP No. 6582. Programs that do not qualify for NBCC credit are clearly identified. Person Centered Tech Incorporated is solely responsible for all aspects of the programs.

State Approvals

Pre-approved by the Texas Social Work Board (#6357) and Texas Counseling Board (#1883)

Ohio CSWMFT Pre-Approved Provider #: RCST071601

Person Centered Tech Incorporated is recognized by the New York State Education Department's State Board for Social Work as an approved provider of continuing education for licensed social workers #SW-0540.