How to Make Ethical & HIPAA Compliant Decisions for Internet Phone & Secure Email in Your Practice
1 CE Credit Hour. Legal-Ethical. Continuing Education Session Replay
Developed by: Roy Huggins, LPC NCC
Presented By: Roy Huggins, LPC NCC; Liath Dalton
The October, 2017 session of “CE for OH,” our continuing education program for Office Hours.
In this CE for OH session, we answer commonly-asked questions about phone service under HIPAA and the differences between secure email and email that simply carries a HIPAA Business Associate Agreement.
This presentation is developed and presented at a beginner level for counselors, marriage and family therapists, clinical social workers, and counseling and clinical psychologists. We will help learners understand which phone service options work under HIPAA and which do not. We will also help them make good decisions about when to send email and when not to, depending on the kind of email service they employ in their practices.
- Describe what kinds of phone services trigger HIPAA Business Associate relationships with the clinician.
- Describe the administrative and technical measures clinicians must take to use secure email services ethically and in compliance with HIPAA.
- Choose email and phone service products that support HIPAA compliance and ethical decision making.
- What HIPAA Security standards and ethical standards impact email and phone service?
- What kinds of phone service are available these days? Which ones are therapists likely to be attracted to and why?
- When do phone services require a BAA?
- Is your phone service a “conduit?” If yes, is that a good thing?
- What’s the difference between secure email and email that is simply “HIPAA-friendly?”
- Secure email
- Standard email that is used under a HIPAA Business Associate Agreement.
- American Association of Marriage and Family Therapists. (2015). Code of Ethics . Alexandria, VA: Author.
- American Counseling Association. (2014). ACA Code of Ethics. Alexandria, VA: Author.
- American Psychological Association. (2010). American Psychological Association Ethical Principles of Psychologists and Code of Conduct . Washington, DC: Author.
- National Association of Social Workers. (2017). Code of Ethics . Washington, DC: Author.
- National Board for Certified Counselors. (2012). Code of Ethics . Greensboro, NC: Author.
- US Dept. of Health and Human Services. (2006). HIPAA Administrative Simplification . Washington, DC: Author.
Roy Huggins, LPC NCC, is a counselor in private practice who also directs Person-Centered Tech. Roy worked as a professional Web developer for 7 years before changing paths, and makes it his mission to grow clinicians’ understanding of the Internet and other electronic communications mediums for the future of our practices and our professions.
Roy is an adjunct instructor at the Portland State University Counseling program where he teaches Ethics, and is a member of the Zur Institute advisory board. He has acted as a subject matter expert on HIPAA, security and clinical use of technology for Counseling licensure boards and both state and national mental health professional organizations. He has co-authored or authored 2 book chapters, and he routinely consults with mental health colleagues on ethical and practical issues surrounding tech in clinical practice. He served for 5 years on the board of the Oregon Mental Health Counselors Association and then the Oregon Counseling Association as the Technology Committee Chair.
He really likes this stuff.
Liath is the customer success manager for Person Centered Tech and runs our HIPAApropriateness review program. Through her combination of experience evaluating products for their utility and security in regards to how they can meet risk management needs and providing guidance to members around what product options will best meet their specific practice needs, Liath has an intimate knowledge of both what the practice tech needs are for mental health professionals and what it takes for a product to meet those needs.
Accuracy, Utility, and Risks Statement: The contents of this program are based primarily on publications and reports from the federal Department of Health and Human Services and consultation with experts on HIPAA Security standards and their implementation. Some interpretation and analysis presented is made by the presenter, in consultation with knowledgeable colleagues and expert consultants. Statements about applications to technology are according to presenter’s understanding of the technology at the time of the program. The presenter may not know how to apply all principles discussed to every technology type or product. This program discusses strategies for complying with HIPAA and covered ethics codes, and for improving security. It may not include information on all applicable state laws. Misapplication of the materials, or errors in the materials, could result in security problems, data breaches, or non-compliance with applicable laws or ethics codes.
Conflicts of Interest: None.
Commercial Support: None.