Performing HIPAA-Compliant Risk Analysis: A Guided How-To for Mental Health Professionals

Course Materials

Performing HIPAA-Compliant Risk Analysis: A Guided How-To for Mental Health Professionals

Developed by Roy Huggins, LPC NCC
Presented by Roy Huggins, LPC NCC; Liath Dalton; and Nicole Kramer, MBA

Iguana leaping from one stone to another

HIPAA standards dictate that mental health professionals perform a risk analysis as part of achieving and maintaining compliance, but have you ever wondered how to actually do it?

This introductory-level seminar replay course for counselors, clinical social workers, marriage and family therapists, and clinical and counseling psychologists will help learners both understand the role of risk analysis in professional, HIPAA-compliant practice and to actually perform a risk analysis using the free tool from HIPAACOW or the Person Centered Tech proprietary tool.

Finally, the course will cover what to do with the results of the analysis and give some examples of HIPAA-compliant security policies and procedures.

This is a recording of a live seminar.

1 CE Hour. On-Demand Seminar Replay.

Educational Objectives

  • Define the HIPAA Security Management Process standard and its implementation specifications
  • Choose practice-appropriate tools for performing a HIPAA-compliant risk analysis
  • Create an inventory of vulnerabilities to confidential information in the learner’s practice in order to meet HIPAA standards for security.

Syllabus

  1. What is risk analysis and how does it impact me?
    • HIPAA’s Security Management Process standard and its implementation specifications.
    • The relationship between HIPAA-compliant risk analysis and reduced liability risk.
    • The relationship between HIPAA-compliant risk analysis and ethical, professional practice as well as improved security for clients.
  2. How and when do I perform a risk analysis?
    • Risk analysis guidance from the Center for Medicare and Medicaid Studies (CMS) and the National Institute for Standards and Technology (NIST.)
    • High-level best practices around risk analysis and how they relate to mental health practices.
  3. What are the specific processes of the risk analysis model being presented?
    • Risk-based models of risk analysis and controls-based models.
    • Survey of implementation of a risk-based model using the free HIPAACOW tools and/or the Person Centered Tech proprietary tools with guidance on using them in the mental health practice context.
  4. What do I do with the results of a risk analysis?
    • Interpreting the results.
    • Writing security policies and procedures.

Course Developer/Primary Presenter

Roy Huggins, LPC NCCRoy Huggins, LPC NCC, is a counselor in private practice who also directs Person-Centered Tech. Roy worked as a professional Web developer for 7 years before changing paths, and makes it his mission to grow clinicians’ understanding of the Internet and other electronic communications mediums for the future of our practices and our professions.

Roy is an adjunct instructor at the Portland State University Counseling program where he teaches Ethics, and is a member of the Zur Institute advisory board. He has acted as a subject matter expert on HIPAA, security and clinical use of technology for Counseling licensure boards and both state and national mental health professional organizations. He has co-authored or authored 2 book chapters, and he routinely consults with mental health colleagues on ethical and practical issues surrounding tech in clinical practice. He served for 5 years on the board of the Oregon Mental Health Counselors Association and then the Oregon Counseling Association as the Technology Committee Chair.

He really likes this stuff.

Course Co-Presenters

Liath DaltonLiath Dalton is a Ph.D candidate in Religious Studies. She began her academic career at Reed College and continued her graduate work at the University of Cape Town.

Liath is the Deputy Director for Person Centered Tech and runs our HIPAApropriateness review program. Through her combination of experience evaluating products for their utility and security in regards to how they can meet risk management needs and providing guidance to members around what product options will best meet their specific practice needs, Liath has an intimate knowledge of both what the practice tech needs are for mental health professionals and what it takes for a product to meet those needs.

Nicole Kramer, MBANicole Kramer, MBA received her MBA in healthcare administration from Western Governors University in 2017.  Before healthcare, she worked as a licensed insurance producer where she helped individuals and businesses assess risk and mitigate liability. Her working experience includes medical clinic office management which included overseeing and implementing technology operations and HIPAA compliance.

Nicole is the Business Development Manager at Person Centered Tech.

Program Notices

Accuracy, Utility, and Risks Statement: The contents of this program are based on publications and reports from the federal Department of Health and Human Services and the National Institutes for Standards and Technology; consultation with experts on HIPAA Security standards and their implementation; and personal study from the program developers. Some interpretation and analysis presented is made by the presenter, in consultation with knowledgeable colleagues and expert consultants. Statements about applications to technology are according to presenter’s understanding of the technology at the time of the program. The presenter may not know how to apply all principles discussed to every technology type or product. This program discusses strategies for complying with HIPAA and covered ethics codes. It may not include information on all applicable state laws. Misapplication of the materials, or errors in the materials, could result in security problems, data breaches, or non-compliance with applicable laws or ethics codes.

Conflicts of Interest: Person Centered Tech sells services and tools for risk analysis, which compete with the free tools from private organizations which are described in this program.

Commercial Support: This program has no commercial support.

All events for this program will be subject to our cancellation/refund policy and complaint policy.

ACEP LogoPerson Centered Tech, LLC is approved by the American Psychological Association to sponsor continuing education for psychologists. Person Centered Tech, LLC maintains responsibility for this program and its content.

ACEP LogoPerson-Centered Tech, LLC has been approved by NBCC as an Approved Continuing Education Provider, ACEP No. 6582. Programs that do not qualify for NBCC credit are clearly identified. Person-Centered Tech, LLC is solely responsible for all aspects of the programs.

State Approvals

Pre-approved by the Texas Social Work Board (#6357) and Texas Counseling Board (#1883)

Ohio CSWMFT Pre-Approved Provider #: RCST071601

Person-Centered Tech, LLC is recognized by the New York State Education Department's State Board for Social Work as an approved provider of continuing education for licensed social workers #SW-0540.