Fulfilling Security Officer Duties in Mental/Behavioral Health Group Practice

2 Hours. Security Officer Training For Group Practice Settings. 

Presented By: Roy Huggins, LPC NCC

This course is also included in our Group Service Plans→

Course Description

The Security Officer is an important leadership role within mental/behavioral group practice settings. Think of the Security Officer as a leader along the journey of HIPAA security and compliance. Throughout the compliance process you might feel as though you are walking through unknown, rocky territory with no end in site. However, with your trusty Policies & Procedures acting as your map, your knowledge of the terrain will improve and your ability to best use the tools in your PCT trail pack will expand.

This course offers instruction for leadership within a mental/behavioral health group practice to understand and implement their important role as the Security Officer.

This is not a continuing education course

Educational Objectives

  • Orient to the duties and regulatory environment of the HIPAA Security Officer role
  • Describe, at a high level, the set of tasks necessary for establishing and running a HIPAA-compliant security risk management program
  • Explain to practice staff members the value and necessity of a HIPAA-compliant security risk management program


  1. Brief overview of PCT’s Security Officer Training Program
  2. The Security Officer’s World
    • The Security Officer’s role in the practice’s operations.
    • The Security Officer’s role in the practice’s interface with government agencies, clients, and other outside entities.
    • Federal and state authorities in the world of HIPAA compliance.
    • A year in the life of a Security Officer
      • Risk analysis, policies and procedures, training, and ongoing security activities.
      • Managing security incidents, and responding when practice staff violate security policies.
  3. Your Security Risk Management Program
    • Value and goals of a security risk management program
      • Protecting clients and preventing client complaints
      • Protecting the practice and its staff
      • Preventing security breaches
      • Resourcing staff members to perform their roles effectively and securely
    • The PCT strategic model for security risk management: “Keep It In The Circle”
      • A definition of “the circle” of security for client information
      • Specific rules for how to establish and maintain a secure circle
        • HIPAA Business Associates
        • Staff using personal services and personal devices
        • Providing staff with sufficient resources and guidance to perform their work roles
      • Strategies and best practices for maintaining the secure circle
        • Culture-setting
        • Assessing staff needs
        • Maintaining security of services and physical assets
        • Ongoing risk assessment
        • Maintaining security catalogs and security activity logs
      • Working with staff to help them do their part in maintaining the circle
    • Formal elements of a HIPAA-compliant security risk management program
      • The cycle of activities in a HIPAA-compliant security risk management program
        • Risk analysis
        • Risk mitigation planning
        • HIPAA-compliant security policies and procedures
        • HIPAA-compliant security training schedules
        • Ongoing activities for security and for compliance with HIPAA’s Security Rule
      • Practice operations activities that are explicitly required by HIPAA’s Security Rule
      • Where in the cycle should your practice start?

Watch Roy’s course introduction!


  • US Dept. of Health and Human Services. (2006). HIPAA Administrative Simplification . Washington, DC: Author.
  • US Dept. of Health and Human Services. (2013). HIPAA Omnibus Final Rule . Washington, DC: Author.
2 Hours.

Please purchase 1 copy for each person who will be taking the course. Click here to purchase additional copies.

Presented/Developed By

Roy Huggins, LPC NCCRoy Huggins, LPC NCC, is a counselor in private practice who also directs Person-Centered Tech. Roy worked as a professional Web developer for 7 years before changing paths, and makes it his mission to grow clinicians’ understanding of the Internet and other electronic communications mediums for the future of our practices and our professions.

Roy is an adjunct instructor at the Portland State University Counseling program where he teaches Ethics, and is a member of the Zur Institute advisory board. He has acted as a subject matter expert on HIPAA, security and clinical use of technology for Counseling licensure boards and both state and national mental health professional organizations. He has co-authored or authored 2 book chapters, and he routinely consults with mental health colleagues on ethical and practical issues surrounding tech in clinical practice. He served for 5 years on the board of the Oregon Mental Health Counselors Association and then the Oregon Counseling Association as the Technology Committee Chair.

He really likes this stuff.

Course Materials Co-Developer

Liz Knutsen, MSW CSWA, received her MSW in advocacy, leadership and social change from the University of Illinois Urbana-Champaign in 2012. Liz has worked in various macro-level social work positions including geriatric healthcare and holistic horticulture healthcare. She is also a trauma informed sex therapist in a private practice in Portland working towards her LCSW licensure.

Liz is the Engagement Manager at Person Centered Tech.


Program Notices

Accuracy, Utility, and Risks Statement: The contents of this program are based primarily on publications from the federal Department of Health and Human Services, and on the ethics codes of these professional organizations: AAMFT, ACA, APA, NASW, NBCC. Contents are also guided by statements from leadership in those organizations. Some interpretation and analysis presented is made by the presenter, in consultation with knowledgeable colleagues and expert consultants. Statements about applications to technology are according to presenter’s understanding of the technology at the time of the program. The presenter may not know how to apply all principles discussed to every technology type or product. This program discusses strategies for complying with HIPAA and covered ethics codes, and for improving security. It may not include information on all applicable state laws. Misapplication of the materials, or errors in the materials, could result in security problems, data breaches, or non-compliance with applicable laws or ethics codes.

Conflicts of Interest: None

Commercial Support: None

This course is subject to our cancellation/refund policy and complaint policy.

2 Hours.

Please purchase 1 copy for each person who will be taking the course. Click here to purchase additional copies.

2 Hours. Security Officer Training For Group Practice Settings. 

This is not a continuing education course


Please purchase 1 copy for each person who will be taking the course. Click here to purchase additional copies.

You are not currently logged in to this site. Need to log in? Click here→


Scheduled Maintenance

We will be temporarily taking the website offline at 10:00 PM Pacific (1:00 AM Eastern) tonight, July 6, in order to make some improvements. We plan to be back online by midnight Pacific (3:00 AM Eastern). We apologize for any inconvenience this may cause. Dismiss