Free Downloads for Our Members

Using The Resources

All the member resources are listed below. Please be aware that none of these documents represent a replacement for legal consultation and are not given as consultation of any kind. It is your responsibility to use them appropriately and to know when they are not appropriate for your practice or for any of your clients.

All of them require some study to use properly. I have tried to provide some guidance for the use of each document. Once again, however, that is not a replacement for legal advice or consultation.

Register for Your Free NBCC-Approved CE Courses

Discount Code for Our Webinars and Other Covered Training Events

Our members are given a 15% discount on our webinar series. At registration, simply use the following discount code to receive your discount. We may allow this code to be applied to other events from time to time, but we only guarantee it can be applied to our Digital Confidentiality webinars.

Upcoming Webinars: Click here for the brochure and schedule

Free Resources For You!

Consent for Non-Secure Communication Forms (Email, Texting, etc.)

There are three versions of this form, each useful for the different ways you may want to use it. Before using these forms, be sure to read this article: Clients Have the Right to Receive Unencrypted Emails Under HIPAA

There are nuances to using these, and those nuances are more deeply covered in one of our online CE courses at the Zur Institute: Digital Ethics, Security & Privacy in Psychotherapy Practice Management (4 CE hrs, $39). It’s not required that you take that course, but some find it helpful.

Long Form
This form is best used when you wish to be very particular with a client about what they are consenting to and what they aren’t consenting to. It is also intended to qualify as “Authorization,” as defined by HIPAA. Read about authorization here.
Get the Long Form! ->

Short Form
This form serves similar purposes to the Long Form, including in that it is intended to be an authorization. However, it goes into less detail and is intended for when you wish to make the consent process interactive and individualized, but you wish to avoid bogging down the process in details.
Get the Short Form! ->

Simple Consent Form
This is intended to be text that you can include in intake forms such as your informed consent document. It is not intended to gather authorization as defined by HIPAA. Please make sure you understand the process of informing clients of risk and gathering their consent to accept the risks before using this version of the form.
Get the Simple Form! ->

Sample Electronic Records Disclosure

Both emerging standards in the health care industry and the 2014 ACA Code of Ethics call for clinicians to disclose to clients when they keep records electronically and what security measures they use to protect electronic records. This sample form is meant to help you build a disclosure for your practice if you keep any records electronically.
Get the Sample Electronic Records Disclosure! ->

Sample Communications Policy

I always recommend clinicians have a Communications Policy that lays how and when to contact the clinician, as well as providing other information necessary to keep communications smooth and supportive of therapy work. Here is an annotated sample version of a Communications Policy:
Get the Sample Communications Policy! ->

Email and Texting Risk Questionnaire

This document is meant to assist therapists in discussing the risks of email and texting so that the client make an informed decision about accepting, not accepting, or reducing the risks of these popular communications media.
Get the Email and Texting Risk Questionnaire! ->

Electronic Payment Communications Disclosure

This document was designed to help provide language and wording for informing clients about the automatic receipts that often get sent when clients use services like Square and PayPal to pay their bills. For more info, see “Is Square HIPAA Compliant? How About PCI Compliant?
Get the Electronic Payment Communications Disclosure! ->

HIPAA Security Policies Worksheet

Compliance with the HIPAA Security Rule requires HIPAA covered entities to have a “manual” of security policies, including such items as policies for accessing computers to sanctioning employees (if you have any.) This worksheet is meant to enumerate and explain each required policy, with some guidance on what to include in each policy and a space in which to write the policy, thus creating your documentation in one place.

Note: This worksheet states that your Risk Analysis and Risk Management Plan should be documented elsewhere. That is because those processes are too complex to include in this worksheet.
Get the HIPAA Security Policies Worksheet! ->


Scheduled Maintenance

We will be temporarily taking the website offline at 10:00 PM Pacific (1:00 AM Eastern) tonight, July 6, in order to make some improvements. We plan to be back online by midnight Pacific (3:00 AM Eastern). We apologize for any inconvenience this may cause. Dismiss