Step 5: HIPAA Manual for Group Practices 

Create efficient, streamlined policies and procedures that help you meet federal requirements (HIPAA compliance rule) and optimize your practice. Empower your team, support your clients and optimize your operations with the trusted source in mental health HIPAA compliance education. 

PCT Way Group Practice HIPAA Compliance Manual & Materials

CE Credit Hours

Create Your Policies & Procedures and Security Documentation without fear

No more P&P headaches! Let’s be honest, writing a full set of compliance documents takes hundreds of human hours — and you have much better things to do. We provide customizable templates that make sure your Policies and Procedures are quick to adapt and comprehensive to cover all needed facets.

Customizable Policies & Procedures

Security Forms & Logs

Guidance and Implementation Docs

What You Get In Step 5:

Compliance Security Catalogs and Forms

HIPAA security compliance needs are all included in Step 5 of the PCT way– including the not-so-sexy logs and forms.

Security Forms and Logs
  • Workforce Security Policies Agreement
  • Security Incident Report
  • PHI Access Determination
  • Password Policy Compliance
  • BYOD Registration & Termination
  • Data Backup & Confirmation
  • Access Log Review
  • Key & Access Code Issue and Loss
  • Third-Party Service Vendors
  • Building Security Plan
  • Security Schedule
  • Equipment Security Check
  • Computing System Access Granting & Revocation
  • Training Completion
  • Mini Risk Analysis
  • Security Incident Response
  • Security Reminder
  • Practice Equipment Catalog
Comprehensive Security Policies and Procedures

Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application.

  • Computing Devices and Electronic Media Technical Security Policy
  • Bring Your Own Device (BYOD) Policy
  • Communications Security Policy
  • Information Systems Secure Use Policy
  • Risk Management Policy
  • Contingency Planning Policy
  • Device and Document Transport and Storage Policy
  • Device and Document Disposal Policy
  • Security Training and Awareness Policy
  • Passwords and Other Digital Authentication Policy
  • Software and Hardware Selection Policy
  • Security Incident Response and Breach Notification Policy
  • Security Onboarding and Exit Policy
  • Sanction Policy Policy
  • Release of Information Security Policy
  • Remote Access Policy
  • Data Backup Policy
  • Facility/Office Access and Physical Security Policy
  • Facility Network Security Policy
  • Computing Device Acceptable Use Policy
  • Business Associate Policy
  • Access Log Review Policy



Support with Delegation and Ethical Compliance

Fully Integrated Group Tools

Every piece of the PCT Way works together, leaving you with a completely comprehensive system of security and compliance.

Unlike other HIPAA programs, you’ll have everything you need to facilitate a strong security platform that keeps you and your clients HIPAA safe.

Leadership Manuals 

We have expertly crafted everything you need to create the action guide to implementing the Security Policies and Procedures. 

Comprehensive Workforce Manuals

This role based distillation of the Security Policies and Procedures make sure your clinical and admin staff are fully equipped to comply with HIPAA in your practice.

Everything you need to facilitate a strong security platform that keeps you and your clients HIPAA safe

Empower Your Security Officer with Role-based Training

  • Your leadership can enjoy our full program of study to prepare for their Security Officer role in a mental/behavioral health private practice.  It includes 10 Legal-Ethical CE Hours + 2 Non-CE Hours. It is a Self-Study, On-Demand Course Series on Practice Risk Management.

security officer hipaa training

Client Centered Security Lens
so that Your Efforts are Concentrated
Where it Matters Most.

The easy-to-use project management system keeps everything organized, so you can track your progress and work smarter.

Easy to follow, clear instructions within a chronological series of tasks in a tailored project plan.

The process has been honed to codify and operationalize the HIPAA security compliance program so that your practice achieves technical/documented compliance + in-practice compliance.

Go ahead! Click around.

See how easy it is to know where you are, and what you need to do next. All of the hardest parts of your HIPAA manual are done for you.


Here’s an example pulled from a real task from the project plan

Each task in the project plan is guided by helpful videos, worksheets, templates, and goal-based checklists, so you always know what to do next. 

Task: Set Online Services Security Procedures

Security Officer Goals:

  1. Set feasible and secure policies for passwords and other authentication methods.
  2. Determine if any online services maintain any critical data which should be backed up elsewhere.
  3. Create a process for performing and checking critical data backups.
  4. Assess online services for the ability of the service to enforce security policies.
  5. Implement these settings.
  6. Put these settings into written policy.


    Leadership Manual

    1. Fill in Chapter 7: “Establishing and Maintaining Security of Online Services”

    **Do you have clinical Independent Contractors? Make sure you complete the subsections “Siloing of Clinical Customer Data” If you do not have clinical Independent Contractors, you can delete this section.  

    Workforce Manual

    1. Fill in Chapter 5: “Online Services”

    2. Fill in Chapter 9: “Rules for Strong Passwords and Other Forms of Authentication” 

     Provided Supportive Worksheets:

    1. Online Service Security Settings Policy Worksheet
    2. Password Policy Worksheet 

    Policy & Procedure Adaptation
    1. Information Systems Secure Use Policy
    2. Passwords and Other Digital Authentication Policy

    **It is recommended to provide the Passwords and Other Digital Authentication Policy to your workforce members once it is completed. Please create a copy of this policy and add to your practice cloud service and/or a hard copy of the policy.

    What do I put in the effective date field of my policies? [Supportive Video]

    Workforce Management Catalog
    1. Workforce Onboarding + Management Log

    Security Program Catalog
    1. Complete Third-Party Service Vendors column “Critical Data Backups.”

    > Not sure what “Critical Data Backups” are? See Leadership Manual, Chapter 7, “Backing Up Critical Information” for an explanation.

    2. Log Critical Data Backups in the Data Backup & Confirmation Log. (When you log a critical data backup, select “Critical” under the Backup Type column.)

    3. Log service security settings in the Security Settings Log.

    Program Task Planning Log
    Update the Security Schedule for Export log with Critical Data Backups, Password update reminder, and Password policy compliance check schedule

    Other Docs

    Additional PCT Guidance 
    If you utilize a Third Party Service (i.e. a biller or virtual assistant) and that Third Party needs to use your practice-owned service login to access PHI, please see this service agreement and help video for more information.

    System Credentials Held By Third Party Secure Use Agreement Template

    Help video: [Supportive Video] Watch this video to see the in depth and supportive help at your fingertips for every step. 

Everything you need right in the PCT Dashboard

No hopping and skipping (or ridiculous dance moves) required to find the information you are looking for. If you choose to dance for joy though… we’ll turn up the song.

Support Where You Need It

The PCT Approach

Secure the training, consultation*, tools and
templates, software, and research to make sure
HIPAA doesn’t consume all of your resources —
like your money and time.

*When paired with Group Practice Care Premium


Method JUST for mental health

Change Management

Security Culture Norming

Leadership Coaching

Support Open Forum for HIPAA Manual Project Plan Task Guidance with a Group Practice Care Subscription

These regular, open forums with a PCT consultant take the angst out of your HIPAA manual.

Each weekly-ish virtual gathering allows you to get support and guidance with the tasks in your Project Plan for adopting and implementing the PCT Way Group Practice HIPAA Manuals (Leadership and Workforce Manuals,) the Security Policies & Procedures, and the associated worksheets and security catalogs. Bring your work to double-check or ask your pressing question. There’s space for you!

Get More Support through Group Practice Care Premium

Group Practice Office Hours (GOH) is available through Group Practice Care. Each of these weekly open-office live (and recorded) consultation events provide personalized support for your practice questions from industry experts so that you have support when and where you need it.

Chat with PCT Experts including Liath Dalton and HIPAA Teletherapy attorney Eric Strom JD PhD LMHC.

If it matters to you, it matters to us. 


Scheduled Maintenance

We will be temporarily taking the website offline at 10:00 PM Pacific (1:00 AM Eastern) tonight, July 6, in order to make some improvements. We plan to be back online by midnight Pacific (3:00 AM Eastern). We apologize for any inconvenience this may cause. Dismiss