Apr 23, 2026

Episode 613: You Discovered Non-Compliant AI Use in Your Practice. Now What?

Listen

In this episode, we share concrete steps to take if you’ve discovered staff members using non-approved AI platforms in your practice.

We discuss:

The misconceptions around what constitutes PHI (and why information used to write a progress note absolutely is PHI)
Why this is a reportable HIPAA breach
Why reporting a HIPAA breach is nowhere near as scary or impactful as you may fear
The difference between a large breach and a small breach, and reporting deadlines for each
Client notification deadlines for breaches
How state law can impact or add to reporting deadlines
Steps to take after discovering non-compliant AI use in your practice
What to investigate, how to document, how to mitigate, how to notify clients, and when to consult an attorney

AI AI and Progress Notes Artificial Intelligence HIPAA Breach Notification HIPAA Breach Reporting HIPAA Breaches HIPAA Compliance Processes Non-Compliant AI Use Discovery Protected Health Information

Apr 16, 2026

Episode 612: Free Email Isn’t Worth It: Why It’s a Bad Idea and What To Do Instead

Listen

In our latest episode, we explain why free email providers are inherently not HIPAA compliance compatible.

We discuss:

Why it’s necessary to have a Business Associate Agreement with your email service provider
Why clients can’t opt out of HIPAA
What requests for alternative or non-secure communication actually mean under the HIPAA Privacy Rule
What counts as Protected Health Information (PHI)
Why a free email address might be a red flag for prospective clients
How to get a BAA protected email, with a domain name or without

cybersecurity email email security gmail HIPAA Protecting Confidentiality

Apr 9, 2026

Episode 611: The Real Risks of Using Non-Vetted AI Platforms with Client Information

Listen

In our latest episode, we continue our series on AI use within therapy practices by sharing how to explain to your team members why using non-vetted AI platforms is not permissible.

We discuss:

What counts as Protected Health Information and a breakdown of the often misunderstood 18th identifier under HIPAA
How therapy progress notes and clinical notes are inherently identifying
AI re-identification risk and why this is possible
Why AI use involving client information must be vetted and HIPAA compliance-compatible
What happens when you input data into personal AI platforms
What we mean by AI governance, and why personal AI platforms can’t be governed
Why lack of AI governance is a significant liability
Impermissible disclosures under HIPAA
Why proving low probability of compromise is difficult after the fact, and what this means for your ability to mitigate risk
Managing the emotional pieces of identifying risk and risk mitigation in your practice

AI in Mental Health Care appropriate AI use cybersecurity HIPAA

Apr 2, 2026

Episode 610: Don’t Panic – But Do Pay Attention: What the Darksword iPhone Exploit Actually Means

Listen

In our latest episode, we share information about the recent Darksword iPhone exploit, and what that means for therapy practice owners regarding device security.

We discuss:

What you need to know about this exploit
Device hardening within your security circle
Device security gaps we see in everyday practice
Pairing technical security measures with behavioral security measures
PCT’s resources around risk management and device security

cybersecurity HIPAA ios iphone security

Mar 18, 2026

Episode 609: Update: HHS Releases Model NPP for Part 2 Changes — What It Means for Your Practice

Listen

In our latest episode, we discuss HHS’s new model Notice of Privacy Practice for Part 2 programs, what has changed, and what that means for your practice.

We cover:

The Part 2 Final Rule from 2024
Why the Feb. 16th enforcement deadline has been so confusing
The model Part 2 NPP and Patient Notice from HHS, and the function of each document
Who is considered a lawful holder and what that means
Whether you need to switch to the HHS templates
What to do if you already used our decision guide and resources ahead of the deadline

42 CFR Part 2 HIPAA NPP Updates

Mar 3, 2026

Episode 608: AI Isn’t the Problem, Lack of Governance Is – A PSA for Group Practice Leadership

Listen

In our latest episode, we share a PSA for group practice owners to address unauthorized AI use within your practice.

We discuss:

What we mean by governance
What counts as Protected Health Information (PHI)
The standard we use at PCT to determine if something is PHI
Why AI tools like ChatGPT are inappropriate for PHI
De-identification standards under HIPAA
Ethical standards and informed consent for clinical use of AI
Concrete next steps to take as a practice leader to address AI use in your practice

AI appropriate AI use HIPAA

v2.10.0

Continuing Education National Approvals

Person Centered Tech Incorporated has been approved by NBCC as an Approved Continuing Education Provider, ACEP No. 6582. Programs that do not qualify for NBCC credit are clearly identified. Person Centered Tech Incorporated is solely responsible for all aspects of the programs.

Person Centered Tech Incorporated is approved by the American Psychological Association to sponsor continuing education for psychologists. Person Centered Tech Incorporated maintains responsibility for this program and its content.

Continuing Education State Approvals

  • Person Centered Tech is an approved provider continuing education provider with the Florida Board of Clinical Social Work, Marriage and Family Therapy and Mental Health Counseling. CE Broker Provider #50-23706.
  • Ohio Counselor, Social Worker, and Marriage and Family Therapist Board accepts continuing education credits from providers approved by the Florida Board of Clinical Social Work, Marriage and Family Therapy and Mental Health.
  • Person-Centered Tech Incorporated is recognized by the New York State Education Department's State Board for Social Work as an approved provider of continuing education for licensed social workers #SW-0540 and the State Board for Mental Health Practitioners as an approved provider of continuing education for licensed marriage and family therapists #MFT-0092, licensed mental health counselors #MHC-0210 and licensed psychoanalysts #P-0050 and the State Board for Psychology as an approved provider of continuing education for licensed psychologists #PSY-0068.

Policies and Terms

Training Resources

About Us

Email: [email protected]

Customer Service Hours: M-F 9AM-3PM PST

Address:
Person Centered Tech Incorporated
PO Box 42494
Portland, OR 97242

Where's our phone number?

Scheduled Maintenance

We will be temporarily taking the website offline at 10:00 PM Pacific (1:00 AM Eastern) tonight, July 6, in order to make some improvements. We plan to be back online by midnight Pacific (3:00 AM Eastern). We apologize for any inconvenience this may cause. Dismiss