9 Legal-Ethical CE Credit Hours on HIPAA Security compliance, technology and digital ethics.
On-demand self study course

Engaging in HIPAA Security and Digital Confidentiality as a Mental Health Professional

Join Roy Huggins, LPC NCC and Kelly Arthur, MA, MS
as they discuss the extensive standards and rules for handling digital technology.

For mental health professionals, applying those abstract standards to the real world of modern practice tech is a big leap. This course will not only help you make that leap with concrete guidance and help, but it will also teach simple and essential conceptualization skills that will “teach you to fish.” It will empower you to perform the necessary tasks of complying with HIPAA’s Security Rule and protecting clients and your practice.

9 legal-ethical CE credit hours

On Demand Self Study

CE Credit Hours

This course will help you unlock your inherent superpowers and harness the technology ninja skills that have long been dormant in you…until now!

This is a comprehensive, introductory-level course for counselors, marriage and family therapists, clinical social workers, and counseling and clinical psychologists to support HIPAA Security compliance with particular attention to technology and digital ethics. The course uses a combination of video, articles, and learning activities with the intention that you can apply what you learn in order to perform partial risk analysis, and to make choices around technology adoption/use that will enable you to achieve and maintain compliance with the HIPAA Security Rule and relevant ethical codes.

Who is this event for?

This course is designed for solo practitioners, group practice leaders, and group practice clinical staff members. It is also suitable for practices which consist of 100% in-person, 100% telehealth, or a mixture of in-person and telehealth treatment.

green check mark  In-person Practices

green check mark  Hybrid Practices

green check mark  Teletherapy Only Practices

icon of a question mark

Risk

Explain how to apply knowledge of HIPAA, technology, and data transmission to effectively analyze risks to the security and privacy of client information. List the components of a risk analysis process.

icon of computer monitor

Tech Guidelines

Describe how to protect against common threats to the technological devices you may use in practice. Identify ways to use cloud services to maximize effectiveness in practice as well as maintain HIPAA compliance.

icon of a home office

Incident Reporting

Explain how to handle security incidents and breaches, including notification

Tech Selection

Explain the terminology involved in the HIPAA Security Rule and the steps to compliance. State guidelines for using email, text, phone, and video in a HIPAA-compliant manner.

icon of a home office

HIPAA Compliance

Describe the most effective personal way to approach security and risk management. 

icon of a question mark

Technical Applications

Identify the most basic technical concepts that you must be able to apply in order to navigate HIPAA security and digital confidentiality

PCT IS MY GO TO RESOURCE for my new fully Teletherapy practice. You all continue to impress on the comprehensive and up-to-date, not to mention user-friendly tools and information you provide to therapists etc like myself.

Susan E Cohen LISCW, LMFT, ACSW

Course Details

This is a comprehensive, introductory-level course for counselors, marriage and family therapists, clinical social workers, and counseling and clinical psychologists to support HIPAA Security compliance with particular attention to technology and digital ethics. The course uses a combination of video, articles, and learning activities with the intention that you can apply what you learn in order to perform partial risk analysis, and to make choices around technology adoption/use that will enable you to achieve and maintain compliance with the HIPAA Security Rule and relevant ethical codes.

Title: Engaging in HIPAA Security and Digital Confidentiality as a Mental Health Professional

Authors/Presenters: Roy Huggins, LPC NCC; Kelly Arthur, MA, MS
CE Length: 9 CE hour
Legal-Ethical CE Hours: 9 legal-ethical CE hour 

Educational Objectives:

  • Describe the most effective personal way to approach security and risk management
  • Explain the terminology involved in the HIPAA Security Rule and the steps to compliance
  • Identify the most basic technical concepts that you must be able to apply in order to navigate HIPAA security and digital confidentiality
  • State guidelines for using email, text, phone, and video in a HIPAA-compliant manner
  • Explain how to handle security incidents and breaches, including notification
  • Describe how to protect against common threats to the technological devices you may use in practice
  • Identify ways to use cloud services to maximize effectiveness in practice as well as maintain HIPAA compliance
  • Explain how to apply knowledge of HIPAA, technology, and data transmission to effectively analyze risks to the security and privacy of client information
  • List the components of a risk analysis process

    Syllabus:

    • Getting Into a Security Mindset
      • Relating your existing skillset around security to the HIPAA way of doing security.
      • Emotional norming regarding how you relate to security activities and to security regulations.
      • Relating your existing risk management skills to the way HIPAA uses risk management.
      • Explaining our ethical and legal contexts for engaging in security activities.
    • Grasping the Basics of HIPAA Security Rule Compliance
      • Determining who is subject to HIPAA
      • Learning what the HIPAA Security Rule requires
      • Performing the steps to become compliant with HIPAA’s Security Rule
      • Critically analyzing what it means when a product says it is “HIPAA Compliant”
      • Determining what kind of information is personally identifying
      • Understanding Business Associates and Business Associate Agreements
      • Grasping the scope of HIPAA as it pertains to your practice
      • Learning HIPAA Security’s workforce management standards
    • Understanding Basic Technical Concepts
      • Conceptualizing the difference in HIPAA Security standards for “data in motion” vs. “data at rest”
      • Conceptualizing an Internet transmission and how it impacts HIPAA Security standards
      • Conceptualizing encryption and its application to HIPAA Security Standards
      • Conceptualizing authentication and its application to HIPAA Security Standards
    • Using Email, Text, Phone, and Video in a HIPAA-Compliant Manner
      • Comparing the different types of secure (and nonsecure) email
      • Understanding what is meant by “texting” and how it impacts HIPAA compliance
      • HIPAA and ethical standards of secure communication vs nonsecure communication with clients
      • Comparing the different types of phone service and their relationship to HIPAA Security standards
      • Understanding videoconferencing options and their relationship to HIPAA Security standards
      • Using Communications Policies with clients for ethical and HIPAA-compliance purposes
    • Handling Security Incidents and Breaches
      • Understanding how a security “incident” becomes a security “breach”
      • Qualifying for the safe harbor in HIPAA’s breach notification rule
      • Using HIPAA’s breach notification rule to guide compliance strategy
    • Protecting Your Technological Devices
      • Identifying potential threats to the security of protected health information on your devices
      • Digitally protecting your devices to comply with HIPAA Security standards
      • Using encryption to protect information on your devices and comply with HIPAA Security standards
      • Using secure WiFi to protect information on your devices and comply with HIPAA Security standards
      • Backing up your data to protect information on your devices and comply with HIPAA Security standards
      • Choosing unique logins to protect information on your devices and comply with HIPAA Security standards
      • Physically protecting your devices to protect information on your devices and comply with HIPAA Security standards
    • Using Cloud Services Effectively and Safely
      • Understanding what “the cloud” is
      • Evaluating cloud services for security
      • Using cloud services to help achieve HIPAA Security compliance
      • Doing your part to keep your cloud services secured to HIPAA Security standards
      • Identifying and using (or preventing) “data synchronization” to achieve HIPAA Security standards
      • Learning how financial services in the cloud relate to HIPAA Security and the Business Associate Rule
    • Analyzing Information Risks
      • Tracing where your information is
      • Assessing your technology
      • Engaging in HIPAA Security Rule compliance

    Meet Our Presenters

    Presented by Roy Huggins LPC, NCC with Liath Dalton 

    Roy Huggins, LPC NCC, is a counselor in private practice who also directs Person-Centered Tech. Roy worked as a professional Web developer for 7 years before changing paths and makes it his mission to grow clinicians’ understanding of the Internet and other electronic communications mediums for the future of our practices and our professions.

    Roy is an adjunct instructor at the Portland State University Counseling program where he teaches Ethics and is a member of the Zur Institute advisory board. He has acted as a subject matter expert on HIPAA, security, and clinical use of technology for Counseling licensure boards, and both state and national mental health professional organizations. He has co-authored or authored 2 book chapters, and he routinely consults with mental health colleagues on ethical and practical issues surrounding tech in clinical practice. He served for 5 years on the board of the Oregon Mental Health Counselors Association and then the Oregon Counseling Association as the Technology Committee Chair.

    He really likes this stuff.

    Kelly Arthur, MA, MS, NCC, LPC & LMFT Intern, CADC I is a therapist in private practice in Portland. She moonlights as Person Centered Tech’s instructional designer, drawing from a skill base that hearkens back to her former life in corporate America.

    Arthur leveraged her graduate-level training and extensive experience in instructional design to create the structure, learning objectives, and review exercises for this course.

    Additional Information

    Citations:

      • American Association of Marriage and Family Therapists. (2015). Code of Ethics . Alexandria, VA: Author.
      • American Counseling Association. (2014). ACA Code of Ethics. Alexandria, VA: Author.
      • American Psychological Association. (2010). American Psychological Association Ethical Principles of Psychologists and Code of Conduct . Washington, DC: Author.
      • National Association of Social Workers. (2008). Code of Ethics . Washington, DC: Author.
      • National Board for Certified Counselors. (2012). Code of Ethics . Greensboro, NC: Author.
      • US Dept. of Health and Human Services. (2006). HIPAA Administrative Simplification . Washington, DC: Author.
      • US Dept. of Health and Human Services. (2013). HIPAA Omnibus Final Rule . Washington, DC: Author.
      • US Dept. of Health and Human Services. (2007, Mar). Basics of Risk Analysis and Risk Management. Retrieved Feb 6, 2014, from HHS.gov: http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/riskassessment.pdf

      Accuracy, Utility, and Risks Statement: The contents of this program are based primarily on publications and reports from the federal Department of Health and Human Services and consultation with experts on HIPAA Security standards and their implementation. Some interpretation and analysis presented is made by the presenter, in consultation with knowledgeable colleagues and expert consultants. Statements about applications to technology are according to presenter’s understanding of the technology at the time of the program. The presenter may not know how to apply all principles discussed to every technology type or product. This program discusses strategies for complying with HIPAA and covered ethics codes, and for improving security. It may not include information on all applicable state laws. Misapplication of the materials, or errors in the materials, could result in security problems, data breaches, or non-compliance with applicable laws or ethics codes.

      Accuracy, Utility, and Risks Statement: The contents of this program are based primarily on publications from the federal Department of Health and Human Services, and on the ethics codes of these professional organizations: AAMFT, ACA, APA, NASW, NBCC. Contents are also guided by statements from leadership in those organizations. Some interpretation and analysis presented is made by the presenter, in consultation with knowledgeable colleagues and expert consultants. Statements about applications to technology are according to presenter’s understanding of the technology at the time of the program. The presenter may not know how to apply all principles discussed to every technology type or product. This program discusses strategies for complying with HIPAA and covered ethics codes, and for improving security. It may not include information on all applicable state laws. Misapplication of the materials, or errors in the materials, could result in security problems, data breaches, or non-compliance with applicable laws or ethics codes.

      Conflicts of Interest: None.

      Commercial Support: None.

      This course is subject to our cancellation/refund policy and complaint policy.

     

    v1.23.01

    Scheduled Maintenance

    We will be temporarily taking the website offline at 10:00 PM Pacific (1:00 AM Eastern) tonight, July 6, in order to make some improvements. We plan to be back online by midnight Pacific (3:00 AM Eastern). We apologize for any inconvenience this may cause. Dismiss