In our latest episode, we explain why free email providers are inherently not HIPAA compliance compatible.
We discuss:
Why it’s necessary to have a Business Associate Agreement with your email service provider
Why clients can’t opt out of HIPAA
What requests for alternative or non-secure communication actually mean under the HIPAA Privacy Rule
What counts as Protected Health Information (PHI)
Why a free email address might be a red flag for prospective clients
How to get a BAA protected email, with a domain name or without
In our latest episode, we continue our series on AI use within therapy practices by sharing how to explain to your team members why using non-vetted AI platforms is not permissible.
We discuss:
What counts as Protected Health Information and a breakdown of the often misunderstood 18th identifier under HIPAA
How therapy progress notes and clinical notes are inherently identifying
AI re-identification risk and why this is possible
Why AI use involving client information must be vetted and HIPAA compliance-compatible
What happens when you input data into personal AI platforms
What we mean by AI governance, and why personal AI platforms can’t be governed
Why lack of AI governance is a significant liability
Impermissible disclosures under HIPAA
Why proving low probability of compromise is difficult after the fact, and what this means for your ability to mitigate risk
Managing the emotional pieces of identifying risk and risk mitigation in your practice
In our latest episode, we share information about the recent Darksword iPhone exploit, and what that means for therapy practice owners regarding device security.
We discuss:
What you need to know about this exploit
Device hardening within your security circle
Device security gaps we see in everyday practice
Pairing technical security measures with behavioral security measures
PCT’s resources around risk management and device security
In our latest episode, we share what to do as a practice owner to prevent email hacks, and how to respond if one occurs.
We discuss:
Technical and behavioral measures to take to prevent email hacks
Mandating two-factor authentication system-wide
Education and staff training for prevention
Creating a shame-free security culture in your practice
Steps to take if you receive an email that looks suspicious
Steps to take if you find out your email has been hacked
Breach reporting timelines to be aware of
PCT resources that guide you through security training and awareness; risk analysis and mitigation planning; and breach investigation, documentation, and reporting
Ongoing training and security reminders for your team
In our latest episode, we’re highlighting the stories that impacted your practices this year, and the main takeaways from each story.
We discuss:
The proposed changes to the HIPAA Security Rule
Common sense security updates to incorporate into your practice
The proliferation of AI and ways therapists can differentiate themselves from AI
The proliferation of platforms offering practice management as a service
How group practices can stand out from these practice management platforms
Clinician burnout and clinicians returning to their clinical roots
Progression of cross-jurisdictional practice mobility
The uncertainty around the Medicare telehealth cliff
