In our latest episode, we share what you need to know about public wi-fi networks & the security risks they pose to your devices and information.
We discuss:
The difference between privacy and security
How the risks posed by public wi-fi networks have changed over time
What security risks public wi-fi networks actually pose to your device
How to use a risk analysis lens to put simple, accessible safegaurds in place
In our latest episode, we share what we know about the proposed HIPAA Security Rule and steps to take to safeguard your practice in the meantime until we know more.
We discuss:
The current status of the proposed HIPAA Security Rule
How regulatory uncertainty does not equal security uncertainty
Takeaways from OCR Director Paula Stannard’s comments at the National HIPAA Summit that give insight into the rationale behind the proposed rule
Risk analysis, encryption, reasonable and appropriate safeguards, and meaningful protection of client information
Our recommendation for building your compliance strategy
Four steps practice owners should take right now to safeguard your practice
PCT resources that can help you take those steps
In our latest episode, we explain why free email providers are inherently not HIPAA compliance compatible.
We discuss:
Why it’s necessary to have a Business Associate Agreement with your email service provider
Why clients can’t opt out of HIPAA
What requests for alternative or non-secure communication actually mean under the HIPAA Privacy Rule
What counts as Protected Health Information (PHI)
Why a free email address might be a red flag for prospective clients
How to get a BAA protected email, with a domain name or without
In our latest episode, we continue our series on AI use within therapy practices by sharing how to explain to your team members why using non-vetted AI platforms is not permissible.
We discuss:
What counts as Protected Health Information and a breakdown of the often misunderstood 18th identifier under HIPAA
How therapy progress notes and clinical notes are inherently identifying
AI re-identification risk and why this is possible
Why AI use involving client information must be vetted and HIPAA compliance-compatible
What happens when you input data into personal AI platforms
What we mean by AI governance, and why personal AI platforms can’t be governed
Why lack of AI governance is a significant liability
Impermissible disclosures under HIPAA
Why proving low probability of compromise is difficult after the fact, and what this means for your ability to mitigate risk
Managing the emotional pieces of identifying risk and risk mitigation in your practice
In our latest episode, we share information about the recent Darksword iPhone exploit, and what that means for therapy practice owners regarding device security.
We discuss:
What you need to know about this exploit
Device hardening within your security circle
Device security gaps we see in everyday practice
Pairing technical security measures with behavioral security measures
PCT’s resources around risk management and device security
