Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.
In this episode, we’re sharing why risk analysis is essential for mental health providers, inspired by a recent webinar from the Office of Civil Rights (OCR).
We discuss the core mandate of the HIPAA Security Rule; how risk analysis is essential to safeguarding PHI; conceptualizing the lifecycle of PHI in your practice; how often to do a risk analysis; written policy vs. implemented policy; security measures degrading over time; and HIPAA as a useful tool for client care.
PCT Resources
-
PCT’s HIPAA Risk Analysis & Risk Mitigation Planning service for mental health group practices — care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks.
-
PCT’s Group Practice PCT Way HIPAA Compliance Manual & Materials — comprehensive HIPAA Security Policies & Procedures for the practice as HIPAA covered entity *and/or* Business Associate/MSO. Comprehensively covers the HIPAA P&Ps for contractor clinician structure group practices, employee structure group practices, and practices that are hybrid.
Policies & Procedures include:
-
Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application.
-
Computing Devices and Electronic Media Technical Security Policy
-
Bring Your Own Device (BYOD) Policy
-
Communications Security Policy
-
Information Systems Secure Use Policy
-
Risk Management Policy
-
Contingency Planning Policy
-
Device and Document Transport and Storage Policy
-
Device and Document Disposal Policy
-
Security Training and Awareness Policy
-
Passwords and Other Digital Authentication Policy
-
Software and Hardware Selection Policy
-
Security Incident Response and Breach Notification Policy
-
Security Onboarding and Exit Policy
-
Sanction Policy Policy
-
Release of Information Security Policy
-
Remote Access Policy
-
Data Backup Policy
-
Facility/Office Access and Physical Security Policy
-
Facility Network Security Policy
-
Computing Device Acceptable Use Policy
-
Business Associate Policy
-
Access Log Review Policy
Forms & Logs include:
-
Workforce Security Policies Agreement
-
Security Incident Report
-
PHI Access Determination
-
Password Policy Compliance
-
BYOD Registration & Termination
-
Data Backup & Confirmation
-
Access Log Review
-
Key & Access Code Issue and Loss
-
Third-Party Service Vendors
-
Building Security Plan
-
Security Schedule
-
Equipment Security Check
-
Computing System Access Granting & Revocation
-
Training Completion
-
Mini Risk Analysis
-
Security Incident Response
-
Security Reminder
-
Practice Equipment Catalog
Plus:
-
Workforce Security Manual & Leadership Security Manual — the role-based practical application oriented distillation of the formal Policies & Procedures (includes the prohibitions on non-HIPAA-acceptable personal services + defines what personal services *are* allowable.)
-
2 complimentary seats of the Security Officer Endorsement Training Program (1 for Security Officer; 1 for Deputy (or future Deputy) Security Officer.
PCT’s free “mini risk” tool, for needs identification related to what’s within and what’s outside your practice’s Security Circle (including personal device use)
-
- Group Practice Care Premium for weekly (live & recorded) direct support & consultation service with PCT consulting team + monthly session co-facilitated by Eric Ström, JD PhD LMHC
- + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices(for *all* team members at no per-person cost) + more
- + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces (for *all* team members at no per-person cost)