Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In this episode, we explain steps to take if your therapy practice had a HIPAA breach in 2023. 

We discuss normalizing breaches emotionally; what constitutes a breach; the breach reporting timeframe; what the breach reporting process consists of; what to expect in terms of a response for a breach report; things regulators love to see in a breach report; the importance of preventing a breach from reoccurring; and resources we have available to support you during breach reporting.

PCT Resources

  • OCR Breach Report Questions  — know the contents of what is asked/what you need to provide *before* starting the breach report in the OCR’s online portal for breach reportin
  • CE course:  HIPAA Security Incidents & Breaches: Investigation, Documentation, And Reporting  (1.5 legal-ethical CE credit hours)
  • Group Practice Care Premium  for weekly (live & recorded) direct support & consultation, Group Practice Office Hours, with the PCT team + Eric Ström, JD PhD LMHC (monthly)
  • PCT’s  Group Practice PCT Way HIPAA Compliance Manual & Materials  — comprehensive customizable HIPAA Security Policies & Procedure and materials templates specifically for mental health group practices. with a detailed step-by-step project plan and guided instructions for adopting & implementing efficiently        
    • Policies & Procedures include: 
      • Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application.
      • Computing Devices and Electronic Media Technical Security Policy
      • Bring Your Own Device (BYOD) Policy
      • Communications Security Policy
      • Information Systems Secure Use Policy
      • Risk Management Policy
      • Contingency Planning Policy
      • Device and Document Transport and Storage Policy
      • Device and Document Disposal Policy
      • Security Training and Awareness Policy
      • Passwords and Other Digital Authentication Policy
      • Software and Hardware Selection Policy
      • **Security Incident Response and Breach Notification Policy**
      • Security Onboarding and Exit Policy
      • Sanction Policy Policy
      • Release of Information Security Policy
      • Remote Access Policy
      • Data Backup Policy
      • Facility/Office Access and Physical Security Policy
      • Facility Network Security Policy
      • Computing Device Acceptable Use Policy
      • Business Associate Policy
      • Access Log Review Policy
    • Forms & Logs include:
      • Workforce Security Policies Agreement
      • **Security Incident Report**
      • PHI Access Determination
      • Password Policy Compliance
      • BYOD Registration & Termination
      • Data Backup & Confirmation
      • Access Log Review
      • Key & Access Code Issue and Loss
      • Third-Party Service Vendors
      • Building Security Plan
      • Security Schedule
      • Equipment Security Check
      • Computing System Access Granting & Revocation
      • Training Completion
      • Mini Risk Analysis
      • **Security Incident Response**
      • Security Reminder
      • Practice Equipment Catalog
    • + Workforce Security Manual & Leadership Security Manual — the role-based practical application oriented distillation of the formal Policies & Procedures
    • + 2 complimentary seats of the Security Officer Endorsement Training Program (1 for Security Officer; 1 for Deputy (or future Deputy) Security Officer.


Scheduled Maintenance

We will be temporarily taking the website offline at 10:00 PM Pacific (1:00 AM Eastern) tonight, July 6, in order to make some improvements. We plan to be back online by midnight Pacific (3:00 AM Eastern). We apologize for any inconvenience this may cause. Dismiss