Episode 343: Breach Reporting, What You Need to Know and Do if Your Practice Had a Breach in 2023

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In this episode, we explain steps to take if your therapy practice had a HIPAA breach in 2023. 

We discuss normalizing breaches emotionally; what constitutes a breach; the breach reporting timeframe; what the breach reporting process consists of; what to expect in terms of a response for a breach report; things regulators love to see in a breach report; the importance of preventing a breach from reoccurring; and resources we have available to support you during breach reporting.

PCT Resources

• OCR Breach Report Questions  — know the contents of what is asked/what you need to provide *before* starting the breach report in the OCR’s online portal for breach reportin
• CE course:  HIPAA Security Incidents & Breaches: Investigation, Documentation, And Reporting  (1.5 legal-ethical CE credit hours)
• Group Practice Care Premium  for weekly (live & recorded) direct support & consultation, Group Practice Office Hours, with the PCT team + Eric Ström, JD PhD LMHC (monthly)
• PCT’s  Group Practice PCT Way HIPAA Compliance Manual & Materials  — comprehensive customizable HIPAA Security Policies & Procedure and materials templates specifically for mental health group practices. with a detailed step-by-step project plan and guided instructions for adopting & implementing efficiently        
  • Policies & Procedures include: 
    • Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application.
    • Computing Devices and Electronic Media Technical Security Policy
    • Bring Your Own Device (BYOD) Policy
    • Communications Security Policy
    • Information Systems Secure Use Policy
    • Risk Management Policy
    • Contingency Planning Policy
    • Device and Document Transport and Storage Policy
    • Device and Document Disposal Policy
    • Security Training and Awareness Policy
    • Passwords and Other Digital Authentication Policy
    • Software and Hardware Selection Policy
    • **Security Incident Response and Breach Notification Policy**
    • Security Onboarding and Exit Policy
    • Sanction Policy Policy
    • Release of Information Security Policy
    • Remote Access Policy
    • Data Backup Policy
    • Facility/Office Access and Physical Security Policy
    • Facility Network Security Policy
    • Computing Device Acceptable Use Policy
    • Business Associate Policy
    • Access Log Review Policy
  • Forms & Logs include:
    • Workforce Security Policies Agreement
    • **Security Incident Report**
    • PHI Access Determination
    • Password Policy Compliance
    • BYOD Registration & Termination
    • Data Backup & Confirmation
    • Access Log Review
    • Key & Access Code Issue and Loss
    • Third-Party Service Vendors
    • Building Security Plan
    • Security Schedule
    • Equipment Security Check
    • Computing System Access Granting & Revocation
    • Training Completion
    • Mini Risk Analysis
    • **Security Incident Response**
    • Security Reminder
    • Practice Equipment Catalog
  • + Workforce Security Manual & Leadership Security Manual — the role-based practical application oriented distillation of the formal Policies & Procedures
  • + 2 complimentary seats of the Security Officer Endorsement Training Program (1 for Security Officer; 1 for Deputy (or future Deputy) Security Officer.