Digital Confidentiality According to Professional Ethics and HIPAA: A Heart-Centered Approach Level 101

1 CE Credit Hour. Legal-Ethical. Self-Study Video Seminar.

Presented By: Roy Huggins, LPC NCC

Course Description

PCT Logo

Gently orient yourself to the world of security for mental health clients and clinicians.

This course will help those who need a slower or more spacious introduction to working with security and HIPAA. We will ease learners into learning about HIPAA and security risk management by exploring two risks: one involving email and one involving a laptop computer. We will also briefly touch on HIPAA Business Associates and the process of how one complies with HIPAA’s Security Rule.

Learners who are already somewhat familiar with these concepts, or who feel comfortable with technical concepts, can skip this course and go straight to Level I.

Our intention is for this basic-level course to act as a gentle introduction to our Digital Confidentiality series for counselors, marriage and family therapists, clinical social workers, and counseling and clinical psychologists. Everything in this 1-hour course will be repeated throughout the 6 hours of our Level I and Level II courses.

Educational Objectives

  • Develop a plan to approach the 3 main steps for HIPAA Security Rule compliance
  • Use the risk-based approach to security for protecting sensitive client information
  • Comply with the HIPAA Security Rule and maintain security while also maintaining and meeting individual client needs


  1. Mental Health Professionals and Confidentiality Risks
    • Mental health professionals already know a lot about security. We’ll explain how.
    • Mental health professionals also work with risk. We link the risks we work with clinically to the proper way to work with security risks.
  2. HIPAA and Risk Management
    • Ethical and legal context for security risk management.
    • Some practice thinking about security risks.
    • Example 1 of a security risk, with exploration of how to think about it in the HIPAA way.
    • Example 2 of a security risk, with exploration of how to think about it in the HIPAA way.
  3. Complying With the HIPAA Security Rule
    • Brief introduction to HIPAA Business Associates.
    • The process of complying with the Security Rule, broken down into steps.


  • American Association of Marriage and Family Therapists. (2015). Code of Ethics . Alexandria, VA: Author.
  • American Counseling Association. (2014). ACA Code of Ethics. Alexandria, VA: Author.
  • American Psychological Association. (2010). American Psychological Association Ethical Principles of Psychologists and Code of Conduct . Washington, DC: Author.
  • National Association of Social Workers. (2008). Code of Ethics . Washington, DC: Author.
  • National Board for Certified Counselors. (2012). Code of Ethics . Greensboro, NC: Author.
  • US Dept. of Health and Human Services. (2006). HIPAA Administrative Simplification . Washington, DC: Author.
  • US Dept. of Health and Human Services. (2007). Basics of Risk Analysis and Risk Management. Retrieved Feb 6, 2014, from
  • US Dept. of Health and Human Services. (2013). HIPAA Omnibus Final Rule . Washington, DC: Author.
1 CE Credit Hour.

Presented/Developed By

Roy Huggins, LPC NCCRoy Huggins, LPC NCC, is a counselor in private practice who also directs Person-Centered Tech. Roy worked as a professional Web developer for 7 years before changing paths, and makes it his mission to grow clinicians’ understanding of the Internet and other electronic communications mediums for the future of our practices and our professions.

Roy is an adjunct instructor at the Portland State University Counseling program where he teaches Ethics, and is a member of the Zur Institute advisory board. He has acted as a subject matter expert on HIPAA, security and clinical use of technology for Counseling licensure boards and both state and national mental health professional organizations. He has co-authored or authored 2 book chapters, and he routinely consults with mental health colleagues on ethical and practical issues surrounding tech in clinical practice. He served for 5 years on the board of the Oregon Mental Health Counselors Association and then the Oregon Counseling Association as the Technology Committee Chair.

He really likes this stuff.

Program Notices

Accuracy, Utility, and Risks Statement: The contents of this program are based primarily on publications from the federal Department of Health and Human Services, and on the ethics codes of these professional organizations: AAMFT, ACA, APA, NASW, NBCC. Contents are also guided by statements from leadership in those organizations. Some interpretation and analysis presented is made by the presenter, in consultation with knowledgeable colleagues and expert consultants. Statements about applications to technology are according to presenter’s understanding of the technology at the time of the program. The presenter may not know how to apply all principles discussed to every technology type or product. This program discusses strategies for complying with HIPAA and covered ethics codes, and for improving security. It may not include information on all applicable state laws. Misapplication of the materials, or errors in the materials, could result in security problems, data breaches, or non-compliance with applicable laws or ethics codes.

Conflicts of Interest: None.

Commercial Support: None.

This course is subject to our cancellation/refund policy and complaint policy.

1 CE Credit Hour.
PCT Logo

1 CE Credit Hour. Legal-Ethical. Self-Study Video Seminar.


You are not currently logged in to this site. Need to log in? Click here→


Scheduled Maintenance

We will be temporarily taking the website offline at 10:00 PM Pacific (1:00 AM Eastern) tonight, July 6, in order to make some improvements. We plan to be back online by midnight Pacific (3:00 AM Eastern). We apologize for any inconvenience this may cause. Dismiss