We often hear from our colleagues that working with HIPAA Security is a mysterious and arduous process. At Person-Centered Tech, we think this need not be true. For most of us, HIPAA only comes across that way because the information we get only skims the surface or, in the worst cases, is completely wrong.
What’s more, many commercial interests will play on our fear of punishment from an authority to get us to buy products related to HIPAA. Unfortunately, playing on fear will only serve to make our understanding worse, and it drives us to engage in reactive behaviors detrimental to achieving HIPAA compliance.
To help turn that around, Person-Centered Tech is pleased to present the following collection of articles on the subject of HIPAA Security. Please enjoy them in good health with the reassurance that we have a number of additional affordable options for support available.
What Is This Again?
Person-Centered Tech has been publishing free articles on technology in mental health practice since 2012. The following is a curated series of those articles, painstakingly updated for the current moment and placed in an order to help you get the most benefit from them.
Along these lines, we also offer a free continuing education course on HIPAA Security in Mental Health. If you would like CE credit for your study time, and also like free things, sign up for our free courses here.
The following articles are numbered according to our recommended reading order. Of course you may buck our system and read them however you wish.
Seem Like a Lot of Articles To Read At Once??
[mc4wp_form id=”29383″]
The Articles
First things first! Are you even subject to HIPAA? You might or might not be. And just as importantly, what does it even mean if you aren’t? The answer to the first question is somewhat simple, the second one isn’t. This article helps make sense of it.
1) Am I a HIPAA Covered Entity? How Much Does It Matter If I Am Or Not? (2016 Update)
Did you know that just because you practice health care in the United States, you’re not necessarily legally required to comply with HIPAA? The followup question, of course, is, “Does it really change anything if you’re not?”
This next one covers a basic concept, but it’s one that not every mental health pro is very familiar with. Even if you do know what HIPAA Business Associates are, may we recommend skimming the article? It does contain some details and particulars that clinicians are often confused about. Our goal is to make sure you’ve got the basics down solid!
2) What Is a HIPAA Business Associate?
What if companies that handle your clients’ info signed contracts promising to safeguard the information? HIPAA calls that a Business Associate Agreement.
Okay, so some folks find the name of this next article a little intimidating. And perhaps the content, too. But I assure you that the news we’re giving you here is good. HIPAA’s way of dealing with security breaches is actually really flexible and reasonable. And what’s more, understanding how it works will make you far more prepared to understand how to avoid it all together! (Hint: the next article after this one will give you a hugely useful tip on how to do that.)
3) What is HIPAA Breach Notification?
HIPAA includes prepping for when an info breach does happen. It’s like preparing for a suicidal client: a bit scary, but also something you can work with.
Okay, “breach notification” doesn’t sound so great. Luckily this next article delivers some mighty good news on the issue. Many people may want to read it right after reading the one on breach notification!
4) Easy Safe Harbor From HIPAA Breach Notification: Now on Your Computer and Smartphone
Wouldn’t it be great if your computer and smartphone could be made impervious to security breaches under HIPAA? Well, they kind of can be.
Would You Rather These Articles Were Sent to You by Email?
[mc4wp_form id=”29383″]
Now that we’ve made all these references to how HIPAA Security actually works, let’s get a very high-level view of the real process. This next article looks innocuous, but for many of our colleagues it’s quite revolutionary.
5) Mental Health Pros’ 3 Steps to (Actually) Be HIPAA Security Compliant
A simplified, chunked-down look at the process of (actual) compliance with the HIPAA Security Rule, split into three steps. Plus some busting of myths.
So if the process of HIPAA Security compliance looks like the three steps mentioned in the previous article, where do “HIPAA compliant” products come in? Well, they may not be a part of it at all! This next article clarifies.
6) “HIPAA-Compliant” Is a Meaningless Phrase. Let’s Use “HIPAA-Secure.”
The phrase “HIPAA-compliant” has become nigh-meaningless — like “inflammable” and “awesome.” It’s time for better terminology.
Hopefully you’re getting the idea that “risk analysis and risk management” is the name of the HIPAA game. These next two articles get into some details of why that’s a good thing for you and your practice, and also provide some guidance on how to do it.
7) Empower Yourself and Your Clients: Comply With HIPAA
Yep, I said it. HIPAA’s approach to security might just be the most empowering thing available to you and your clients.
By this point in the article series, our readers start to wonder how they can go about accomplishing the risk analysis portion of HIPAA Security compliance. It’s still not a simple answer at this point in history, but it doesn’t have to be as hard as it sounds. Read on for details.
8) Risk Analysis and Risk Management Planning: Can You Do It Yourself?
HIPAA requires every practice do a risk analysis and make a risk management plan. But can you do these things yourself? (Hint: Yes, You Can)
And lastly, we offer an article with great links to a few resources that can help you with your compliance process.
9) Where Can I Get Free HIPAA Forms, Contracts, and Tools?
HIPAA forms like the Notices of Privacy Practices, BAAs, Risk Analysis Tools, and more can be found for free from a number of helpful sources. We list our favs.
Further Reading and Resources
We’ve produced a ton of articles on HIPAA Security-related topics just for mental health professionals. Below are several that we think are worth reading your way through over time.
Protect Your Client Records: Put Them On the Internet
When I started practicing, I didn’t even want to put records on my computer. Now I frequently recommend putting everything you can on the cloud. Here’s why.
Are Electronic Records Really More Secure Than Paper Records?
Some claim that electronic records are safer than paper because of encryption. This statement is at once totally right and dangerously wrong.
The HIPAA People To Start Investigating Small Security Breaches, *Maybe* Can Impact Small Therapy Practices
The Office of Civil Rights (the HIPAA People) recently announced a new HIPAA initiative at the local level that might impact small therapy practices.
Random HIPAA Audits 2016: Will You Be Chosen? (Spoilers Inside)
The Office of Civil Rights is re-upping their random HIPAA audit program with several hundred new audits this year. Will you be chosen? (spoilers inside)
3 Reasons Apple vs. FBI Is Huge For Mental Health Pros Beholden to HIPAA
Apple’s battle with the FBI has big implications for our HIPAA compliance when we use iPhones. But how can we leverage what we’re learning from it?
HIPAA Privacy Rule Changed For Firearm Checks, Nothing Changes
The HIPAA Privacy Rule saw a tiny change that highlights big rifts in our understanding of HIPAA’s privacy rules for mental health.