Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we talk about ways to prevent HIPAA email breaches in a group practice setting.

We discuss common email-related breaches we see for group practices; email and PHI; large vs. small breaches; the implications of having a HIPAA breach; policies and procedures to mitigate email errors; how to send mass client notifications securely; settings to have in place in your email service; and what makes an email service HIPAA compliant.

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

PCT Resources

• PCT's Google Workspace Configuration Learning Center (see part 9, 'the sharing and the forwarding', for tutorial on managing forwarding settings)

• Free CE course: Introduction to HIPAA Security for Group Practice Leaders (1 legal-ethical CE course)

• OCR Breach Report Questions  -- know the contents of what is asked/what you need to provide *before* starting the breach report in the OCR's online portal for breach reporting

• CE course: HIPAA Security Incidents & Breaches: Investigation, Documentation, And Reporting (1.5 legal-ethical CE credit hours)

• Group Practice Care Premium  for weekly (live & recorded) direct support & consultation, Group Practice Office Hours, with the PCT team + Eric Ström, JD PhD LMHC (monthly)

• PCT's Group Practice PCT Way HIPAA Compliance Manual & Materials -- comprehensive customizable HIPAA Security Policies & Procedure and materials templates specifically for mental health group practices. with a detailed step-by-step project plan and guided instructions for adopting & implementing efficiently **includes policy prohibition on use of BCC and CC; workforce forwarding emails from their practice email account to personal email account; data entry checking/not using autofill suggestions for recipients -- the P&P components that address the email gone awry situations we discussed in the podcast episode

• Policies & Procedures include:

• Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application.

• Computing Devices and Electronic Media Technical Security Policy

• Bring Your Own Device (BYOD) Policy

• Communications Security Policy

• Information Systems Secure Use Policy

• Risk Management Policy

• Contingency Planning Policy

• Device and Document Transport and Storage Policy

• Device and Document Disposal Policy

• Security Training and Awareness Policy

• Passwords and Other Digital Authentication Policy

• Software and Hardware Selection Policy

• Security Incident Response and Breach Notification Policy

• Security Onboarding and Exit Policy

• Sanction Policy Policy

• Release of Information Security Policy

• Remote Access Policy

• Data Backup Policy

• Facility/Office Access and Physical Security Policy

• Facility Network Security Policy

• Computing Device Acceptable Use Policy

• Business Associate Policy

• Access Log Review Policy

• Forms & Logs include:

• Workforce Security Policies Agreement

• Security Incident Report

• PHI Access Determination

• Password Policy Compliance

• BYOD Registration & Termination

• Data Backup & Confirmation

• Access Log Review

• Key & Access Code Issue and Loss

• Third-Party Service Vendors

• Building Security Plan

• Security Schedule

• Equipment Security Check

• Computing System Access Granting & Revocation

• Training Completion

• Mini Risk Analysis

• Security Incident Response

• Security Reminder

• Practice Equipment Catalog

• + Workforce Security Manual & Leadership Security Manual -- the role-based practical application oriented distillation of the formal Policies & Procedures

• + 2 complimentary seats of the Security Officer Endorsement Training Program (1 for Security Officer; 1 for Deputy (or future Deputy) Security Officer.