Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we share concrete steps to take if you've discovered staff members using non-approved AI platforms in your practice.

We discuss:

• The misconceptions around what constitutes PHI (and why information used to write a progress note absolutely is PHI)
• Why this is a reportable HIPAA breach
• Why reporting a HIPAA breach is nowhere near as scary or impactful as you may fear
• The difference between a large breach and a small breach, and reporting deadlines for each
• Client notification deadlines for breaches
• How state law can impact or add to reporting deadlines
• Steps to take after discovering non-compliant AI use in your practice
• What to investigate, how to document, how to mitigate, how to notify clients, and when to consult an attorney

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

• PCT CE Course (on-demand): If you're navigating exactly what we're talking about in this episode, our on-demand CE training, HIPAA Security Incidents & Breaches: Investigation, Documentation, and Reporting, provides a clear, structured walkthrough of what to do when something goes wrong. It covers how to determine whether an incident is a breach, how to investigate and document appropriately, and how to handle client notification and reporting requirements—along with strategies to reduce risk going forward. This is a practical, real-world roadmap designed specifically for mental health practices, so you're not left guessing about next steps when a breach situation arises.
• Breach Report Questions: If you want to understand what breach reporting actually looks like in practice, this resource walks you through the exact information required when submitting a report to the Office for Civil Rights (OCR). It outlines the specific details you'll need to gather — such as the type and scope of the breach, the number of individuals affected, what kind of PHI was involved, and what actions you've taken in response — so you can approach reporting with clarity and confidence rather than guesswork. Reviewing these questions ahead of time can also help guide your investigation and documentation process, ensuring you're collecting the right information from the start.
• Live (and recorded) PCT CE Course: Beyond Hype and Anxiety: A Practical Framework for Ethical AI Use in Clinical Practice is a 4-hour legal-ethical CE training co-presented by Dr. Maelisa McCaffrey and Liath Dalton, designed to help clinicians move beyond fear and guesswork into confident, responsible AI use. The course provides a structured, real-world framework for integrating AI into clinical workflows while upholding HIPAA requirements, ethical standards, and clinical standards of care. Participants will learn how to evaluate AI tools, understand what constitutes PHI (and the limits of de-identification), implement appropriate policies and safeguards, and maintain documentation quality and clinical integrity. With practical tools, decision-making frameworks, and implementation strategies, this training supports clinicians in making informed, defensible decisions about AI use in practice.
  • Live Webinar Presentation on May 8th, 2026
  • Registration for live training includes receiving ownership of and perpetual access to the on-demand self-study CE training produced from recording of live presentation. Get both the content *and* the CE, even if you can't join live.
• HIPAA Risk Analysis & Risk Mitigation Planning service for mental health practices — care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You'll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health practice, and a mitigation checklist to help you reduce your risks.
• If you're navigating filing a breach report and you haven't completed a documented "thorough and accurate" HIPAA Security Risk Analysis that meets the foundational Security Rule requirements, this is something you want/need to do so it can be reflected in your breach report to the OCR (HIPAA regulators)
• PCT's Comprehensive HIPAA Security Compliance Program (discounted) bundles:
  • For Group Practices
  • For Solo Practitioners
    • Comprehensive HIPAA Security Policies & Procedures
    • Forms & Logs for documenting implementation and maintenance of Policies & Procedures in practice
    • Device & Workspace Security Suites
    • Direct Support & Consultation from PCT team + therapist attorney Eric Ström, JD PhD LMHC (live & recorded + searchable library)
    • Includes the Risk Analysis & Risk Mitigation Planning service + tool
  • HIPAA Security & Privacy Ethics training
• Article + 18 Identifier List: De-Identified or Not? The Truth About HIPAA, AI, and Client Data
  • In this article, Person Centered Tech breaks down one of the most misunderstood concepts in HIPAA compliance: de-identification. It clarifies the difference between simply "removing identifiers" and meeting HIPAA's strict legal standards for de-identification (Safe Harbor or Expert Determination). The piece explains why narrative clinical information is often inherently identifying, why a session transcript cannot realistically be considered de-identified, and how AI systems introduce heightened risks of re-identification. It reinforces a critical takeaway for practice leaders: HIPAA sets the floor — not the ceiling — for protecting client information, and governance must keep pace with emerging technologies.
• PCT CE Course: Law & Ethics of the Clinical Use of Artificial Intelligence: Implications in Clinical Practice
  • If you're wanting a deeper, structured framework for evaluating AI in clinical practice, this 3-credit legal-ethical on-demand training with Eric Ström, JD, PhD, LMHC, walks through the evolving legal standards, HIPAA considerations, and ethics code guidance that apply to AI use in behavioral health. You'll gain practical strategies for assessing new technologies, understanding emerging standards of care, and implementing AI tools in a way that is legally defensible and ethically sound.
• Podcast: Episode 608: AI Isn't the Problem, Lack of Governance Is – A PSA for Group Practice Leadership
• Podcast: Episode 611: The Real Risks of Using Non-Vetted AI Platforms with Client Information
• Group Practice Care Premium
• weekly (live & recorded) direct support & consultation service, Group Practice Office Hours — including monthly session with therapist attorney Eric Ström, JD PhD LMHC
• Device Security Suite: assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost)
• Remote Workspace Security Suite: assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more

• Mintz-Matrix: The Mintz Matrix is a comprehensive, regularly updated overview of U.S. state data breach notification laws, providing a state-by-state breakdown of requirements such as definitions of personal information, what constitutes a breach, and timelines for notification. This is especially relevant in the context of this episode because HIPAA is only part of the picture—state laws often impose additional requirements, including shorter notification timeframes and broader definitions of protected information. Reviewing the Mintz Matrix can help you understand your specific state obligations and ensure that your response to a breach is not only HIPAA-compliant, but also aligned with applicable state laws.
• The HHS Office for Civil Rights (OCR) Breach Portal provides essential guidance on what constitutes a reportable breach and what happens after a report is submitted. It explains that a breach involves the unauthorized acquisition, access, use, or disclosure of protected health information that compromises its security or privacy, and outlines how OCR reviews, investigates, and resolves reported incidents. This is particularly relevant to this episode because it helps demystify what occurs after you file a breach report—reinforcing that reporting does not automatically trigger penalties, but instead initiates a review process that may include technical assistance, investigation, or closure without further action. Understanding this process can reduce fear and support more confident, compliant decision-making when responding to a breach.

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we explain why free email providers are inherently not HIPAA compliance compatible.

We discuss:

• Why it's necessary to have a Business Associate Agreement with your email service provider
• Why clients can't opt out of HIPAA
• What requests for alternative or non-secure communication actually mean under the HIPAA Privacy Rule
• What counts as Protected Health Information (PHI)
• Why a free email address might be a red flag for prospective clients
• How to get a BAA protected email, with a domain name or without

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

• PCT Article: 3 Kinds of Email Security: How to Make an Informed and HIPAA-Aware Choice
• PCT CE Training: Smooth and Secure Use of Phone, Text, Email, and Video to Meet Modern Clients Where They Are: Legal-Ethical and Real-World Considerations
  • Learn about the legal-ethical considerations of modern communication channels in the context of real world practice and client needs. 3 Legal-Ethical CE credit hours. On-demand.
• PCT's Comprehensive HIPAA Security Compliance Program (discounted) bundles:
  • For Group Practices
  • For Solo Practitioners
    • Comprehensive HIPAA Security Policies & Procedures
    • Forms & Logs for documenting implementation and maintenance of Policies & Procedures in practice
    • Device & Workspace Security Suites
    • Direct Support & Consultation from PCT team + therapist attorney Eric Ström, JD PhD LMHC (live & recorded + searchable library)
    • Includes the Risk Analysis & Risk Mitigation Planning service + tool
  • HIPAA Security & Privacy Ethics training
• HIPAA Risk Analysis & Risk Mitigation Planning service for mental health group practices — care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You'll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks.
• Group Practice Care Premium
  • weekly (live & recorded) direct support & consultation service, Group Practice Office Hours — including monthly session with therapist attorney Eric Ström, JD PhD LMHC
  • + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost)
  • + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we continue our series on AI use within therapy practices by sharing how to explain to your team members why using non-vetted AI platforms is not permissible.

We discuss:

• What counts as Protected Health Information and a breakdown of the often misunderstood 18th identifier under HIPAA
• How therapy progress notes and clinical notes are inherently identifying
• AI re-identification risk and why this is possible
• Why AI use involving client information must be vetted and HIPAA compliance-compatible
• What happens when you input data into personal AI platforms
• What we mean by AI governance, and why personal AI platforms can't be governed
• Why lack of AI governance is a significant liability
• Impermissible disclosures under HIPAA
• Why proving low probability of compromise is difficult after the fact, and what this means for your ability to mitigate risk
• Managing the emotional pieces of identifying risk and risk mitigation in your practice

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

PCT Resources:

• Live (and recorded) PCT CE Course: Beyond Hype and Anxiety: A Practical Framework for Ethical AI Use in Clinical Practice is a 4-hour legal-ethical CE training co-presented by Dr. Maelisa McCaffrey and Liath Dalton, designed to help clinicians move beyond fear and guesswork into confident, responsible AI use. The course provides a structured, real-world framework for integrating AI into clinical workflows while upholding HIPAA requirements, ethical standards, and clinical standards of care. Participants will learn how to evaluate AI tools, understand what constitutes PHI (and the limits of de-identification), implement appropriate policies and safeguards, and maintain documentation quality and clinical integrity. With practical tools, decision-making frameworks, and implementation strategies, this training supports clinicians in making informed, defensible decisions about AI use in practice.
  • Live Webinar Presentation on May 8th, 2026
  • Registration for live training includes receiving ownership of and perpetual access to the on-demand self-study CE training produced from recording of live presentation. Get both the content *and* the CE, even if you can't join live.
• Article + 18 Identifier List: De-Identified or Not? The Truth About HIPAA, AI, and Client Data
  • In this article, Person Centered Tech breaks down one of the most misunderstood concepts in HIPAA compliance: de-identification. It clarifies the difference between simply "removing identifiers" and meeting HIPAA's strict legal standards for de-identification (Safe Harbor or Expert Determination). The piece explains why narrative clinical information is often inherently identifying, why a session transcript cannot realistically be considered de-identified, and how AI systems introduce heightened risks of re-identification. It reinforces a critical takeaway for practice leaders: HIPAA sets the floor—not the ceiling—for protecting client information, and governance must keep pace with emerging technologies.
• PCT CE Course: Law & Ethics of the Clinical Use of Artificial Intelligence: Implications in Clinical Practice
  • If you're wanting a deeper, structured framework for evaluating AI in clinical practice, this 3-credit legal-ethical on-demand training with Eric Ström, JD, PhD, LMHC, walks through the evolving legal standards, HIPAA considerations, and ethics code guidance that apply to AI use in behavioral health. You'll gain practical strategies for assessing new technologies, understanding emerging standards of care, and implementing AI tools in a way that is legally defensible and ethically sound.
• Podcast: Episode 608: AI Isn't the Problem, Lack of Governance Is – A PSA for Group Practice Leadership
• HIPAA Risk Analysis & Risk Mitigation Planning service for mental health group practices — care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You'll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks.
• Group Practice Care Premium
  • weekly (live & recorded) direct support & consultation service, Group Practice Office Hours — including monthly session with therapist attorney Eric Ström, JD PhD LMHC
  • Device Security Suite: assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost)
  • Remote Workspace Security Suite: assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we share information about the recent Darksword iPhone exploit, and what that means for therapy practice owners regarding device security.

We discuss:

• What you need to know about this exploit
• Device hardening within your security circle
• Device security gaps we see in everyday practice
• Pairing technical security measures with behavioral security measures
• PCT's resources around risk management and device security

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

• Group Practice Care Premium
  • weekly (live & recorded) direct support & consultation service, Group Practice Office Hours — including monthly session with therapist attorney Eric Ström, JD PhD LMHC
  • Device Security Suite: assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost)
  • Remote Workspace Security Suite: assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more
• PCT's Comprehensive HIPAA Security Compliance Program (discounted) bundles:
  • For Group Practices
  • For Solo Practitioners
    • Comprehensive HIPAA Security Policies & Procedures
    • Forms & Logs for documenting implementation and maintenance of Policies & Procedures in practice
    • Device & Workspace Security Suites
    • Direct Support & Consultation from PCT team + therapist attorney Eric Ström, JD PhD LMHC (live & recorded + searchable library)
    • Includes the Risk Analysis & Risk Mitigation Planning service + tool
    • HIPAA Security & Privacy Ethics training
• HIPAA Risk Analysis & Risk Mitigation Planning service for mental health group practices — care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You'll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks.

• Wired Article: Apple Will Push Out Rare 'Backported' Patches to Protect iOS 18 Users From DarkSword Hacking Tool
• PC Mag Article: 'DarkSword' Attack Is Now Targeting Vulnerable iPhones Via Phishing Emails
• Malwarebytes Labs Article: [updated] A DarkSword hangs over unpatched iPhones

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we discuss HHS's new model Notice of Privacy Practice for Part 2 programs, what has changed, and what that means for your practice.

We cover:

• The Part 2 Final Rule from 2024
• Why the Feb. 16th enforcement deadline has been so confusing
• The model Part 2 NPP and Patient Notice from HHS, and the function of each document
• Who is considered a lawful holder and what that means
• Whether you need to switch to the HHS templates
• What to do if you already used our decision guide and resources ahead of the deadline

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

• Updated HHS Model Notice of Privacy Practices
• Model Part 2 Patient Notice
• HHS Part 2 Final Rule Fact Sheet
• PCT decision guide and sample language resource

• Episode 605: 42 CFR Part 2, HIPAA NPPs, and the February 16 Deadline: What Actually Needs to Change
• Group Practice Care Premium
  • weekly (live & recorded) direct support & consultation service, Group Practice Office Hours — including monthly session with therapist attorney Eric Ström, JD PhD LMHC
  • + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost)
  • + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we share a PSA for group practice owners to address unauthorized AI use within your practice.

We discuss:

• What we mean by governance
• What counts as Protected Health Information (PHI)
• The standard we use at PCT to determine if something is PHI
• Why AI tools like ChatGPT are inappropriate for PHI
• De-identification standards under HIPAA
• Ethical standards and informed consent for clinical use of AI
• Concrete next steps to take as a practice leader to address AI use in your practice

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

PCT Resources:

• Article + 18 Identifier List: De-Identified or Not? The Truth About HIPAA, AI, and Client Data
  • In this article, Person Centered Tech breaks down one of the most misunderstood concepts in HIPAA compliance: de-identification. It clarifies the difference between simply "removing identifiers" and meeting HIPAA's strict legal standards for de-identification (Safe Harbor or Expert Determination). The piece explains why narrative clinical information is often inherently identifying, why a session transcript cannot realistically be considered de-identified, and how AI systems introduce heightened risks of re-identification. It reinforces a critical takeaway for practice leaders: HIPAA sets the floor—not the ceiling—for protecting client information, and governance must keep pace with emerging technologies.
• PCT CE Course: Law & Ethics of the Clinical Use of Artificial Intelligence: Implications in Clinical Practice
  • If you're wanting a deeper, structured framework for evaluating AI in clinical practice, this 3-credit legal-ethical on-demand training with Eric Ström, JD, PhD, LMHC, walks through the evolving legal standards, HIPAA considerations, and ethics code guidance that apply to AI use in behavioral health. You'll gain practical strategies for assessing new technologies, understanding emerging standards of care, and implementing AI tools in a way that is legally defensible and ethically sound.
• PCT CE Course: Modern Progress Notes: Considerations for Teletherapy, Insurance Audits, and Artificial Intelligence (AI)
  • If your clinicians are feeling the pull to use AI for documentation, this 1.5-credit legal-ethical training with Dr. Maelisa McCaffrey (Hall) provides a grounded, practical framework for evaluating that decision. The course addresses how AI is currently being used in progress notes and introduces a clear thought rubric for determining the ethical risks, compliance implications, and appropriateness of integrating AI into documentation workflows. It also reinforces core documentation principles—like medical necessity and audit risk reduction—so that efficiency never comes at the expense of defensibility. A strong next step for practice leaders who want to move from reactive prohibition to thoughtful, structured governance. (Useful for all clinicians)
• Group Practice Care Premium
  • weekly (live & recorded) direct support & consultation service, Group Practice Office Hours — including monthly session with therapist attorney Eric Ström, JD PhD LMHC
  • + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost)
  • + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we discuss the HIPAA responsibilities for therapy practice owners when closing their practice or retiring.

We cover:

• Common assumptions about responsibilities after retirement
• What determines your record retention length
• How long you must remain contactable after closing your practice and why
• The key functionalities you need to maintain, and the most economical ways to DIY them
• Outsourcing to an executor service as an alternative to the DIY approach
• Common mistakes that are made when shutting down a practice and how to avoid them
• Practice closure planning as part of client care planning
• Action steps to take if retirement is on the horizon

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

• Retirement Record Retention Checklist
  • a clear, practical guide to HIPAA compliance after retirement or practice closure. Learn what record retention laws require, how to honor clients' Right of Access, and which secure systems you need to maintain for the full retention period — so you can close your practice with confidence and integrity.
• PCT CE Course: Preparing For The Worst – A Professional Will Is Not Enough: Ensuring Continuity of Care In Event of Retirement, Death, or Disability
• Group Practice Care Premium
  • weekly (live & recorded) direct support & consultation service, Group Practice Office Hours — including monthly session with therapist attorney Eric Ström, JD PhD LMHC
  • + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost)
  • + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more

• TheraClosure (Professional Executor Services) — A therapist-founded service offering retirement and executor support for clinicians, including options for ongoing record retention and practice closure management. We mention them as one available option for outsourcing post-retirement HIPAA responsibilities. PCT has no affiliate relationship with TheraClosure and does not specifically endorse their services; clinicians should perform their own due diligence when evaluating vendors.

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we offer actionable tips for practice owners regarding the rapidly changing landscape of online referral sources.

We discuss:

• How online referral sources have changed over the last year
• Why Psychology Today is no longer the dominant referral pathway
• Emphasizing community based referrals
• How clients are using AI to find therapists
• How AI tools prioritize results
• Practical do's and don'ts for being findable via AI

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

• Free companion resource: Being Findable in an AI-Shaped Referral World: A Therapist's Do's & Don'ts Guide
  • We've created a practical, no-hype Do's & Don'ts checklist to help you strengthen your discoverability without chasing trends or gaming AI. It walks you through exactly what to focus on — and what to ignore — so your practice stays clear, ethical, and resilient in a changing referral landscape.
• On-Demand CE Course: Marketing in Mental Health: The Legal and Ethical Do's and Don'ts You Need to Know
  • Join AMHCA ethics committee member, therapist and HIPAA lawyer, Eric Ström, JD PhD LMHC, as he unpacks what it means to do marketing as a mental health clinician. With so much advice being shared online and between colleagues about how to grow your mental health practice and business, he's here to set clear boundaries around what is appropriate ethically and legally when trying to bring in new clients.
  • 3 Legal-Ethical CE Credit Hours
• Group Practice Care Premium
  • weekly (live & recorded) direct support & consultation service, Group Practice Office Hours — including monthly session with therapist attorney Eric Ström, JD PhD LMHC
  • + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost)
  • + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more

• Article from Clear Health Costs: Therapist forums buzzing over drop in Psychology Today referrals
• Article from Clear Health Costs: Therapists say Psychology Today referrals have dried up, and express concern

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we share what's actually necessary when updating your Notice of Privacy Practices due to Part 2.

We discuss:

• The confusion around updating NPPs without an updated model from HHS
• A quick refresher on Part 2
• Who is considered a lawful holder under Part 2
• Next steps for updating your NPP if you are a Part 2 program or lawful holder
• Our free resource on updating your NPP before the 2/16 enforcement deadline

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

• PCT Free Resource: 42 CFR Part 2 & HIPAA Notices of Privacy Practices: A Decision Guide and Sample Language for Covered Entities
  • a practical resource designed to help HIPAA-covered practices determine whether the updated 42 CFR Part 2 rules apply to them — and, if so, what belongs in their Notice of Privacy Practices. The guide includes a clear decision flow, plain-language explanations of Part 2 program vs. lawful holder obligations, and sample NPP language tailored to each category. It was created to fill the gap left by the absence of an updated HHS model NPP following the 2024 Part 2 Final Rule.

• HHS Fact Sheet on the 42 CFR Part 2 Final Rule
  • this HHS Fact Sheet summarizes the 2024 Final Rule updating 42 CFR Part 2, including new consent provisions, redisclosure alignment with HIPAA, enforcement changes, and the February 16, 2026 compliance deadline. It provides high-level regulatory context for healthcare organizations handling substance use disorder records.
• JD Supra Article: 42 CFR Part 2 and Privacy Rule Compliance: Action Required by February 16, 2026
  • This JD Supra article from Snell & Wilmer outlines the compliance steps healthcare organizations must take in response to the 2024 Final Rule updating 42 CFR Part 2. It explains which entities are required to update their Notices of Privacy Practices by February 16, 2026, including both Part 2 programs and HIPAA-covered entities that receive or maintain Part 2-protected records. The article highlights required NPP updates, enforcement risks, and the importance of aligning privacy notices with the amended regulations.

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we share advice on how to avoid phishing scams.

We discuss:

• Phishing scams in text messages and email
• Common scams you might encounter
• What not to do when you get a suspicious text message
• PCT resources for how to identify scams and social engineering

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.