Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we're answering a question we frequently get: What are the HIPAA considerations when you have an outside biller for your group practice?

We discuss the threat landscape scenario of outside billing; whether you need a BAA with your biller; who should provide the BAA; what should and shouldn't be in a BAA; and the difference between a Service Level Agreement and a BAA, and when to use each.

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we share HIPAA considerations regarding VPNs and password managers for group practice owners.

We discuss if you need a BAA with your VPN service or your password management program; the conduit exception; how VPNs work; practice provided services vs personal services; and our specific product recommendations for VPNs and password managers (as well as why we like them).

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

• NordVPN

• 1Password

• PCT Blog post: With a VPN, Your Staff Can Work Just About Anywhere

• PCT's free Group Practice Service Selection Workbook & Worksheets Step 1 of the PCT Way -- support for selecting HIPAA-secure, effective, and economical services to meet your practice's functionality and operational need

• Group Practice Care Premium

• weekly (live & recorded) direct support & consultation service, Group Practice Office Hours

• + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost)

• + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more

• HIPAA Risk Analysis & Risk Mitigation Planning service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You'll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks.

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we're joined by Maureen Werrbach from The Group Practice Exchange to continue our conversation about staff accountability.

We discuss how to set your practice apart for new hires; the cyclical nature of group practice ownership; diversifying services; teletherapy vs. in person practice; community marketing; salary vs. commission based pay; dealing with staff attrition when implementing accountabilities; the exact formula Maureen uses to negotiate rate increases with insurance companies; and where you can find more information about working with Maureen and the Accountability Equation.

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

• Learn more about the Accountability Equation and the option to join Maureen's next digital cohort here

• Hear more about the Accountability Equation and what implementation in practice looks like on the Group Practice Exchange podcast here (use the search feature for keyword 'accountability' and the results will be all the great episodes on the Accountability Equation)

• Group Practice Care Premium

• weekly (live & recorded) direct support & consultation service, Group Practice Office Hours, for group practice leaders

• Group Practice Office Hours also includes special guest sessions with experts including Maureen Werrbach of the Group Practice Exchange, Kelly & Miranda from ZynnyMe Business School for Therapists, Maelisa McCaffrey of QA Prep, and monthly sessions co-facilitated by therapist attorney Eric Ström, JD PhD LMHC

• + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost)

• + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we're joined by Maureen Werrbach from The Group Practice Exchange to talk about accountability in group practice.

We discuss how Maureen's Accountability Equation and how it helps group practices grow; accountability as an ongoing process; effective coaching as a leader; the five A's of the Accountability Equation; understanding the roles in your practice; making sure the right people are in the right roles; how to communicate when someone isn't in the right role; determining the accountabilities for each role; how this framework can be applied to new group practices and established group practices; how to keep track of everyone's accountabilities; and how to set actionable goals and microgoals.

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

• Learn more about the Accountability Equation and the option to join Maureen's next digital cohort here

• Hear more about the Accountability Equation and what implementation in practice looks like on the Group Practice Exchange podcast here (use the search feature for keyword 'accountability' and the results will be all the great episodes on the Accountability Equation)

• Group Practice Care Premium

• weekly (live & recorded) direct support & consultation service, Group Practice Office Hours, for group practice leaders

• Group Practice Office Hours also includes special guest sessions with experts including Maureen Werrbach of the Group Practice Exchange, Kelly & Miranda from ZynnyMe Business School for Therapists, Maelisa McCaffrey of QA Prep, and monthly sessions co-facilitated by therapist attorney Eric Ström, JD PhD LMHC

• + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost)

• + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we chat about how to approach staff HIPAA training after the first year.

We discuss why we don't recommend using the same training year after year (and why our system doesn't allow it); the trainings we typically recommend for year one and why; the trainings we recommend for year two and after and why; and why now is a particularly good time to get started.

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

• PCT's Role-Based Staff Trainings -- see PCT's role-based HIPAA & ethics, teletherapy, and topical needs-based trainings

• Foundational HIPAA Trainings -- recommended for year 1; if not done in year 1, use for year 2:

• Clinical Staff: Privacy Ethics And HIPAA Fundamentals For Mental Health Professionals In The Agency Or Group Practice Context (2 legal-ethical CE)

• Admin Staff: Practical Application Of HIPAA And Mental Health Ethics For Admin Staff

• Security Officer: Security Officer Endorsement Program (10 legal-ethical CE)

• Leadership: Introduction to HIPAA Security for Group Practice Leaders (2 legal-ethical CE)

• Practical Application Focused Trainings -- available only through Group Practice Care Premium, included for all team members at no per-person cost -- recommended for year 2, if not done in year 1:

• HIPAA Security Awareness: Bring Your Own Device (BYOD)

• HIPAA Security Awareness: Remote Workspaces

• *Select* Topical Needs-Based Trainings -- recommended for year 2 and beyond if foundational HIPAA trainings & practical application focused trainings have been completed -- **see our full curated collection of topical needs-based training section in our marketplace:

• HIPAA Security Awareness Grab-Bag

• Rethinking Notes: Strategies For Making Documentation Simple And Meaningful (2 legal-ethical CE)

• The Evolving Legal-Ethical Standard Of Care For The Clinical Use Of Artificial Intelligence In Mental Health (2 legal-ethical CE)

• Clinical Staff Teletherapy Training (5 CE, 3 of which is legal-ethical CE)

• Use PCT's team training management system, provided through Group Practice Care Basic (free!) OR Premium to assign trainings to team members, see progress/completion status, and let PCT take care of assignment notifications and reminders!

• Group Practice Care Premium

• + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost)

• + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more

• weekly (live & recorded) direct support & consultation service, Group Practice Office Hours, for leadership

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we explain the cybersecurity goals as outlined by Health and Human Services (HHS) in light of the upcoming HIPAA Security Rule changes.

We discuss the different categories of goals that are outlined; being proactive so your practice is ready when changes come; the essential goals HHS has outlined and what they mean; the encouraged goals HHS has outlined and what they mean; why these goals make sense; and how the PCT Way can help you meet these cybersecurity goals.

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

• HHS Announces Next Steps in Ongoing Work to Enhance Cybersecurity for Health Care and Public Health Sectors

• Healthcare Sector Cybersecurity Concept Paper

• HealthIT Security article: CISA Issues Revised Cybersecurity Performance Goals

• HealthIT Security article: HHS Unveils Healthcare Cybersecurity Performance Goals

• HHS' Healthcare & Public Health Cybersecurity Performance Goals

• Group Practice Care Premium

• weekly (live & recorded) direct support & consultation service, Group Practice Office Hours

• + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost)

• + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more

• HIPAA Risk Analysis & Risk Mitigation Planning service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You'll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks.

• PCT's Group Practice PCT Way HIPAA Compliance Manual & Materials -- comprehensive customizable HIPAA Security Policies & Procedure and materials templates specifically for mental health group practices. with a detailed step-by-step project plan and guided instructions for adopting & implementing efficiently **includes policy prohibition on use of BCC and CC; workforce forwarding emails from their practice email account to personal email account; data entry checking/not using autofill suggestions for recipients -- the P&P components that address the email gone awry situations we discussed in the podcast episode

• Policies & Procedures include:

• Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application.

• Computing Devices and Electronic Media Technical Security Policy

• Bring Your Own Device (BYOD) Policy

• Communications Security Policy

• Information Systems Secure Use Policy

• Risk Management Policy

• Contingency Planning Policy

• Device and Document Transport and Storage Policy

• Device and Document Disposal Policy

• Security Training and Awareness Policy

• Passwords and Other Digital Authentication Policy

• Software and Hardware Selection Policy

• Security Incident Response and Breach Notification Policy

• Security Onboarding and Exit Policy

• Sanction Policy Policy

• Release of Information Security Policy

• Remote Access Policy

• Data Backup Policy

• Facility/Office Access and Physical Security Policy

• Facility Network Security Policy

• Computing Device Acceptable Use Policy

• Business Associate Policy

• Access Log Review Policy

• Forms & Logs include:

• Workforce Security Policies Agreement

• Security Incident Report

• PHI Access Determination

• Password Policy Compliance

• BYOD Registration & Termination

• Data Backup & Confirmation

• Access Log Review

• Key & Access Code Issue and Loss

• Third-Party Service Vendors

• Building Security Plan

• Security Schedule

• Equipment Security Check

• Computing System Access Granting & Revocation

• Training Completion

• Mini Risk Analysis

• Security Incident Response

• Security Reminder

• Practice Equipment Catalog

• + Workforce Security Manual & Leadership Security Manual -- the role-based practical application oriented distillation of the formal Policies & Procedures

• + 2 complimentary seats of the Security Officer Endorsement Training Program (1 for Security Officer; 1 for Deputy (or future Deputy) Security Officer.

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we give group practice owners a heads up about upcoming changes to the HIPAA Security Rule.

We discuss what the focus of these rule changes will be; why the changes are happening; steps you can take to be proactive about HIPAA changes; and PCT's practical tools to help you get on top of things in a manageable way.

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

• Vital Signs: Digital Health Law Update | Winter 2024 | JD Supra

• 2024 Update: Regulators Use "Carrots and Sticks" to Incentivize Healthcare Sector Cybersecurity Compliance

• 3 ways to prepare for impending HIPAA Security Rule updates

• HHS Unveils Healthcare Cybersecurity Strategy

• HIPAA Risk Analysis & Risk Mitigation Planning service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You'll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks.

• Group Practice Care Premium

• weekly (live & recorded) direct support & consultation service, Group Practice Office Hours

• + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost)

• + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more

• PCT's Group Practice PCT Way HIPAA Compliance Manual & Materials -- comprehensive customizable HIPAA Security Policies & Procedure and materials templates specifically for mental health group practices. with a detailed step-by-step project plan and guided instructions for adopting & implementing efficiently **includes policy prohibition on use of BCC and CC; workforce forwarding emails from their practice email account to personal email account; data entry checking/not using autofill suggestions for recipients -- the P&P components that address the email gone awry situations we discussed in the podcast episode

• Policies & Procedures include:

• Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application.

• Computing Devices and Electronic Media Technical Security Policy

• Bring Your Own Device (BYOD) Policy

• Communications Security Policy

• Information Systems Secure Use Policy

• Risk Management Policy

• Contingency Planning Policy

• Device and Document Transport and Storage Policy

• Device and Document Disposal Policy

• Security Training and Awareness Policy

• Passwords and Other Digital Authentication Policy

• Software and Hardware Selection Policy

• Security Incident Response and Breach Notification Policy

• Security Onboarding and Exit Policy

• Sanction Policy Policy

• Release of Information Security Policy

• Remote Access Policy

• Data Backup Policy

• Facility/Office Access and Physical Security Policy

• Facility Network Security Policy

• Computing Device Acceptable Use Policy

• Business Associate Policy

• Access Log Review Policy

• Forms & Logs include:

• Workforce Security Policies Agreement

• Security Incident Report

• PHI Access Determination

• Password Policy Compliance

• BYOD Registration & Termination

• Data Backup & Confirmation

• Access Log Review

• Key & Access Code Issue and Loss

• Third-Party Service Vendors

• Building Security Plan

• Security Schedule

• Equipment Security Check

• Computing System Access Granting & Revocation

• Training Completion

• Mini Risk Analysis

• Security Incident Response

• Security Reminder

• Practice Equipment Catalog

• + Workforce Security Manual & Leadership Security Manual -- the role-based practical application oriented distillation of the formal Policies & Procedures

• + 2 complimentary seats of the Security Officer Endorsement Training Program (1 for Security Officer; 1 for Deputy (or future Deputy) Security Officer.

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we share ways to be proactive in light of the news that random HIPAA audits are returning.

We discuss why there's still no HIPAA police; the function of these random audits; where the gaps in compliance have been historically; what auditors will likely be looking for; the importance of risk analyses, risk mitigation plans, and policies & procedures; how many HIPAA covered entities were audited the last time the program was active; and PCT's resources to help you get started with formal compliance in a shame-free way.

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

• Results of prior audit period

• HHS Notice in the Federal Register

• JD Supra article: Never Say Never Again: HHS Signals the Return of HIPAA Audit Program

• HIPAA Risk Analysis & Risk Mitigation Planning service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You'll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks.

• Group Practice Care Premium

• weekly (live & recorded) direct support & consultation service, Group Practice Office Hours

• + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost)

• + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more

• PCT's Group Practice PCT Way HIPAA Compliance Manual & Materials -- comprehensive customizable HIPAA Security Policies & Procedure and materials templates specifically for mental health group practices. with a detailed step-by-step project plan and guided instructions for adopting & implementing efficiently **includes policy prohibition on use of BCC and CC; workforce forwarding emails from their practice email account to personal email account; data entry checking/not using autofill suggestions for recipients -- the P&P components that address the email gone awry situations we discussed in the podcast episode

• Policies & Procedures include

• Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application.

• Computing Devices and Electronic Media Technical Security Policy

• Bring Your Own Device (BYOD) Policy

• Communications Security Policy

• Information Systems Secure Use Policy

• Risk Management Policy

• Contingency Planning Policy

• Device and Document Transport and Storage Policy

• Device and Document Disposal Policy

• Security Training and Awareness Policy

• Passwords and Other Digital Authentication Policy

• Software and Hardware Selection Policy

• Security Incident Response and Breach Notification Policy

• Security Onboarding and Exit Policy

• Sanction Policy Policy

• Release of Information Security Policy

• Remote Access Policy

• Data Backup Policy

• Facility/Office Access and Physical Security Policy

• Facility Network Security Policy

• Computing Device Acceptable Use Policy

• Business Associate Policy

• Access Log Review Policy

• Forms & Logs include:

• Workforce Security Policies Agreement

• Security Incident Report

• PHI Access Determination

• Password Policy Compliance

• BYOD Registration & Termination

• Data Backup & Confirmation

• Access Log Review

• Key & Access Code Issue and Loss

• Third-Party Service Vendors

• Building Security Plan

• Security Schedule

• Equipment Security Check

• Computing System Access Granting & Revocation

• Training Completion

• Mini Risk Analysis

• Security Incident Response

• Security Reminder

• Practice Equipment Catalog

• + Workforce Security Manual & Leadership Security Manual -- the role-based practical application oriented distillation of the formal Policies & Procedures

• + 2 complimentary seats of the Security Officer Endorsement Training Program (1 for Security Officer; 1 for Deputy (or future Deputy) Security Officer.

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we explain why smart notebooks cannot be used in therapy practices.

We discuss why smart notebooks are popular; how smart notebooks work and why they're in HIPAA's scope; risk exposure; device security and hardening; communicating to clinicians that these devices are not HIPAA compatible; ways to support documentation processes that are HIPAA compatible; and what to do if you find out a clinician has been using a smart notebook.

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

• Group Practice Care Premium

• weekly (live & recorded) direct support & consultation service, Group Practice Office Hours

• + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost)

• + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more

• HIPAA Risk Analysis & Risk Mitigation Planning service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You'll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks.

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we discuss the recent Change Healthcare cyber attack and its impact for group practices.

We cover what we know and what we don't know yet; resources to help you take practical steps; how many people are impacted by this breach; the ongoing investigations; ransomware attacks; who is liable for this incident; maintaining operational continuity; and the importance of being proactive in your security practices.

Listen here: https://personcenteredtech.com/group/podcast/

For more, visit our website.

• Change Healthcare Status Update Page

• HHS Statement Regarding Cyberattack on Change Healthcare

• TherapyNotes Change Healthcare Incident FAQ

• HealthIT Security article: Understanding the Impact of the Change Healthcare Cyberattack on Providers

• Group Practice Care Premium

• weekly (live & recorded) direct support & consultation service, Group Practice Office Hours

• + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost)

• + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more

• HIPAA Risk Analysis & Risk Mitigation Planning service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You'll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks.