Episode 401: When Email Goes Awry, How to Prevent the Most Common Source of HIPAA Breaches
Group Practice Tech
English - January 26, 2024 13:00 - 28 minutes - 23.2 MBTechnology Business therapypractice Homepage Download Google Podcasts Overcast Castro Pocket Casts RSS feed
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.
In our latest episode, we talk about ways to prevent HIPAA email breaches in a group practice setting.
We discuss common email-related breaches we see for group practices; email and PHI; large vs. small breaches; the implications of having a HIPAA breach; policies and procedures to mitigate email errors; how to send mass client notifications securely; settings to have in place in your email service; and what makes an email service HIPAA compliant.
Listen here: https://personcenteredtech.com/group/podcast/
For more, visit our website.
PCT ResourcesPCT's Google Workspace Configuration Learning Center (see part 9, 'the sharing and the forwarding', for tutorial on managing forwarding settings)
Free CE course: Introduction to HIPAA Security for Group Practice Leaders (1 legal-ethical CE course)
OCR Breach Report Questions -- know the contents of what is asked/what you need to provide *before* starting the breach report in the OCR's online portal for breach reporting
CE course: HIPAA Security Incidents & Breaches: Investigation, Documentation, And Reporting (1.5 legal-ethical CE credit hours)
Group Practice Care Premium for weekly (live & recorded) direct support & consultation, Group Practice Office Hours, with the PCT team + Eric Ström, JD PhD LMHC (monthly)
PCT's Group Practice PCT Way HIPAA Compliance Manual & Materials -- comprehensive customizable HIPAA Security Policies & Procedure and materials templates specifically for mental health group practices. with a detailed step-by-step project plan and guided instructions for adopting & implementing efficiently **includes policy prohibition on use of BCC and CC; workforce forwarding emails from their practice email account to personal email account; data entry checking/not using autofill suggestions for recipients -- the P&P components that address the email gone awry situations we discussed in the podcast episode
Policies & Procedures include:
Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application.
Computing Devices and Electronic Media Technical Security Policy
Bring Your Own Device (BYOD) Policy
Communications Security Policy
Information Systems Secure Use Policy
Risk Management Policy
Contingency Planning Policy
Device and Document Transport and Storage Policy
Device and Document Disposal Policy
Security Training and Awareness Policy
Passwords and Other Digital Authentication Policy
Software and Hardware Selection Policy
Security Incident Response and Breach Notification Policy
Security Onboarding and Exit Policy
Sanction Policy Policy
Release of Information Security Policy
Remote Access Policy
Data Backup Policy
Facility/Office Access and Physical Security Policy
Facility Network Security Policy
Computing Device Acceptable Use Policy
Business Associate Policy
Access Log Review Policy
Forms & Logs include:
Workforce Security Policies Agreement
Security Incident Report
PHI Access Determination
Password Policy Compliance
BYOD Registration & Termination
Data Backup & Confirmation
Access Log Review
Key & Access Code Issue and Loss
Third-Party Service Vendors
Building Security Plan
Security Schedule
Equipment Security Check
Computing System Access Granting & Revocation
Training Completion
Mini Risk Analysis
Security Incident Response
Security Reminder
Practice Equipment Catalog
+ Workforce Security Manual & Leadership Security Manual -- the role-based practical application oriented distillation of the formal Policies & Procedures
+ 2 complimentary seats of the Security Officer Endorsement Training Program (1 for Security Officer; 1 for Deputy (or future Deputy) Security Officer.