Podcast (group): Play in new window | Download | Embed
Is your practice compliant and secure, or have you just been assuming it is? Are the small gaps in your systems putting your entire business at risk? What is the best first step to take to protect your practice, your staff, and your clients in the long-run?
In this podcast episode, Brandon Shurn discusses security risk analyses with Samantha Schalk | Part 2
Podcast Sponsor: POP Consulting
Whether you’re starting a solo practice, thriving in solo practice, getting a group going, or thriving in a group! Or launching a big idea, or thriving with your big idea, we have a consultant that can help you.
With our team, we continue to grow to have consultants that will help you at every single phase of practice.
If you want to apply to have a 30-minute pre-consulting call with me, I would love to chat through where you’re at.
Meet Samantha Schalk
Samantha Schalk is a compliance strategist and the founder of Guardian Clinical Essentials, where she develops HIPAA and practice compliance systems specifically for mental health providers. With over two decades of experience as a therapist, Samantha helps clinicians strengthen the policies, documentation systems, and operational safeguards that protect both their clients and their practices. Her work focuses on making complex compliance requirements practical and understandable for everyday clinical practice.
Visit Guardian Clinical Essentials and connect with Samantha on Psychology Today.
In This Podcast
-
HIPAA and practice compliance
-
Common issues with security that can be easily solved
-
Handling security and ethical compliance as a virtual practice
-
Samantha’s key takeaway for listeners
HIPAA and practice compliance
As Samantha explains, there are two layers of HIPAA:
- Federal
- State
So federal [HIPAA] sets the floor of the expectation and what those laws are. This is the baseline of what you have to do, and every state can put its own layer on top of what [the federal law] requires. (Samantha Schalk)
Every state has its own nuances when it comes to HIPAA, over and above what is required federally across the country.
That is why security risk analysis and testing your practice’s compliance must be in accordance with both the federal regulations and the state where your practice is licensed.
Common issues with security that can be easily solved
These are a few of the common snag points that Samantha sees which she says can easily be corrected:
- Not having any written policies and procedures in place for the practice
Most of the time, those really standard things that you’re using in your practice with your clients are going to come from your EHR. They won’t be state-specific; they usually are not filling everything that they need to. You have to customize them so that they actually cover your practice adequately, because they don’t as provided. (Samantha Schalk)
- Not customizing their EHR template forms that need to be adapted to suit the state where the practice is listed
- Not having a written breach plan or a thought-out process for how to handle potential mistakes ethically
Handling security and ethical compliance as a virtual practice
If you are a fully virtual practice, these are a few things that you need to consider when it comes to being HIPAA compliant and securing your practice as well as your clients:
- Get Telehealth consent that is in alignment with your state’s requirements
- Make sure that all of the contact information you have for your clients is always up to date
- Ensure that the clients are supposed to be in the states where your clinicians or practice is registered, in compliance with offering services
Samantha’s key takeaway for listeners
Samantha wants every private practice owner to conduct a security risk analysis for their private practice. It is a crucial little process, and while unlikely to come up, it may. For example, it is often the first thing asked for if your practice were to be audited.
The thing that helps most people feel more confident in their compliance is to make sure that they’re doing their security risk analysis for their business. (Samantha Schalk)
See it like doing an overall, annual health check for your business!
Useful Links:
- Work with us
- Visit Guardian Clinical Essentials and connect with Samantha on Psychology Today.
Check out these additional resources:
- XXX
- Practice of the Practice Network
- Group Practice Launch
- Group Practice Boss: www.practiceofthepractice.com/grouppracticeboss $149 a month
- PoP Group Practice Owners Facebook Group
- Free resources to help you start, grow, and scale
- Work with us
- Practice of the Practice Network
Meet Prof. Brandon Shurn
Brandon Shurn, Ph.D., LCPC, LMHC, AFC®, NCC, is a licensed clinical professional counselor and the founder of EmPower Me Holistic Counseling, a fully virtual Maryland-based practice. He’s also a full-time professor in Seattle University’s online Clinical Mental Health Counseling program. With extensive experience launching and directing university training clinics, Brandon now focuses on helping therapists design and grow impactful, sustainable practices. Outside of his work, he enjoys fitness, yoga, Wing Chun, golf, reading, and spending time with his family and dogs.
Visit Empower Me Counseling, and connect with Brandon on Instagram and LinkedIn.
Email him at: [email protected]
