Podcast (group): Play in new window | Download | Embed
Are the platforms and tools you rely on actually protecting your clients’ data? If a security audit happened tomorrow, would your systems hold up? What is the first step to securing your practice and the valuable, sensitive data it manages?
In this podcast episode, Brandon Shurn discusses security risk analyses with Samantha Schalk.
Podcast Sponsor: POP Consulting
Whether you’re starting a solo practice, thriving in solo practice, getting a group going, or thriving in a group! Or launching a big idea, or thriving with your big idea, we have a consultant that can help you.
With our team, we continue to grow to have consultants that will help you at every single phase of practice.
If you want to apply to have a 30-minute pre-consulting call with me, I would love to chat through where you’re at.
Meet Samantha Schalk
Samantha Schalk is a compliance strategist and the founder of Guardian Clinical Essentials, where she develops HIPAA and practice compliance systems specifically for mental health providers. With over two decades of experience as a therapist, Samantha helps clinicians strengthen the policies, documentation systems, and operational safeguards that protect both their clients and their practices. Her work focuses on making complex compliance requirements practical and understandable for everyday clinical practice.
Visit Guardian Clinical Essentials and connect with Samantha on Psychology Today.
In This Podcast
-
What is a security risk analysis?
-
What you need to know about a business associate agreement
-
How to spot-check your security compliance
-
Samantha’s advice to listeners
What is a security risk analysis?
A security risk analysis can also be called a security risk assessment, or even a HIPAA risk assessment.
Essentially, it is an overall evaluation tool that you can use to determine any vulnerabilities or risks in your business so that you can track what’s going on in your business from every aspect, including:
- Devices
- Professional affiliations, such as HR and email platforms
- Client-focused systems
You want to make sure that every aspect of your business is protected and up to date, because sometimes things expire … When you have updates, sometimes those [HIPAA] configurations can go back to default settings, and you wouldn’t necessarily know that! So, you want to be doing your due diligence to make sure that everything is ordered and in compliance with the right [requirements] to make sure that things are protected. (Samantha Schalk)
What you need to know about a business associate agreement
A business associate agreement (BAA) is the pact that a business makes with you to remain compliant with security risks and to secure information.
[A BAA] is verifying that the company you are working with … to provide services for you, and [where] you utilize their tools or platform, whatever that may be, [where] they agree to hold to your level and your standard of security, confidentiality, and privacy for your clients with any information that they come across. (Samantha Schalk)
For example, a good example of needing a BAA with service providers may include creating a confidential system with the platforms you use for virtual therapy sessions.
How to spot-check your security compliance
There is no one checklist that you can use to check your practice’s security because air-tight and dependable security should be made to fit your practice like a glove.
If you have 10 people working for your office … You need to have all of them listed there. You need to have everything that they access, and you need to make sure that if someone does leave your practice, you’ve terminated them on anything that they had access to and that you documented that. (Samantha Schalk)
There are so many moving parts to this process, including:
- Your state requirements
- How employees and admin staff
- Clients coming and going
Samantha’s advice to listeners
Value progress over perfection. Start small and work your way up until your security prepped and ready to receive the details and sensitive information that clients share with you.
Samantha advises listeners to come up with a timeline, where every week or month, you set aside some time to work on your private practice’s security compliance. This way, you’ll slowly work through it, rather than trying to handle a big task all at once.
Useful Links:
- Work with us
- Visit Guardian Clinical Essentials and connect with Samantha on Psychology Today.
Check out these additional resources:
- Stop Competing, Start Differentiating: Blue Ocean in Action Part 2 | GP 317
- Practice of the Practice Network
- Group Practice Launch
- Group Practice Boss: www.practiceofthepractice.com/grouppracticeboss $149 a month
- PoP Group Practice Owners Facebook Group
- Free resources to help you start, grow, and scale
- Work with us
- Practice of the Practice Network
Meet Prof. Brandon Shurn
Brandon Shurn, Ph.D., LCPC, LMHC, AFC®, NCC, is a licensed clinical professional counselor and the founder of EmPower Me Holistic Counseling, a fully virtual Maryland-based practice. He’s also a full-time professor in Seattle University’s online Clinical Mental Health Counseling program. With extensive experience launching and directing university training clinics, Brandon now focuses on helping therapists design and grow impactful, sustainable practices. Outside of his work, he enjoys fitness, yoga, Wing Chun, golf, reading, and spending time with his family and dogs.
Visit Empower Me Counseling, and connect with Brandon on Instagram and LinkedIn.
Email him at: [email protected]
