Roy Huggins on Tech, HIPAA, and the Financial Side of Private Practice

In this episode of the Practice of Therapy Podcast Gordon interviews Roy Huggins about tech, HIPAA, self-care and the business side of private practice. Roy talks about his private practice journey and how he was able to use his business and technology background to start Person-Centered Tech. Roy also talks about the ethics of using our technology and doing it in a way that protects clients and keeps their information secure.

Gordon and Roy talk about the difference between being “HIPAA compliant” vs. “HIPAA secure”. They also discuss the importance of financial self-care in private practice and why it is important for clinicians to be prepared for the constant technology changes that come with running a private practice. Also making and charging enough to support yourself and keep your practice viable.

Meet Roy Huggins

Roy Huggins, LPC, NCC

Roy Huggins, LPC NCC, is a counselor in private practice who also directs Person-Centered Tech. Roy worked as a professional Web developer for 7 years before changing paths, and makes it his mission to grow clinicians’ understanding of the Internet and other electronic communications mediums for the future of our practices and our professions.

Roy is an adjunct instructor at the Portland State University Counseling program where he teaches Ethics, and is a member of the Zur Institute advisory board. He has acted as a subject matter expert on HIPAA, security and clinical use of technology for Counseling licensure boards and both state and national mental health professional organizations.

He has co-authored or authored 2 book chapters, and he routinely consults with mental health colleagues on ethical and practical issues surrounding tech in clinical practice. He served for 5 years on the board of the Oregon Mental Health Counselors Association and then the Oregon Counseling Association as the Technology Committee Chair.

He really likes this stuff!

Financial Self-Care

Roy and Gordon discussed how technology and the financial side of private practice overlap. In particular how there is a constantly changing landscape in technology and how practitioners need to be financially prepared to handle those changes as they come up.

Also, it is very important, from an ethics standpoint, to run your practice in a financially viable way. Imagine if you were no longer able to stay in practice because of a financial burden, your clients would also suffer. So it is very important to make enough money to support yourself and keep the practice afloat financially. Having a profitable practice only serves to help clients.

HIPAA Secure vs. HIPAA Compliant

One of the distinctions we need to understand about HIPAA (Health Insurance Portability and Accountability Act) is that it provides some rules around keeping patient information private.

“HIPAA secure” means that we put things like encryption in place on our devices and making sure that client information is stored in a way that is secure. In other words, if someone were to “hack” one of your devices, the could not read any of the information stored there.

“HIPAA compliant” means you are following the rules that have been put in place around protecting the personal information of our clients. In particular, having measures in place should there ever be a breach and/or making a breach difficult for someone to do. (For example, if someone were to steal your computer, none of the information on that computer would be readable or useful to the thief. Read more here: https://practiceoftherapy.com/hipaa-anxiety-private-practice/)

Ways to Protect Information

Fully encrypt your devices (see the resources below)
Use two-step authentication- something you have (your phone), something you know(a password) or something your are (a thumbprint).
Use very strong passwords- 10 or more characters using letters (upper and lower case), numbers, and special characters.
Store your information in the cloud (for example using something like G-Suite (affiliate link to get 20% off the first year) or Microsoft 365 which encrypts the data)

“G-Suite is a very powerful set of tools that will do business associate agreements (BAA). And it is by a company that has a very strong security track record…”

“The company (Google) is very trusted and it already has powerful security in place… it allows you to have a place to legally save contacts, store files and receive email from clients…”

Phones and texting

Phones sort of fall into a HIPAA gray area. Phone providers, at least the traditional “Ma-bell” companies are not required to give BAA’s. But there is an app for texting called “Signal” that is more secure. (Read Roy’s article on this listed below.)

Keep it ethical- The thing to keep in mind with any communication with clients, is that you disclose to them the risks of communicating or sending any information over the internet. Certainly, they have the right and the prerogative to take those risks, but they need to be fully informed.

The other thing about this though is that as clinicians, ethically, we obviously need to do everything possible to protect their confidentiality. For example, having policies like not texting or emailing any specific information about their cases. Using online communication only for making or changing appointment times, etc.

Resources Mentioned during the podcast:

On encrypting devices for the safe harbor from breach notification: https://personcenteredtech.com/2013/04/05/hipaa-safe-harbor-for-your-computer-the-ultimate-in-hipaa-compliance-the-compleat-guide/

HIPAA appropriateness review for Signal secure texting app: https://personcenteredtech.com/vendorreview/signal/

Also, Roy mentioned having 5 free educational article series here: https://personcenteredtech.com/articles/collections/

The Person-Centered Tech’s membership program info page: https://personcenteredtech.com/person-centered-tech-support/

Call (or email) Liath at (503) 893-9717 (info@personcenteredtech.com) and mention Gordon’s podcast to get 20% off the first year.

The upcoming G-Suite course that Gordon mentioned, https://practiceoftherapy.com/gsuitecourse. You can pre-register and receive a discount.

Meet Gordon Brewer, MEd, LMFT

Gordon is the person behind The Practice of Therapy Podcast & Blog. He is also President and Founder of Kingsport Counseling Associates, PLLC. He is a therapist, consultant, business mentor, trainer and writer. PLEASE Subscribe to The Practice of Therapy Podcast on iTunes, Stitcher and Google Play. Follow us on Twitter @therapistlearn and Pinterest “Like” us on Facebook.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.