Comprehensive Consulting for Mental Health and Wellness Professionals in Private Practice


Hello | My Account | Login
Our blog

The Blog

Occasional insights, inspirations, and recommendations for practice taming.



Working in private practice, as a mental health professional, can be an isolating experience. Even in a group practice, we may only catch brief glimpses of our colleagues as we spend the vast majority of our time in our office with clients. This can make it challenging to not only engage in social chat, but also to engage in professional behaviors like peer consultation and discussion of referrals. The Internet, and specifically Facebook groups and mailing lists (listservs) have provided welcome forums where we can interact with colleagues when it's convenient for us. This is a wonderful thing!

Now that we're (mostly) past the transition to ICD-10, we can turn our attention back to improving our practices and moving forward!

Checklist for Going Paperless
I often help mental health clinicians create and follow-through with a plan to go paperless in their private practice.  Following is a brief checklist of what that often entails:

originally published in Counseling Today.

One need only read the harrowing tale of the destruction of Mat Honan’s digital life to understand the importance of securing our personal data. It only took an hour for hackers to penetrate all of Mat’s important online accounts. In addition to broadcasting racist and homophobic slurs from his Twitter account, the hackers remotely wiped all data from his iPhone, iPad and MacBook, including more than a year’s worth of photos of his daughter.

Although this episode reported to expose flaws in the technical support security of Apple and Amazon, Mat also recognized mistakes he had made. Specifically, Mat had “daisy-chained” his accounts together and wasn’t using multifactor authentication. There is great convenience for users who connect their Google account to their Facebook account to their Twitter account and so on, all through one password. But the danger is that once someone has access to one of these accounts, they may have access to them all.

Imagine going to your favorite restaurant or store one day and seeing a new two to three percent surcharge on your bill?  When you ask, they inform you of a new policy that calls for passing credit card merchant fees on to the customer.  How would you feel?

Up until January of 2013, this was an unlikely hypothetical situation.  These “swipe fees” vary based on the type of card and other factors, but typically range from one to three percent of the bill.  They are intended to cover the credit card companies' costs of doing business. Credit Cards had long included a clause in their contracts, prohibiting vendors from passing these fees on to consumers.

As a mental health professional, you've probably been hearing a lot about how you should encrypt your email communications with clients. This is true, with some caveats. First, it's all about the Protected Health Information, or in this case Electronic Protected Health Information (ePHI). Encryption comes into play when your transmitting or storing this information that identifies a client and relates to their care. This can be as simple as an appointment reminder. It's important that HIPAA doesn't explicity require encryption. But it does consider it "addressable".  In HIPAA-speak this means that, if it's reasonable to implement, you need to do it or document an thorough reasoning for why you did not employ that measure. Encryption is certainly reasonable to implement when it comes to email.

Okay, so how do I make this happen?

Long time readers will wonder why I've phrased the question this way since there is no such thing as HIPAA-compliant software.

Over the years, in reference to my EHR Reviews and Recommendation Service, I've been asked many times, “Exactly how HIPAA compliant are these vendors? Can I trust them?” I've had to encourage them to read the previously linked article, thoroughly read the Business Associate Agreement offered by the vendor, and evaluate the full compliance picture. Now there's another option for helping get answers to these questions.

That's where Person-Centered Tech (PCT) comes in.  They review the level of compliance vendors are maintaining, or their “HIPAA-ppropriateness” as they call it. In short, they note whether you can maintain HIPAA compliance while using the product.  

Do you have a documented plan for the transfer of care of your clients in case of emergency? Do you realize that such a plan is required by the code of ethics of most health care professionals?  Want to take care of your ethical obligations? We can help.

With growing frequency, vendors market their software, devices, and services as "HIPAA Compliant".  This feeds into the mistaken belief that such beasts exist.  It's somewhat understandable.  After all, it's must easier to say "Our cloud-based software is HIPAA compliant" than to say "As a Business Associate, we adhere to all the rules and regulations of HIPAA and HITECH and will sign a Business Associate Agreement with you in order to help you maintain compliance as a Covered Entity.  There are, of course, multiple other things you need to do to maintain compliance that we can't necessarily help you with."

Therapists aren't alone in being confused about domain names. Despite the Internet being commonplace for over twenty years now, the inner workings of Domain Name Service remain a mystery to many. Yet, it is very important that any business owner understand how it works since it plays a significant role in many of your business, technology, and marketing decisions. The questions that most often get asked about domain registration include:

  • Do I have to host my domain with my web host?

  • How are my domain, web host, and email connected?

Secure/Encrypted Email Update - How Easy Can Encrypted Email Be?

If you are a user of Gmail, you may have noticed something new recently. A small red padlock has been mysteriously appearing on some of the Imageemails you are receiving or composing. Don't fret if you haven't noticed it, as it's kind of small and they haven't made a big deal about it.  But it is something to take note of, because it indicates whether that email communication is likely secured or not. To be clear, it indicates whether both the email server that sent the message and the one that received it, use TLS (Transport Layer Security); in other words, encryption.