Group Practice Tech by Person Centered Tech: a podcast where we help mental health group practice owners ethically and effectively leverage tech to improve their practices.
Listen to episodes
60 recent
June 12, 2026Episode 1715 min
Episode 617: CAQH is Now DataSpring: Why Therapists Should Pay Attention
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we have an important update for practice owners who bill insurance. We discuss: Why the change from CAQH to DataSpring is not just an administrative rebrand, as DataSpring is trying to position it Why this change is a big deal for practice owners who bill insurance The action steps recommended by The Group Practice Exchange Additional PCT-recommended action steps Who owns the infrastructure that healthcare depends on? Looking at this change from a risk management perspective Listen here: https://personcenteredtech.com/group/podcast/ For more, visit our website. Resources: PR Newswire article: Leading Health Plans Become CAQH Owners to Shape the Future of Healthcare Data The Group Practice Exchange's informational post & action items More context & takeaways from the Group Practice Exchange Mental Health Insurance Reform Task Force's post PCT Resources for practice optimization & fortification: Group Practice Care Premium weekly (live & recorded) direct support & consultation service, Group Practice Office Hours — including monthly session with therapist attorney Eric Ström, JD PhD LMHC Device Security Suite: assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) Remote Workspace Security Suite: assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more PCT's Comprehensive HIPAA Security Compliance Program (discounted) bundles: For Group Practices For Solo Practitioners Comprehensive HIPAA Security Policies & Procedures Forms & Logs for documenting implementation and maintenance of Policies & Procedures in practice Device & Workspace Security Suites Direct Support & Consultation from PCT team + therapist attorney Eric Ström, JD PhD LMHC (live & recorded + searchable library) Includes the Risk Analysis & Risk Mitigation Planning service + tool HIPAA Security & Privacy Ethics training HIPAA Risk Analysis & Risk Mitigation Planning service for mental health group practices — care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You'll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks.
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we have exciting updates for cross-jursidictional and multi-jurisdictional practice. We discuss: The Counseling Compact, and the states in which it is live The ETA for the Social Work Licensure Compact going live Access MFT's licensure portability effort Portability-friendly laws and how they differ from rights for temporary practice PSYPACT updates Physical location restrictions and requirements for providers under compacts Details of our upcoming CE training: Legal-Ethical Cross-Jurisdictional Telemental Health in 2026: Interstate, International, and Complex Practice Considerations Listen here: https://personcenteredtech.com/group/podcast/ For more, visit our website. PCT Resources: New on-demand CE training: Legal-Ethical Cross-Jurisdictional Telemental Health in 2026: Interstate, International, and Complex Practice Considerations Presented by Eric Ström, JD, PhD, LMHC and Liath DaltonA 3-hour legal-ethical CE training for clinicians navigating the realities of modern telemental health practice, where clients travel, relocate, attend college out of state, split time between households, or receive care while physically located somewhere other than the clinician's primary licensing jurisdiction. This updated training moves beyond a basic "am I allowed to practice there?" analysis into advanced practical application. Participants examine practice-authority pathways, temporary practice allowances, PSYPACT, the Counseling Compact, the Social Work Licensure Compact, MFT portability developments, clinician-location versus client-location issues, international practice considerations, payer and malpractice concerns, emergency planning, confidentiality and mandatory reporting conflicts, minor consent and parent/guardian access issues, and documentation of due diligence. Participants also receive practical worksheets to support jurisdictional verification, international due diligence, and mapping applicable laws, risks, and practice implications — helping clinicians move from identifying a possible permission pathway to evaluating the conditions, conflicts, capacity, documentation, and risk-management steps needed to make a grounded practice decision. Recommended for any clinician providing teletherapy, as well as practice owners, supervisors, clinical directors, compliance leads, and other practice leadership responsible for supporting cross-jurisdictional care decisions. This training can also be assigned to team members through PCT's free team training management system (Group Practice Care basic.) As one participant shared: "Thank you for an absolutely excellent presentation! The presentation is a home run, and I will recommend it to my colleagues… I have a somewhat unique perspective on teletherapy and licensure mobility from working on these issues at the state, national, and international regulatory levels. The information that you provided is clear, direct, easy to follow, and accurate." PCT's free (!) Teletherapy Practice Rules by State Tool Whenever teletherapy sessions occur when the client -- or therapist -- are physically located outside the state of the clinician's licensure at the time of session, cross-jurisdictional practice is occurring. It is necessary to answer the question of whether it is permissible for you to work with that client in that state, regardless of whether the presence in another jurisdiction is temporary or not.In addition to the fundamental question of whether practice is permitted, and the particulars of how it is permitted, it is important to identify rules of practice, and training requirements, in order to be equipped with the information you need to follow for navigating legal-ethical cross-jurisdictional practice.This tool is a supportive resource to help you identify that information, link you to the authoritative source, and document your performance of due diligence when conducting cross-jurisdictional practice within the United States. PCT's Clinical Staff Teletherapy Training PCT's Teletherapy Director and Supervisor Training for Group Practices PCT's Teletherapy Manuals and Forms for Group Practices HIPAA Risk Analysis & Risk Mitigation Planning service for mental health practices — care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You'll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health practice, and a mitigation checklist to help you reduce your risks. If you're navigating filing a breach report and you haven't completed a documented "thorough and accurate" HIPAA Security Risk Analysis that meets the foundational Security Rule requirements, this is something you want/need to do so it can be reflected in your breach report to the OCR (HIPAA regulators) PCT's Comprehensive HIPAA Security Compliance Program (discounted) bundles: For Group Practices For Solo Practitioners Comprehensive HIPAA Security Policies & Procedures Forms & Logs for documenting implementation and maintenance of Policies & Procedures in practice Device & Workspace Security Suites Direct Support & Consultation from PCT team + therapist attorney Eric Ström, JD PhD LMHC (live & recorded + searchable library) Includes the Risk Analysis & Risk Mitigation Planning service + tool HIPAA Security & Privacy Ethics training Resources: PSYPACT Counseling Compact Social Work Licensure Compact Access MFTs
May 8, 2026Episode 1516 min
Episode 615: Your Data is Not Your Own: Why VC-Owned Healthcare Wants Your Information
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we share a cautionary tale about a Talkspace client whose healthcare information was weaponized against them. We discuss: Venture capital firms buying therapy practices, monetizing, and weaponizing client data to make more money A recent case where a Talkspace client's data was read aloud in court Platforms using client communication to train LLMs and AI platforms How these platforms are profoundly detrimental to clients, therapists, and the profession Why when something seems too easy and convenient, you are often the product (and your clients are the product) How these companies operate outside of HIPAA Security Rule standards The importance of vetting platforms and having BAAs for safeguarding client information Listen here: https://personcenteredtech.com/group/podcast/ For more, visit our website. Resources Story referenced in episode re: employee termination and litigation using all their session data/content from Talkspace chatbot Story regarding AI models failing ethics standards and standards of care PCT Resources Live (and recorded) PCT CE Course: Beyond Hype and Anxiety: A Practical Framework for Ethical AI Use in Clinical Practice is a 4-hour legal-ethical CE training co-presented by Dr. Maelisa McCaffrey and Liath Dalton, designed to help clinicians move beyond fear and guesswork into confident, responsible AI use. The course provides a structured, real-world framework for integrating AI into clinical workflows while upholding HIPAA requirements, ethical standards, and clinical standards of care. Participants will learn how to evaluate AI tools, understand what constitutes PHI (and the limits of de-identification), implement appropriate policies and safeguards, and maintain documentation quality and clinical integrity. With practical tools, decision-making frameworks, and implementation strategies, this training supports clinicians in making informed, defensible decisions about AI use in practice. Live Webinar Presentation on May 8th, 2026 Registration for live training includes receiving ownership of and perpetual access to the on-demand self-study CE training produced from recording of live presentation. Get both the content *and* the CE, even if you can't join live. PCT's recommended/curated collection of role-based foundational and topical needs-based staff trainings, including HIPAA and Privacy Ethics for clinical staff, admins; leadership trainings; clinical staff teletherapy training; director/supervisor training; and topical trainings on documentation, rights of access, suicidality, accessibility, countertransference, and much more. Nationally respected, role-based HIPAA and privacy ethics and teletherapy training built for mental health staff On-demand trainings are accessible in perpetuity and do not expire. APA, NBCC, and multiple state licensing board CE provider approvals mean that CE courses count towards licensure renewal requirements for your clinical team. Group Practice Care Premium weekly (live & recorded) direct support & consultation service, Group Practice Office Hours — including monthly session with therapist attorney Eric Ström, JD PhD LMHC Device Security Suite: assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) Remote Workspace Security Suite: assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more PCT's Comprehensive HIPAA Security Compliance Program (discounted) bundles: For Group Practices For Solo Practitioners Comprehensive HIPAA Security Policies & Procedures Forms & Logs for documenting implementation and maintenance of Policies & Procedures in practice Device & Workspace Security Suites Direct Support & Consultation from PCT team + therapist attorney Eric Ström, JD PhD LMHC (live & recorded + searchable library) Includes the Risk Analysis & Risk Mitigation Planning service + tool HIPAA Security & Privacy Ethics training
May 1, 2026Episode 1419 min
Episode 614: AI Is Just The Latest Example - Why Training Matters For Every New Tool
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we talk about the importance of proficiency and competency with any tool or modality used in your practice. We discuss: Why training is necessary with any tool or modality used in your practice, not just AI What the professional ethics codes say about competence and proficiency for tools and modalities used How PCT evolved to help clinicians manage the advent of new technology Our upcoming CE training on how to evaluate AI and incorporate it into your practice and workflow ethically and effectively How training can set you apart and strengthen the therapeutic alliance Listen here: https://personcenteredtech.com/group/podcast/ For more, visit our website. PCT Resources: Live (and recorded) PCT CE Course: Beyond Hype and Anxiety: A Practical Framework for Ethical AI Use in Clinical Practice is a 4-hour legal-ethical CE training co-presented by Dr. Maelisa McCaffrey and Liath Dalton, designed to help clinicians move beyond fear and guesswork into confident, responsible AI use. The course provides a structured, real-world framework for integrating AI into clinical workflows while upholding HIPAA requirements, ethical standards, and clinical standards of care. Participants will learn how to evaluate AI tools, understand what constitutes PHI (and the limits of de-identification), implement appropriate policies and safeguards, and maintain documentation quality and clinical integrity. With practical tools, decision-making frameworks, and implementation strategies, this training supports clinicians in making informed, defensible decisions about AI use in practice. Live Webinar Presentation on May 8th, 2026 Registration for live training includes receiving ownership of and perpetual access to the on-demand self-study CE training produced from recording of live presentation. Get both the content *and* the CE, even if you can't join live. PCT's recommended/curated collection of role-based foundational and topical needs-based staff trainings, including HIPAA and Privacy Ethics for clinical staff, admins; leadership trainings; clinical staff teletherapy training; director/supervisor training; and topical trainings on documentation, rights of access, suicidality, accessibility, countertransference, and much more. Nationally respected, role-based HIPAA and privacy ethics and teletherapy training built for mental health staff On-demand trainings are accessible in perpetuity and do not expire. APA, NBCC, and multiple state licensing board CE provider approvals mean that CE courses count towards licensure renewal requirements for your clinical team. Group Practice Care Premium weekly (live & recorded) direct support & consultation service, Group Practice Office Hours — including monthly session with therapist attorney Eric Ström, JD PhD LMHC Device Security Suite: assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) Remote Workspace Security Suite: assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more PCT's Comprehensive HIPAA Security Compliance Program (discounted) bundles: For Group Practices For Solo Practitioners Comprehensive HIPAA Security Policies & Procedures Forms & Logs for documenting implementation and maintenance of Policies & Procedures in practice Device & Workspace Security Suites Direct Support & Consultation from PCT team + therapist attorney Eric Ström, JD PhD LMHC (live & recorded + searchable library) Includes the Risk Analysis & Risk Mitigation Planning service + tool HIPAA Security & Privacy Ethics training
April 24, 2026Episode 1335 min
Episode 613: You Discovered Non-Compliant AI Use in Your Practice. Now What?
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we share concrete steps to take if you've discovered staff members using non-approved AI platforms in your practice. We discuss: The misconceptions around what constitutes PHI (and why information used to write a progress note absolutely is PHI) Why this is a reportable HIPAA breach Why reporting a HIPAA breach is nowhere near as scary or impactful as you may fear The difference between a large breach and a small breach, and reporting deadlines for each Client notification deadlines for breaches How state law can impact or add to reporting deadlines Steps to take after discovering non-compliant AI use in your practice What to investigate, how to document, how to mitigate, how to notify clients, and when to consult an attorney Listen here: https://personcenteredtech.com/group/podcast/ For more, visit our website. PCT Resources: PCT CE Course (on-demand): If you're navigating exactly what we're talking about in this episode, our on-demand CE training, HIPAA Security Incidents & Breaches: Investigation, Documentation, and Reporting, provides a clear, structured walkthrough of what to do when something goes wrong. It covers how to determine whether an incident is a breach, how to investigate and document appropriately, and how to handle client notification and reporting requirements—along with strategies to reduce risk going forward. This is a practical, real-world roadmap designed specifically for mental health practices, so you're not left guessing about next steps when a breach situation arises. Breach Report Questions: If you want to understand what breach reporting actually looks like in practice, this resource walks you through the exact information required when submitting a report to the Office for Civil Rights (OCR). It outlines the specific details you'll need to gather — such as the type and scope of the breach, the number of individuals affected, what kind of PHI was involved, and what actions you've taken in response — so you can approach reporting with clarity and confidence rather than guesswork. Reviewing these questions ahead of time can also help guide your investigation and documentation process, ensuring you're collecting the right information from the start. Live (and recorded) PCT CE Course: Beyond Hype and Anxiety: A Practical Framework for Ethical AI Use in Clinical Practice is a 4-hour legal-ethical CE training co-presented by Dr. Maelisa McCaffrey and Liath Dalton, designed to help clinicians move beyond fear and guesswork into confident, responsible AI use. The course provides a structured, real-world framework for integrating AI into clinical workflows while upholding HIPAA requirements, ethical standards, and clinical standards of care. Participants will learn how to evaluate AI tools, understand what constitutes PHI (and the limits of de-identification), implement appropriate policies and safeguards, and maintain documentation quality and clinical integrity. With practical tools, decision-making frameworks, and implementation strategies, this training supports clinicians in making informed, defensible decisions about AI use in practice. Live Webinar Presentation on May 8th, 2026 Registration for live training includes receiving ownership of and perpetual access to the on-demand self-study CE training produced from recording of live presentation. Get both the content *and* the CE, even if you can't join live. HIPAA Risk Analysis & Risk Mitigation Planning service for mental health practices — care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You'll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health practice, and a mitigation checklist to help you reduce your risks. If you're navigating filing a breach report and you haven't completed a documented "thorough and accurate" HIPAA Security Risk Analysis that meets the foundational Security Rule requirements, this is something you want/need to do so it can be reflected in your breach report to the OCR (HIPAA regulators) PCT's Comprehensive HIPAA Security Compliance Program (discounted) bundles: For Group Practices For Solo Practitioners Comprehensive HIPAA Security Policies & Procedures Forms & Logs for documenting implementation and maintenance of Policies & Procedures in practice Device & Workspace Security Suites Direct Support & Consultation from PCT team + therapist attorney Eric Ström, JD PhD LMHC (live & recorded + searchable library) Includes the Risk Analysis & Risk Mitigation Planning service + tool HIPAA Security & Privacy Ethics training Article + 18 Identifier List: De-Identified or Not? The Truth About HIPAA, AI, and Client Data In this article, Person Centered Tech breaks down one of the most misunderstood concepts in HIPAA compliance: de-identification. It clarifies the difference between simply "removing identifiers" and meeting HIPAA's strict legal standards for de-identification (Safe Harbor or Expert Determination). The piece explains why narrative clinical information is often inherently identifying, why a session transcript cannot realistically be considered de-identified, and how AI systems introduce heightened risks of re-identification. It reinforces a critical takeaway for practice leaders: HIPAA sets the floor — not the ceiling — for protecting client information, and governance must keep pace with emerging technologies. PCT CE Course: Law & Ethics of the Clinical Use of Artificial Intelligence: Implications in Clinical Practice If you're wanting a deeper, structured framework for evaluating AI in clinical practice, this 3-credit legal-ethical on-demand training with Eric Ström, JD, PhD, LMHC, walks through the evolving legal standards, HIPAA considerations, and ethics code guidance that apply to AI use in behavioral health. You'll gain practical strategies for assessing new technologies, understanding emerging standards of care, and implementing AI tools in a way that is legally defensible and ethically sound. Podcast: Episode 608: AI Isn't the Problem, Lack of Governance Is – A PSA for Group Practice Leadership Podcast: Episode 611: The Real Risks of Using Non-Vetted AI Platforms with Client Information Group Practice Care Premium weekly (live & recorded) direct support & consultation service, Group Practice Office Hours — including monthly session with therapist attorney Eric Ström, JD PhD LMHC Device Security Suite: assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) Remote Workspace Security Suite: assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more Additional Resources: Mintz-Matrix: The Mintz Matrix is a comprehensive, regularly updated overview of U.S. state data breach notification laws, providing a state-by-state breakdown of requirements such as definitions of personal information, what constitutes a breach, and timelines for notification. This is especially relevant in the context of this episode because HIPAA is only part of the picture—state laws often impose additional requirements, including shorter notification timeframes and broader definitions of protected information. Reviewing the Mintz Matrix can help you understand your specific state obligations and ensure that your response to a breach is not only HIPAA-compliant, but also aligned with applicable state laws. The HHS Office for Civil Rights (OCR) Breach Portal provides essential guidance on what constitutes a reportable breach and what happens after a report is submitted. It explains that a breach involves the unauthorized acquisition, access, use, or disclosure of protected health information that compromises its security or privacy, and outlines how OCR reviews, investigates, and resolves reported incidents. This is particularly relevant to this episode because it helps demystify what occurs after you file a breach report—reinforcing that reporting does not automatically trigger penalties, but instead initiates a review process that may include technical assistance, investigation, or closure without further action. Understanding this process can reduce fear and support more confident, compliant decision-making when responding to a breach.
April 17, 2026Episode 1221 min
Episode 612: Free Email Isn't Worth It: Why It's a Bad Idea and What To Do Instead
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we explain why free email providers are inherently not HIPAA compliance compatible. We discuss: Why it's necessary to have a Business Associate Agreement with your email service provider Why clients can't opt out of HIPAA What requests for alternative or non-secure communication actually mean under the HIPAA Privacy Rule What counts as Protected Health Information (PHI) Why a free email address might be a red flag for prospective clients How to get a BAA protected email, with a domain name or without Listen here: https://personcenteredtech.com/group/podcast/ For more, visit our website. PCT Resources: PCT Article: 3 Kinds of Email Security: How to Make an Informed and HIPAA-Aware Choice PCT CE Training: Smooth and Secure Use of Phone, Text, Email, and Video to Meet Modern Clients Where They Are: Legal-Ethical and Real-World Considerations Learn about the legal-ethical considerations of modern communication channels in the context of real world practice and client needs. 3 Legal-Ethical CE credit hours. On-demand. PCT's Comprehensive HIPAA Security Compliance Program (discounted) bundles: For Group Practices For Solo Practitioners Comprehensive HIPAA Security Policies & Procedures Forms & Logs for documenting implementation and maintenance of Policies & Procedures in practice Device & Workspace Security Suites Direct Support & Consultation from PCT team + therapist attorney Eric Ström, JD PhD LMHC (live & recorded + searchable library) Includes the Risk Analysis & Risk Mitigation Planning service + tool HIPAA Security & Privacy Ethics training HIPAA Risk Analysis & Risk Mitigation Planning service for mental health group practices — care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You'll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks. Group Practice Care Premium weekly (live & recorded) direct support & consultation service, Group Practice Office Hours — including monthly session with therapist attorney Eric Ström, JD PhD LMHC + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more
April 10, 2026Episode 1133 min
Episode 611: The Real Risks of Using Non-Vetted AI Platforms with Client Information
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we continue our series on AI use within therapy practices by sharing how to explain to your team members why using non-vetted AI platforms is not permissible. We discuss: What counts as Protected Health Information and a breakdown of the often misunderstood 18th identifier under HIPAA How therapy progress notes and clinical notes are inherently identifying AI re-identification risk and why this is possible Why AI use involving client information must be vetted and HIPAA compliance-compatible What happens when you input data into personal AI platforms What we mean by AI governance, and why personal AI platforms can't be governed Why lack of AI governance is a significant liability Impermissible disclosures under HIPAA Why proving low probability of compromise is difficult after the fact, and what this means for your ability to mitigate risk Managing the emotional pieces of identifying risk and risk mitigation in your practice Listen here: https://personcenteredtech.com/group/podcast/ For more, visit our website. PCT Resources: Live (and recorded) PCT CE Course: Beyond Hype and Anxiety: A Practical Framework for Ethical AI Use in Clinical Practice is a 4-hour legal-ethical CE training co-presented by Dr. Maelisa McCaffrey and Liath Dalton, designed to help clinicians move beyond fear and guesswork into confident, responsible AI use. The course provides a structured, real-world framework for integrating AI into clinical workflows while upholding HIPAA requirements, ethical standards, and clinical standards of care. Participants will learn how to evaluate AI tools, understand what constitutes PHI (and the limits of de-identification), implement appropriate policies and safeguards, and maintain documentation quality and clinical integrity. With practical tools, decision-making frameworks, and implementation strategies, this training supports clinicians in making informed, defensible decisions about AI use in practice. Live Webinar Presentation on May 8th, 2026 Registration for live training includes receiving ownership of and perpetual access to the on-demand self-study CE training produced from recording of live presentation. Get both the content *and* the CE, even if you can't join live. Article + 18 Identifier List: De-Identified or Not? The Truth About HIPAA, AI, and Client Data In this article, Person Centered Tech breaks down one of the most misunderstood concepts in HIPAA compliance: de-identification. It clarifies the difference between simply "removing identifiers" and meeting HIPAA's strict legal standards for de-identification (Safe Harbor or Expert Determination). The piece explains why narrative clinical information is often inherently identifying, why a session transcript cannot realistically be considered de-identified, and how AI systems introduce heightened risks of re-identification. It reinforces a critical takeaway for practice leaders: HIPAA sets the floor—not the ceiling—for protecting client information, and governance must keep pace with emerging technologies. PCT CE Course: Law & Ethics of the Clinical Use of Artificial Intelligence: Implications in Clinical Practice If you're wanting a deeper, structured framework for evaluating AI in clinical practice, this 3-credit legal-ethical on-demand training with Eric Ström, JD, PhD, LMHC, walks through the evolving legal standards, HIPAA considerations, and ethics code guidance that apply to AI use in behavioral health. You'll gain practical strategies for assessing new technologies, understanding emerging standards of care, and implementing AI tools in a way that is legally defensible and ethically sound. Podcast: Episode 608: AI Isn't the Problem, Lack of Governance Is – A PSA for Group Practice Leadership HIPAA Risk Analysis & Risk Mitigation Planning service for mental health group practices — care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You'll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks. Group Practice Care Premium weekly (live & recorded) direct support & consultation service, Group Practice Office Hours — including monthly session with therapist attorney Eric Ström, JD PhD LMHC Device Security Suite: assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) Remote Workspace Security Suite: assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more
April 3, 2026Episode 1011 min
Episode 610: Don't Panic - But Do Pay Attention: What the Darksword iPhone Exploit Actually Means
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we share information about the recent Darksword iPhone exploit, and what that means for therapy practice owners regarding device security. We discuss: What you need to know about this exploit Device hardening within your security circle Device security gaps we see in everyday practice Pairing technical security measures with behavioral security measures PCT's resources around risk management and device security Listen here: https://personcenteredtech.com/group/podcast/ For more, visit our website. PCT Resources Group Practice Care Premium weekly (live & recorded) direct support & consultation service, Group Practice Office Hours — including monthly session with therapist attorney Eric Ström, JD PhD LMHC Device Security Suite: assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) Remote Workspace Security Suite: assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more PCT's Comprehensive HIPAA Security Compliance Program (discounted) bundles: For Group Practices For Solo Practitioners Comprehensive HIPAA Security Policies & Procedures Forms & Logs for documenting implementation and maintenance of Policies & Procedures in practice Device & Workspace Security Suites Direct Support & Consultation from PCT team + therapist attorney Eric Ström, JD PhD LMHC (live & recorded + searchable library) Includes the Risk Analysis & Risk Mitigation Planning service + tool HIPAA Security & Privacy Ethics training HIPAA Risk Analysis & Risk Mitigation Planning service for mental health group practices — care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You'll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks. Resources Wired Article: Apple Will Push Out Rare 'Backported' Patches to Protect iOS 18 Users From DarkSword Hacking Tool PC Mag Article: 'DarkSword' Attack Is Now Targeting Vulnerable iPhones Via Phishing Emails Malwarebytes Labs Article: [updated] A DarkSword hangs over unpatched iPhones
March 17, 2026Episode 919 min
Episode 609: Update: HHS Releases Model NPP for Part 2 Changes — What It Means for Your Practice
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we discuss HHS's new model Notice of Privacy Practice for Part 2 programs, what has changed, and what that means for your practice. We cover: The Part 2 Final Rule from 2024 Why the Feb. 16th enforcement deadline has been so confusing The model Part 2 NPP and Patient Notice from HHS, and the function of each document Who is considered a lawful holder and what that means Whether you need to switch to the HHS templates What to do if you already used our decision guide and resources ahead of the deadline Listen here: https://personcenteredtech.com/group/podcast/ For more, visit our website. Resources Updated HHS Model Notice of Privacy Practices Model Part 2 Patient Notice HHS Part 2 Final Rule Fact Sheet PCT decision guide and sample language resource Additional PCT Resources Episode 605: 42 CFR Part 2, HIPAA NPPs, and the February 16 Deadline: What Actually Needs to Change Group Practice Care Premium weekly (live & recorded) direct support & consultation service, Group Practice Office Hours — including monthly session with therapist attorney Eric Ström, JD PhD LMHC + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more
March 2, 2026Episode 837 min
Episode 608: AI Isn't the Problem, Lack of Governance Is – A PSA for Group Practice Leadership
Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we share a PSA for group practice owners to address unauthorized AI use within your practice. We discuss: What we mean by governance What counts as Protected Health Information (PHI) The standard we use at PCT to determine if something is PHI Why AI tools like ChatGPT are inappropriate for PHI De-identification standards under HIPAA Ethical standards and informed consent for clinical use of AI Concrete next steps to take as a practice leader to address AI use in your practice Listen here: https://personcenteredtech.com/group/podcast/ For more, visit our website. PCT Resources: Article + 18 Identifier List: De-Identified or Not? The Truth About HIPAA, AI, and Client Data In this article, Person Centered Tech breaks down one of the most misunderstood concepts in HIPAA compliance: de-identification. It clarifies the difference between simply "removing identifiers" and meeting HIPAA's strict legal standards for de-identification (Safe Harbor or Expert Determination). The piece explains why narrative clinical information is often inherently identifying, why a session transcript cannot realistically be considered de-identified, and how AI systems introduce heightened risks of re-identification. It reinforces a critical takeaway for practice leaders: HIPAA sets the floor—not the ceiling—for protecting client information, and governance must keep pace with emerging technologies. PCT CE Course: Law & Ethics of the Clinical Use of Artificial Intelligence: Implications in Clinical Practice If you're wanting a deeper, structured framework for evaluating AI in clinical practice, this 3-credit legal-ethical on-demand training with Eric Ström, JD, PhD, LMHC, walks through the evolving legal standards, HIPAA considerations, and ethics code guidance that apply to AI use in behavioral health. You'll gain practical strategies for assessing new technologies, understanding emerging standards of care, and implementing AI tools in a way that is legally defensible and ethically sound. PCT CE Course: Modern Progress Notes: Considerations for Teletherapy, Insurance Audits, and Artificial Intelligence (AI) If your clinicians are feeling the pull to use AI for documentation, this 1.5-credit legal-ethical training with Dr. Maelisa McCaffrey (Hall) provides a grounded, practical framework for evaluating that decision. The course addresses how AI is currently being used in progress notes and introduces a clear thought rubric for determining the ethical risks, compliance implications, and appropriateness of integrating AI into documentation workflows. It also reinforces core documentation principles—like medical necessity and audit risk reduction—so that efficiency never comes at the expense of defensibility. A strong next step for practice leaders who want to move from reactive prohibition to thoughtful, structured governance. (Useful for all clinicians) Group Practice Care Premium weekly (live & recorded) direct support & consultation service, Group Practice Office Hours — including monthly session with therapist attorney Eric Ström, JD PhD LMHC + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more
Is this your show?
Claim this listing to keep it up to date, reach guests who want to pitch you, and manage bookings with Guestify.
