Hello, and welcome to the

introduction to HIPAA compliance, Legal aspects

and ethical Considerations presentation.

So this is the third of a nine part training

in order to complete the DBH virtual Provider training.

Just a quick Disclaimer before we

really start getting into this one.

This is very much an introduction

to HIPAA compliance for telehealth.

It is an ever evolving, winding road of information.

So please do your own research, stay up

to date with these policies to the best

of your ability, and always keep an ear

out for additional training opportunities on this topic.

All right.

So as far as content for this presentation,

we are going to go over a lot.

It is very much jam packed, but I'm going

to try and keep it to that hour.

So we are going to look at federal

and state specific policies, state laws and rules,

licensing, credentialing and privileging, the compacts that exist

and the compacts that are coming our way,

hopefully a little bit more on Credentialing specifically,

and then malpractice and the consequences for not

practicing ethically legally, et cetera.

Privacy, security and confidentiality, the ethics

that go alongside of telehealth.

We'll get into a bit more of that as well

in our Best Practices training, which is your next one,

continuity of Care and then pertinent health emergencies.

We'll talk a little bit about covet and some

of the things that have come into play with

that and could come into play with future emergencies.

And then the DBH documents

and resources available to you.

And we are actually going to go through those

a bit and take more of an in depth

look, just so you really know how to access

those resources and know where they're located.

Awesome.

So as far as our overview, welcome

to Discovery Behavioral Health Introduction to HIPAA

Compliance, Legal Aspects and Ethical Considerations training.

With the expansion and enhancement efforts of

telehealth, including DBH's virtual programming, it's imperative

we understand and maintain regulatory compliance, manage

risks, and implement ethical, high quality care.

It's our duty to mitigate liability

and work towards aspirational telehealth.

We will be reviewing, again, specific policies, information

related to credentialing, malpractice and its consequences, security,

confidentiality and consent incredibly important piece of telehealth

because it is a bit different or there's

just more to it, I should say public

health emergencies, exceptions to their regulations, and again,

our documents and resources.

By the end of this training, you will be

able to at least answer these five questions.

What are the federal and state laws and telehealth?

To a degree, we can't go through

all 50 States in this presentation, but

you'll have a general understanding of what

are the licensure requirements specific to virtual?

How do I maintain Privacy

and security while conducting telehealth?

What are the ethical considerations I

need to keep in mind?

And then what are the DBH resources available to me?

All right, let's get into it.

So as always, we're going to start with some terminology and

I know a lot of this might be new for you

all, and this might not be new for you all.

So no matter where you are, it's never bad to

just work on that foundation to hear things again.

And if this is totally new to you and you

have additional questions that we're not able to get that

much into in this presentation, don't hesitate to reach out.

And I can either answer those questions for you

or get you connected with the source that can.

Okay, so for HIPAA compliance, that is our

Health Insurance Portability and Accountability Act from 1996.

I'm always shocked when I see that it's

from 1996, and I can't believe we didn't

have it until like 26 years ago.

Pretty wild.

This is a federal law that requires

the creation of national standards to protect

sensitive patient health information from being disclosed

without the patient's consent or knowledge.

There was a funny thing that our patients would always

say at the mainland site, which was that's a HEPA.

So they used it very much as a joke.

But whenever somebody was talking too much about things

that are personal are not appropriate for group.

Most of the time they would say that's a

HIPAA, and that has always stuck with me.

And it is true when you can kind of feel

out like this is encroaching on what feels like we're

over sharing or not appropriate for this time.

Go back to your HIPAA compliance roles and we'll

talk about them more in this training, and there's

a variety of resources on them online.

Legality So this is our laws, our systems, we have state

laws, we have federal laws, and then we have laws specific

to the city, town, region that we live in.

So these are things that you can go to

a court of law and debate stuff like that.

We also have ethics.

So ethics is a moral philosophy, and

it's a branch of philosophy in general,

which involves systematizing defending and recommending concepts

of right or wrong behavior.

A lot of times we think of

legal and ethical going together, and although

they certainly can, sometimes they don't.

Sometimes the more ethical choice is not the legal

choice, or sometimes the choice that would be more

aligned with the law is not ethical.

So it's important to know that distinction and

where certain values, certain guidelines are based in.

But above all, you need to follow the law

first, starting with federal and state specific policies.

We are going to talk about those, and then we're going

to go more in depth on what the license credentialing looks

like at the federal level versus the state level.

And we're going to go all the way through these.

This is there's a lot of information in

here, so don't hesitate to watch this presentation

more than once if that feels helpful.

Don't hesitate to reach out with questions

or to do your own research.

But at base, we're going to go

over licensure and credentialing, Privacy, security and

confidentiality identification and informed consent, the patient

provider relationship, prescribing practices very basic here.

I am not a medical doctor, so I'm

going to review the information, but am by

no means providing medical advice, patient safety planning

and emergency management, and then continuity of care.

Okay, so let's start here.

These are really my preferred go to resources

for comparing the laws between States or comparing

the laws between States and federal laws.

So I tend to start with

the center for Connected Health Policy.

That's our little Orange logo here.

And I want to walk you through how to use this website.

You can use it in a variety of ways.

The other thing that I'm including as a resource

here is our quick guide for Registered Dietitians.

Although registered dietitians are represented on the center

for Connected Health Policy, I have noticed some

gaps, and I think it's best to go

to the Eatwrite Proro.org site for the registered

dietitians and really navigate that somewhat separately just

because they have a bit more information.

All right, so I'm going to stop

screen sharing here for a second.

I'm going to open up this link, and we're going to

jump over to the center for Connected Health Policy first just

so we can learn how to navigate through that.

Bear with me here.

Awesome.

So this is our center for a Connected Health

Policy, and this is your Homebase for understanding telehealth

policy, for looking up specific policies, all of that.

They have wonderful resources.

In general, if you're looking for a really great article

or if you are comfortable kind of subscribing to their

newsletter, I think it's fantastic to keep up with.

They do have really wonderful webinars, but let me

show you what I like to use it for.

So I'll go up here and look up let's say I

want to do out of state providers and what's that law

so we can do federal or state to look it up.

And then we have another tool that

will allow us to compare different States.

We'll look at this one a little bit

later, but let's look at cross state licensing.

So this is one way to go ahead and look up,

like, what is the out of state licensing like for Florida?

And then as you can see, you can

go through all of the States here.

So if you have questions

about that, definitely start here.

And then there is a tool that lets you compare States

as well that I'm trying to pull up for us.

We found it.

Okay, so this is where we're going to start comparing.

Goodness gracious, I'm on this site, like, once a day.

But of course, when you need to do something,

it's always a little bit more difficult to locate.

So let's look at sure we'll do

consent requirements, and then we're going to

compare Alabama's consent requirements for telehealth with

California's consent requirements with telehealth going to

go ahead and click Compare.

And this is what we have here.

And you'll see this a lot where some States

have very simple, not very laid out policies and

then oftentimes California has much more information and you

can come through each of those, but you can

look up tons of things here. Okay.

Cross state licensing is always one I tend to look

at just with who can work where, who can support

where, how do we get access to care here or

there or whatever it is, all of that stuff.

And it is pretty up to date.

So as soon as a new policy goes into effect,

they'll have it on here within 48 hours at least.

That's also a release.

Things are always changing very quickly.

So knowing that we can rely on this is a big help.

Alright, I'm going to really quickly pull up

our link for our page for the dietitians.

We're going to take a peek at

that and then we'll keep on moving.

And these links are available to

you in the PowerPoint that's attached.

But you can also go through

and just look them up yourself.

They're not too difficult to find.

So these are our telehealth

guidelines for our dietitians.

If you've not used I'm sure you've used this

website before because it's connected to where you become

registered, but nonetheless, if you've not had a chance

to read through it, I highly recommend it.

All right, let's go back to our presentation.

There we go.

All set up again, moving right along.

So let's talk about the difference

between Licensure Credentialing and then Privileging.

So Licensure is a state grant of

legal authority to practice a profession within

a designated scope of practice.

It is required in order to practice

or to call oneself a licensed professional.

Some States have single licenses and some States have

a tiered system and the names of licenses as

well as requirements vary from state to state.

Licensing can also be thought

of as a mandatory certification.

So, for example, I'm a licensed clinical mental health counselor

and although I could say I was a counselor, I

could definitely not say that I am an LMHC.

In order to get licensed, you usually have

to have some sort of graduate level degree,

sometimes a bachelor's, depending on the field, and

then go through a licensure process.

And this can take years or they can be a bit shorter.

So it all just depends.

And again, it's different from every state.

And if any of you have tried or are licensed

in multiple States, I'm sure that's something you've experienced.

One thing related to this is we are moving

towards having license your compacts, where people can be

licensed through several States or through a region, and

we'll talk about what that means and what exists

for that couple of slides here.

Credentialing according to the Joint Commission, Credentialing is

the process of obtaining, verifying and assessing the

qualifications of a practitioner to provide care or

services in or for a healthcare organization, credentials

are documented evidence of licensure, education, training, experience,

or other qualifications.

So if you have ever gone through a J

Co survey or you've had the Joint Commission run

around just preparing, making sure everything is good to

go and then inviting them to kind of go

over your work doing audit of sorts, that's credentialing.

So when we get credentialed, it's my organization that is

an expert in sort of what quality healthcare is.

The Joint Commission is the gold standard.

We'll talk about what that means

a bit more later as well.

But there who say like Discovery Baby Health

or center for Discovery or Discovery Mood Anxiety.

This specific program is of the highest quality.

It is a safe program, and

we verified everything they're doing.

Lastly, we have privileging.

The delineation of clinical privileges is the process

in which the organized medical staff evaluates and

recommends an individual practitioner be allowed to provide

specific patient care services in their health care

facility within well defined training criteria.

So privileging is almost always something

we see of the medical discipline.

So somebody in a hospital setting might

have surgery privileges or they might have

a different type of privilege.

Not to say that all of the people there

don't have MDS, but certain medical doctors in that

hospital have additional privileges compared to others.

So DBH, for example, would set

the privileges that we have.

But that isn't something we typically get into

for therapists, dietitians, all that jazz as far

as licensing initial requirements, generally speaking, you need

to be licensed in the state where the

originating side of the patient is receiving services.

So, for example, I am licensed in

Florida because that's where I'm from.

But now I live in California, and although I

live here, I can still provide services to patients

in Florida because that's where I'm licensed.

But if the patient were to leave Florida, then

I would not be licensed in that state necessarily,

unless there's like some special waiver in place.

Most of the time you can be in

a state other than where you're licensed.

As I said, as long as the patient is

in a state where you have the license.

Every state has very different requirements,

and they are changing quickly.

Now, there's also some exceptions, so we'll

talk about those down below as well.

But there's also States like Florida

which have a telehealth waiver.

So in Florida, you can get like temporary not a

license, but permission to practice telehealth for that state.

And I believe theirs is still standing.

In other States, they've had a similar waiver or

program where an out of state licensed professional could

practice in their state as long as they did,

the waiver registered in some way.

But a lot of those are ending.

So even if that is something that you have relied

on to practice in a state where you are not

fully licensed, make sure to check that expiration date.

It's also very common that we

seek licenses from multiple States.

It's easiest when your profession has a compact, but

when your profession does not have a compact like

mine, you're almost certainly going to be need to

need to get licensed in multiple States.

And that can be a little bit

tricky depending on which state you were

originally trained in, because each state has

specific educational requirements or hours requirements.

So it's just something you need to go through.

But I do recommend it, especially if you

are going to be like me, working in

Florida but also hoping to work as a

professional in California and just navigating that process.

But just know it can take a lot of time.

Some of the exceptions that we have are

the Indian Health Service and Veterans Administration will

allow individuals to practice outside of their state.

There's specifics to this it's

important to be aware of.

But if you are associated with either

of these health services or these populations,

I recommend reviewing those laws separately.

And primarily, these laws are

about physicians or medical doctors.

But there are, again, some exceptions for therapists.

So, again, something to look into if this

is related to what you are doing.

Let's talk about telehealth specific licensing so States can

choose to offer or not offer a discipline.

So there might be a specific license.

Florida doesn't have a specific license,

but they have a specific waiver.

Telemedicine Licensure is a special purpose license

that allows providers to practice medicine across

state lines only via telehealth.

So that's an example of a specific license

where you can operate in multiple States.

But you could not say you had the telemedicine

license for Kentucky but not the full license there.

You could not go there and practice in person.

Some States have specific licenses for

telehealth other than being fully licensed.

There's also the NBCC board certification

for telemetry health providers, the Bctmh.

The Bccmh can be helpful because with navigating these

compacts, with navigating these waivers, it's a way to

assert that you already have some expertise as a

telemetry health provider in the field.

To become a board certified telemetry health

provider, you need to complete a training

like this, something that is comparable to

the Telehealth Certification Institute's training, or I

believe it's the Newport Star training.

I did the Telehealth Certification Institute.

And this is just a way of saying

I have completed additional training, additional hours.

I've completed some sort of test, and

then you can apply to sit for

the board certified telemetry health provider exam.

The only caveat with that is it takes about

two months to get your scores back because they

are still setting what like those passive rates are.

So if you take it, just be patient.

It's going to be a hot minute.

I'm still waiting on my scores, and

I took it about six weeks ago.

So it's a lengthy process.

What I have felt was worth doing for

me and would recommend if you want more

information on it, please reach out.

Okay, let's talk about these licensure compacts.

So first of all, what is a compact?

A compact is an agreement that a

provider can practice in multiple States.

Currently, there's three, at least I'm aware of.

So we have our nursing, our

physician, and our psychologist compact.

The fourth image I included here

is actually the map for where

registered dietitians or dieticians can practice.

The oldest one is our nursing compact,

and it's also our most expensive one.

It's right here.

So that's our 39 States that

are enrolled in the nursing compact.

So oftentimes traveling nurses will be a part of

this compact, and that's what allows them or enables

them to move from state to state.

This can be really helpful for DBH in

areas where we need nurses, but maybe there's

a lack of nurses in that area.

What have you.

And then they can serve multiple

States as opposed to just one.

We also have Sidepacked, which has 13 States

so far and is continuing to grow.

So Psy Pet allow psychologists to practice in the

States that are in this blue color here.

And then we have our physician compact up here.

Each of these compacts has their own specifics that

go into like, even though you can practice in

multiple States, do you have full privileges?

Do you have partial privileges?

Do you need to complete additional stuff?

So it's not a one stop shop.

If you get that compact, like you're

good to go, you still need to

be aware of each individual state's practices.

And then with dietitians in some States,

they can practice across state lines.

In other States, they need to be

registered or licensed through that specific state.

And it's just something you need to

go through and identify every single time.

They also have different privileges, like

per state for our dietitians.

And the Edpro.org is where I would

recommend starting to navigate all of that.

Each of these compacts have their own

website, and the websites are wonderful.

They're super helpful, and

they're just super interesting.

So even if this doesn't necessarily relate to

you, I think it's something to be aware

of and to spend some time going through.

And then let's talk a little bit about what's coming

for our professionals who do not have compacts yet.

So the counseling compact, it was called Counseling Impact,

but I think they've changed the name recently.

They've rebranded.

So in theory, we're pretty close to

getting the counseling compact, which is by

the American Counseling Association, into practice enacted.

And that would allow us, as therapists who are

like licensed mental health counselors to be able to

practice across state lines a lot easier.

There are over ten States who

have the logs, like, pending.

Like, they're almost there, but not quite.

And as soon as they enact them, we're good to go.

We just need ten and I think they are

13 that have said they will do it, and

they have some sort of pending legislation, but only

two have actually enacted it, and that's Georgia and

Maryland social work is also working towards a compact.

Barriers is still sort of in its infancy, but they have

a lot of work groups related to it on these websites.

You can also find letters to help support

these compacts and to support these efforts.

And I think that's a really great

step to take as far as advocacy.

And you guys remember from the first training,

there's a huge health professional shortage right now.

So a lot of these States that are

more difficult to get licensed in happy shortages

and things like compacts would really dramatically improve

access to care for these patients.

And if that is something you

care about, definitely send some letters. All right.

Let's keep tracking along here.

As far as ongoing requirements for licensure, we

need to make sure we adhere to our

professional renewal requirements, whether that's every five years

or you have to do something every two

years, every single state is different.

You just need to know your

state renewal periods are not uniform.

Make sure that you keep up

to date with mandatory reporting requirements.

Those do change over time and complete

that reporting on a timely basis.

The other thing that comes to mind for

me here is completing your continuing education units

on time, getting those submitted, staying up to

date with specific courses, whether it's an HIV

AIDS education certification, whatever you need for your

field, and making sure those don't lapse.

Let's talk about credentialing requirements a

bit more in depth now.

So behavioral health organizations are required, not required

our credentials as a way to ensure quality.

Maybe it should be required,

but it's not always required.

Individuals that practice independently may

not need to be credentialed.

So if you have a private practice, you don't

necessarily need to go through Jacob, unless you have

something specific going on with that practice.

Joint Commission is who does our credentialing, at least

primarily, they provide their gold seal of approval.

So it's a pretty tough survey or audit to go through.

I've seen teams get a little bit stressed

out about it, and I understand why.

But it's all for the purpose of ensuring that

we are providing the highest of quality care.

And it's very important to DBH.

So some requirements for the Joint Commission gold

seal of approval are that patients need to

present to Identifiers for any session.

So when they get in and you just say name and

birthday, if they have an ID number or something like that.

This can look a little different for telehealth,

though, and that's why Joint Commission is still

working on some of these telehealth policies.

Just so you know, registering for the groups that they

do every day is a part of that identification.

So it's saying like, this is my birthday,

or this is my email, whatever it is.

But it's just like when a doctor comes into

the office and they go, Hi, what's your name?

What's your birthday? Great.

Tell me what's going on.

That's them doing those two Identifiers, and it's important for

us to do them as well, especially if for whatever

reason, you are not doing a video session and you're

doing a phone session, do something to verify that you

have the right person on the line.

And if you're ever doing text therapy, which you

wouldn't be doing for DBH, at least not for

a while, verify you are talking to the right

person before continuing in that conversation.

All of that jazz in groups.

We don't want them revealing patient

health information, so it's important to

screen, in a sense, before groups.

But we have other things set up as far as

how they register for groups to verify that each time.

Let's talk a little bit about malpractice.

So malpractice insurance does not necessarily differ for

telehealth, but you should verify with your malpractice

insurance provider on the specifics for telehealth.

Practitioners should also be sure to check

with their state requirements, because some States

require participation in state sponsored patient compensation

funds as an additional insurance requirement.

So if you have your malpractice insurance through

HPA or if it's through your state organization,

like I know the Florida Counseling Association offers

malpractice, whatever that is, go in and make

sure that telehealth is covered.

Of course, we have malpractice insurance for our

sites as well, and that does include telehealth.

But if you are carrying any individual liability

or malpractice insurance, be sure to review it.

And if you need to add telehealth because

this is where you're practicing, please do some

of the consequences for malpractice for not maintaining

your license would be losing your license some

sort of fine disciplinary issues.

They can be noted on your license that can make

it difficult to get another job down the line.

You can have an exclusion listing meaning you lose

some sort of privileges, or you are not able

to participate in certain types of care anymore.

You could be reported to

the National Practitioner database.

And if there's some mistake with one license

board, it can affect other state licenses.

Or if you're part of the compact, it can affect

your ability to even be a part of that compact.

So really do your best to make

sure that malpractice is up to date.

It covers what it needs to cover for you,

that you are meeting all of your initial and

ongoing licensure requirements, that you are staying up to

date with the telehealth specific regulations for your state,

your company, and the federal guidelines at the time.

And again, they are changing,

so please check regularly.

Join those newsletters so you just

get the information emailed to you.

Whatever feels manageable.

Above all, as long as you're documenting

appropriately, you're acting within your ethical codes,

you're not having an appropriate relationships with

clients, you really should be okay, but

always good information to revisit.

Next, let's talk about

Privacy, security and confidentiality.

So technology security is critical that we be aware

of security standards for technology in order to minimize

the risk of personal health information breaches.

Privacy and confidentiality environment.

So using the telehealth can create more

opportunities for personal health information breaches to

happen because additional persons could be present

in spaces that should not be.

So even if you're working in an office and

you're providing telehealth and somebody is popping into your

office in the middle of a session, technically, that

could be a breach in personal health information.

So do what you can to put that door hanger on.

Let them know I'm in a session.

I'll be out soon.

This is my schedule for today.

Like, please don't come in during these hours.

Or if they come in or enter,

you need to let the patient know.

Like, oh, my supervisor stepped in for a second.

Put them on mute.

Explain while the supervisor popped into the room.

It has nothing to do with you. This is their role.

This is why they're here, or I apologize.

Putting you on mute.

They didn't hear anything. Address them. I'm in session.

Keep going.

There are legal and regulatory

rights technology must abide to.

We're going to review these with the

DBH policy later in this training.

An example of this, just so you know, what

we're talking about here is to, like, use Zoom.

We don't use regular Zoom.

We use the HIPAA compliant Zoom

intended to be used for telehealth.

So the technology we have selected abides by HIPAA compliance

and security rules, and we found it to be effective

for us, and we would not choose technology that would

not be effective or safe for our patients.

Moving along here.

Medical record protection.

So the HIPAA security rule requires that

providers set up administrative, physical and technical

safeguards to protect electronic health information.

A physical safeguard might be something like having

a closed door that you leave your laptop

behind, this closed door that locks so literally

nobody can physically get to your computer that

has the patient's health information on it.

An administrative safeguard is going to be something

like a password, something that either the administrators

of that system or you yourself have put

into place, so nobody can access that information.

And then technical safeguards.

And this can be additional software on your computer

that ensures there's no malware, a VPN that ensures

that you have network safety, all sorts of things.

So the last piece of this is there needs

to be some sort of monitoring system in place

to ensure over time, things stay safe.

So not just at the beginning, but a consistent

process of having to change your password, of ensuring

that that door lock still works, of ensuring that

the VPN itself has not been corrupted and then

documenting any breaches, documenting any plan improvements?

When were the improvements put into place?

How are they working and continuing that process

to build a very robust and secure medical

record protection strategy for our patients?

Let's talk about response methods for breaches.

So how are we backing up our data and what

is that continuous review again, like, what is that monitoring?

What are we actually doing?

Security response team, whose responsibility is it if there

is some sort of a breach to go in

and correct the problem, to identify the problem, do

we have cybersecurity insurance ensuring that if for whatever

reason, you're in private practice, if you're working with

another company, they have something specific to cyber security

that protects you and then public relations.

So if a breach happens, who's in charge of

communicating that to the patients whose information was late?

Who's in charge of communicating

that to the practitioners?

Dbh has all of this in place?

We have several levels of the backup and continuous

review that a number of stakeholders are involved in,

including our It team, including our risk management team,

even our legal and our public relations team.

But these are all very important

factors in managing these breaches.

When they do happen, we'll talk about why that's

so important in a little bit here too.

Alright, so identification and informed consent, who is in the

room and do they all need to be there?

Everyone needs to identify themselves in their role,

make sure that your technology itself is with

the compliant and then avoid settings where an

encounter can be overheard or seen.

So again, if your supervisor is just chilling

in the room, which they probably wouldn't be,

they're too busy for that anyway.

Do they need to be there?

And if there's anybody in that space that does not

need to be in that session, let them go.

Because we want to minimize the amount of opportunities

that patient's health information has to be breached.

If you're meeting with a client and you see

them constantly looking and you hear a lot of

noise checking, is there anybody else in the room?

Okay, well, let's just do a quick little room check.

Let's see what's going on.

Someone So is in the room.

I'm going to document that there

was some sort of breach here.

The client allowed their friend into the room.

That's not appropriate.

I'm going to remind the client why that's

not appropriate, how important their health information is.

I'm going to share with my director what

happened so that they can direct me to

report that in an appropriate way.

And then in the future, I'm going to set

up safeguards to make sure it doesn't happen.

So maybe with this particular client, every single

time we meet, we're doing a room check

now and really checking with them to make

sure the clients themselves understand the importance of

protecting their personal health information.

As far as everyone needs to identify themselves in their

role, this is both for patients and for providers.

So if we have like an additional aunt in the

room, first of all, she shouldn't be in the town

hall session if she doesn't have her lease information.

Right?

But if she is and they're trying to give verbal

consent, I'm okay with Nana being in the room. Great.

What is your role in this room?

What is your role in this family session?

If I have multiple providers in

a room, what is everybody's role?

What are their titles?

What are they here to help you do technology as

far as being HIPAA compliant, look into the Privacy policies

for each piece of technology you are using.

Do some research on it to ensure there has

not been any major breaches with that technology.

And make sure that if you need any counterparts to

keep that technology safe, like an anti malware or antivirus

program on your computer, that you do have it.

And then the last piece of

this is fertile health sessions.

Try not to sit in things in front of things

like windows or sliding glass doors where the pool guy

can come in and see who you're on session with.

That feels somewhat obvious, but if you have

an office space where your desk is across

from the window, that's a little bit difficult.

So you might need to take

extra steps like closing the blind.

Or you might need to switch your position so that

nobody can see in or nobody can hear in.

As much as we can possibly minimize that headphones

are also a great way to minimize what other

people can hear and we need to direct our

patients to do the same things.

Remote work is a considerations, so you

can use something like a VPN.

I am somewhat techie, but I am not this

techie, so I'm going to speak to a VPN.

To the best of my knowledge, there is a

VPN called Nord, which I know is highly recommended.

But there's another other VPN, and what a VPN

does is it encrypts the transmission of your data.

So when your data is going across a network

or within your system itself, the VPN codes it.

So it's more difficult to kind of

crack the code and see what's going

on and see what information we're sending.

And it can be very helpful.

As far as HIPAA security, do not use

public or guest WiFi because they have access

to the data transmitted over that network.

So if you are for some reason working

in a hotel, like you're traveling and you're

a remote employee, but you're working at a

hotel, try and use your personal hotspot.

Maybe use your stipend to go towards private internet

with that hotel if that's available to you.

Set up the day to where you

don't need to use the Internet.

Use data on your device instead of the Internet.

But really try not to use this public or guest

WiFi because this can lead to data breaches of personal

health information for patient health information, and then physically block

site lines to prevent any person from saying Hi or

looking over your shoulder during a session.

Try and be in front of a wall again.

If I turn this and you can see kind

of this whole space and you could see the

door behind me, that's going to create additional opportunities

for somebody to walk through that door and be

like, hey, Annie, what's going on?

Nobody's going to do that because I've

told them I'm in a session.

But nonetheless, we don't want

to create opportunities like that.

So having myself where nobody can walk behind me,

nobody could peek over my shoulder is the best.

And that's what we want to do for you.

That's also what we want to teach our clients to do.

So even with some of the clients that we have here

in this graphic, you can see kind of the differences.

So we wouldn't want our clients to be in a grass field.

We definitely want to want them to be in front

of this window, unless, you know, on the 14th floor.

But our clients that are in front of

walls or in front of surfaces where nobody

can take over them, that's the most appropriate.

That's the safest thing for them.

Let's talk about consent.

So Medicare does not require consent to be

obtained from a patient before the session via

telemedicine, which is kind of surprising.

Medicare is very strict, so that's why

I featured it, because it's a little,

like out of character for Medicare.

Consent varies by state regulations on telehealth, so

be sure to check with your state.

I know you guys hear that every single slide, but

it really is the most important thing to do.

Telehealth consent ideally should include a little bit more

than our regular in person version of consent.

We want to be able to

provide psycho education on telehealth.

What is it?

Is it helpful?

Why is it helpful?

How is it going to support you?

And then what are the risks like?

Addressing technology is inherently more

of a security risk.

We know that banks, Facebook, things like that are hacked

all of the time, and it's important that clients understand

this risk and they know what we are doing to

mitigate this risk or minimize this risk for them.

We can also educate them on how to create more

security for themselves if they need to install now, where

if they need to make sure they're the only person

using their device and if it is a shared device

for the household, that they have different user profiles on

that device that only they can access, stuff like that

and then reviewing the documentation and consent with them, including

the telehealth policy.

On that note, let's talk a

little bit about patient rights.

In telehealth, patients have the

right to Privacy and confidentiality.

They have the right to know the names of the

people in the session and who are helping them.

They have the right to understand what consent

means, they have the right to complete HIPAA

complaint forms, and they have the right to

see your division specific patient rights document, and

we provide this to them anyway.

It's typically located in their welcome packet.

We also have them in our employee handbooks.

So if you're not sure what discovery, mood

and anxieties patient rights document looks like, definitely

go ahead and take a peek at that.

I also try and educate patients on this

document by including it in groups, having them

literally go over it and even create their

own rights to recover or something like that.

It's a very important thing for them to understand

patient provider relationship, so patients should be able to

trust us to provide them competent care, to place

their welfare above all of our other interests, including

financial, to provide patients with information they need to

make decisions, and then for us to respect their

confidentiality and Privacy, to do our best to ensure

continuity of care and for us to maintain boundaries.

It can be somewhat easier to slip into

inappropriate patient provider relationships when we are virtual

because we're seeing them in their homes.

They might feel a little bit more comfortable,

but we need to uphold these boundaries even

stronger on occasion than we would in person.

Just because we meet with them over the computer

does not mean we are accessible all the time.

It does not mean we're going to

answer emails all of the time.

What it does mean is we're still going to do

our best to provide ethical, legal, and evidence based care.

And how are we going to

do that, especially for adolescence?

Please go over with them as much as you need to.

Let's talk briefly about the Emergency

Medical and Treatment Labor Act.

So Empala is essentially what says if somebody comes in

and they're having a heart attack, you have to treat

them like you don't check their insurance first.

They're having a heart attack.

We are going to provide them care for telehealth.

There is some specific considerations to make care, so

patients are still required to be treated for emergency

even when they're being treated via telehealth.

However, patients should be assessed in person, although a

telehealth professional can supervise the visit or oversee the

visitor provide guidance to, say, a nurse.

So maybe a telemedicine doctor can provide

supervision to an in person nurse.

For a patient that has come in, that is okay.

We cannot just rely on the telehealth

assessment itself for emergency procedures, though.

So get them to the closest hospital and then Antola is

specific to state, so be sure to review your state.

I know I'm a broken record, but that's the truth.

Let's talk a little bit about prescribing practices.

I think these are very interesting, honestly.

So the DEA policies are federal,

and this is our Drug Administration.

Drug Enforcement Administration.

So at the government level at

the top, we have different policies.

We also have the Rhine Height Act.

So after a young man died due to

an overdose of medications he received from an

online pharmacy, this act was put into place

and requires that a person be evaluated in

person before being prescribed certain controlled substances online.

There's exceptions.

So Title 21 code determines which of the

five schedules of medication is a part of.

And then there's the special registration

for Telemedicine Act in 2018.

This is one of these exceptions I was mentioning,

and it requires the DEA to lift the need

for prior face to face relationships for certain companies.

So that's why there are online companies that

can do medication assistant treatment or that can

prescribe certain schedules of substances online.

They have special permissions, but in

general, we cannot do that.

Non controlled substances are fine.

They're not regulated in the same way.

So Advil, not that you prescribed advice over the

counter, but those can still be prescribed via telehealth.

There's a few other exceptions that go into this.

If you are a prescriber, please review

these as I'm sure you already have.

Please keep up to date with them.

This is another area where things are changing

a lot because of the expansion of telehealth,

but something to be aware of.

We also have our prescription drug monitoring program.

So these programs are by state, so

every state has its own PDMP, and

every state has different PDMP requirements.

So this could look like a prescriber needing

to review the prescription drug monitoring program before

every single prescription or at certain dates.

They have to check in with how

often they're prescribing certain controlled substances.

And this really comes into telehealth as far as

what you can and can't prescribe and if your

own practices will limit your ability to prescribe, ultimately.

So something to check on.

Let's talk about mental health holds.

So in Florida, this would be like our Baker Act system.

Not everybody calls at the Baker Act, but

usually we're talking about like an involuntary hold,

potentially for suicidality or some piece of harm

to themselves or somebody else.

As telemetry health professionals, oftentimes we cannot initiate

a Baker Act, which means we need to

be contacting somebody else in that patient's area

to enact that Baker active.

We can initiate that conversation.

This is when we have to break confidentiality.

We can call and say, Susie Hughes told me

a she told me she has a plan.

She told me she's going to follow through a plan.

Nothing's going to help.

Nothing is going to prevent her

falling through with this plan.

I need you to now assess them and to

complete the Baker Act or to complete the involuntary

hold or unfortunately, sometimes the police need to be

sent out to complete the hold, whatever that is.

But we really need to be aware of the

resources in that patient's area in order to initiate

these mental health holds, especially if you are working

in a state where you yourself as a telemental

health provider cannot initiate them.

If you don't know what the requirements are

for the state that you are working in,

pause this and go check right now.

This is incredibly important and it

will affect how you potentially document

and safety plan with this patient.

I'm going to power through these last two

because we only have a few minutes left.

Patient safety and planning and emergency Care We

have a whole presentation on emergency management, so

we're going to go over this relatively quickly.

The following should be documented and

available for every single patient encounter.

Where is the patient located?

What is the originating site?

Do you have a plan if the technology fails?

You can make this plan once and use this

plan over and over again, but it needs to

be documented direct contact information for the patient.

Again, you can do this once, but it

needs to be available at all times.

Same thing with the emergency contact information.

What are the expectations between sessions?

Is the patient meant to be implementing

a specific intervention or treatment plan? Are they not?

Are they meant to meet with you in three weeks?

Whatever it is?

Phone numbers for emergency care for moments like suicidality,

where we need another provider to make sure they

get where they need to go, and then phone

numbers for non emergency services as well, for example,

their TCP collaboration and continuity of care.

We need to be working with our treatment teams,

integrated or otherwise, in order to provide ethical communication,

to work towards practitioner collaboration, to uphold the standards

of care, and to integrate all medical and mental

health history into the record and to treatments for

the entire person, not just parts of their experience,

into the treatment plan.

Public health emergencies so in instances like

COVID-19, some things are going to change.

We will see some flexibility in our regulations and this

is often called the Section 1135 waiver and they can

be granted to allow expanded telehealth or expanded telemental help,

which is what happened with covid 19.

However, as soon as the state of emergency

is declared over, these waivers go away.

And also some of the waivers themselves have their

own expiration dates that can predate the emergency.

So constantly check these.

I know I get emails from the state board on these.

Make sure that you have access to this information some way

and an ability to stay up to date with it.

Ethical considerations work within

your scope of practice.

You all know this.

Respect confidentiality.

Anything that said stays here unless it's very clear

that you are harm to yourself or others and

there's nothing we can do to manage that.

Discipline Specific Ethics Make sure you

know what your ethical code is.

If you're a counselor like me, make sure you

are reviewing that ACA 2014 Code of Ethics.

Make sure you know the laws and regulations

specific to your state, specific to your profession

within that state, and the regulations specific to

your company, in this case, Discovery Behavioral Health.

Understand your organization's mission, vision and

values and work to uphold them.

Aim for aspirational care, not just okay care,

but aspirational set the standard medical ethical practices,

help them do everything in your power to

support the patients, in maintaining their dignity, their

wishes, and their values.

As I know, you all are okay.

So Zivanza and Intranet are your best resources as far

as going in and checking on what our policies are.

So my preferred way to log into Vidanta

is Savannah sends us all of these updates

essentially on what we need to do.

So if we need to do like the HIPAA compliance training or

we need to sign that document, go ahead and click on it

in your email and it's going to open up Savanta.

And even if you've already completed that training, you

can go to Savanta's Homepage and then search in

Savanta and it will pull up all the policies

related to what you want to know.

So type in HIPAA.

You're going to see everything that we have

related to HIPAA that lives in Savanta.

Be able to go through them, be able

to see hopefully read what you've signed.

But if not what you've signed, you

can see what our CEO has signed.

You can see what we're working towards.

And it's very similar with the Intranet.

So to access our Intranet, open up Outlook on your

computer or just like our Microsoft suite in general, and

then click the Discovery Behavioral Health logo for me.

It is located in like the top right?

And that's going to take you to the Internet.

And then you can search within the Internet as well.

So various departments within Discovery Behavioral

Health have documentation on these policies.

So you might find stuff that's

helpful in the Csqm Department.

You might find it helpful in

our risk management section through Origami.

So go in, familiarize yourself with

those documents, familiarize yourself with how

to access them, access them quickly.

We also have the Quick link, so if you scroll down

on the Internet, you can click on those quick links and

it can take you potentially right where you want to go.

Almost there.

Next, we're going to talk about the fact that

there has been more HIPAA breaches in the past

couple of years than there ever, ever has before.

This is one way to go in and look at them

and you can see HIPAA breaches for companies like Aetna.

You can see them for us.

But this is an important thing to be aware of.

So there has been something like a 20%

to 30% increase in the amount of health

information breaches in the past few years, in

large part due to the expansion of Telehealth.

And that's why this presentation and the skills that

you are going to implement from this presentation are

particularly so important we don't want to break confidentiality

unintentionally by allowing these breaches to happen and we

want to do everything in our power to mitigate

minimize the ability for people to take advantage of

our patients and for these things to happen.

I also again just kind of found this

fascinating to look for myself and would recommend

doing it if you have time.

All right, so we reviewed HIPAA

compliance, legal aspects and ethical considerations.

All of these things are imperative to

effectively implementing telehealth virtual programming for telemedical

health treatment is an ever growing, rapidly

expanding field allowing thousands of historically underserved

Americans to have access to quality care

for the first time.

And in order for it to be quality care we

have to protect the information, we have to protect ourselves.

We have to educate them on how to do that for them.

We need to educate ourselves on how to do it for us.

So if you have any questions or you run into

any issues again, you can always reach out to me.

There's a wealth of resources for you here

as well and the most important thing is

really to review your products as you're buying

them to review your technology as you're using

it, please use your discovery behavioral health technology.

If you do not have discovery behavioral health technology

yet, let your executive director now let me know

and we will get a form filled out for

you so that you can get a laptop or

something that allows you to separate your work information

and our patients personal health information from your own.

It's a really important piece of our success to get

on the line but other than that you have survived

yet another hour of listening to me talk and I

love this girl so much and I hope you guys

are having a fantastic day or week and I'll see

you guys next time in our fourth training.

Hello, and welcome to the

introduction to HIPAA compliance, Legal aspects

and ethical Considerations presentation.

So this is the third of a nine part training

in order to complete the DBH virtual Provider training.

Just a quick Disclaimer before we

really start getting into this one.

This is very much an introduction

to HIPAA compliance for telehealth.

It is an ever evolving, winding road of information.

So please do your own research, stay up

to date with these policies to the best

of your ability, and always keep an ear

out for additional training opportunities on this topic.

All right.

So as far as content for this presentation,

we are going to go over a lot.

It is very much jam packed, but I'm going

to try and keep it to that hour.

So we are going to look at federal

and state specific policies, state laws and rules,

licensing, credentialing and privileging, the compacts that exist

and the compacts that are coming our way,

hopefully a little bit more on Credentialing specifically,

and then malpractice and the consequences for not

practicing ethically legally, et cetera.

Privacy, security and confidentiality, the ethics

that go alongside of telehealth.

We'll get into a bit more of that as well

in our Best Practices training, which is your next one,

continuity of Care and then pertinent health emergencies.

We'll talk a little bit about covet and some

of the things that have come into play with

that and could come into play with future emergencies.

And then the DBH documents

and resources available to you.

And we are actually going to go through those

a bit and take more of an in depth

look, just so you really know how to access

those resources and know where they're located.

Awesome.

So as far as our overview, welcome

to Discovery Behavioral Health Introduction to HIPAA

Compliance, Legal Aspects and Ethical Considerations training.

With the expansion and enhancement efforts of

telehealth, including DBH's virtual programming, it's imperative

we understand and maintain regulatory compliance, manage

risks, and implement ethical, high quality care.

It's our duty to mitigate liability

and work towards aspirational telehealth.

We will be reviewing, again, specific policies, information

related to credentialing, malpractice and its consequences, security,

confidentiality and consent incredibly important piece of telehealth

because it is a bit different or there's

just more to it, I should say public

health emergencies, exceptions to their regulations, and again,

our documents and resources.

By the end of this training, you will be

able to at least answer these five questions.

What are the federal and state laws and telehealth?

To a degree, we can't go through

all 50 States in this presentation, but

you'll have a general understanding of what

are the licensure requirements specific to virtual?

How do I maintain Privacy

and security while conducting telehealth?

What are the ethical considerations I

need to keep in mind?

And then what are the DBH resources available to me?

All right, let's get into it.

So as always, we're going to start with some terminology and

I know a lot of this might be new for you

all, and this might not be new for you all.

So no matter where you are, it's never bad to

just work on that foundation to hear things again.

And if this is totally new to you and you

have additional questions that we're not able to get that

much into in this presentation, don't hesitate to reach out.

And I can either answer those questions for you

or get you connected with the source that can.

Okay, so for HIPAA compliance, that is our

Health Insurance Portability and Accountability Act from 1996.

I'm always shocked when I see that it's

from 1996, and I can't believe we didn't

have it until like 26 years ago.

Pretty wild.

This is a federal law that requires

the creation of national standards to protect

sensitive patient health information from being disclosed

without the patient's consent or knowledge.

There was a funny thing that our patients would always

say at the mainland site, which was that's a HEPA.

So they used it very much as a joke.

But whenever somebody was talking too much about things

that are personal are not appropriate for group.

Most of the time they would say that's a

HIPAA, and that has always stuck with me.

And it is true when you can kind of feel

out like this is encroaching on what feels like we're

over sharing or not appropriate for this time.

Go back to your HIPAA compliance roles and we'll

talk about them more in this training, and there's

a variety of resources on them online.

Legality So this is our laws, our systems, we have state

laws, we have federal laws, and then we have laws specific

to the city, town, region that we live in.

So these are things that you can go to

a court of law and debate stuff like that.

We also have ethics.

So ethics is a moral philosophy, and

it's a branch of philosophy in general,

which involves systematizing defending and recommending concepts

of right or wrong behavior.

A lot of times we think of

legal and ethical going together, and although

they certainly can, sometimes they don't.

Sometimes the more ethical choice is not the legal

choice, or sometimes the choice that would be more

aligned with the law is not ethical.

So it's important to know that distinction and

where certain values, certain guidelines are based in.

But above all, you need to follow the law

first, starting with federal and state specific policies.

We are going to talk about those, and then we're going

to go more in depth on what the license credentialing looks

like at the federal level versus the state level.

And we're going to go all the way through these.

This is there's a lot of information in

here, so don't hesitate to watch this presentation

more than once if that feels helpful.

Don't hesitate to reach out with questions

or to do your own research.

But at base, we're going to go

over licensure and credentialing, Privacy, security and

confidentiality identification and informed consent, the patient

provider relationship, prescribing practices very basic here.

I am not a medical doctor, so I'm

going to review the information, but am by

no means providing medical advice, patient safety planning

and emergency management, and then continuity of care.

Okay, so let's start here.

These are really my preferred go to resources

for comparing the laws between States or comparing

the laws between States and federal laws.

So I tend to start with

the center for Connected Health Policy.

That's our little Orange logo here.

And I want to walk you through how to use this website.

You can use it in a variety of ways.

The other thing that I'm including as a resource

here is our quick guide for Registered Dietitians.

Although registered dietitians are represented on the center

for Connected Health Policy, I have noticed some

gaps, and I think it's best to go

to the Eatwrite Proro.org site for the registered

dietitians and really navigate that somewhat separately just

because they have a bit more information.

All right, so I'm going to stop

screen sharing here for a second.

I'm going to open up this link, and we're going to

jump over to the center for Connected Health Policy first just

so we can learn how to navigate through that.

Bear with me here.

Awesome.

So this is our center for a Connected Health

Policy, and this is your Homebase for understanding telehealth

policy, for looking up specific policies, all of that.

They have wonderful resources.

In general, if you're looking for a really great article

or if you are comfortable kind of subscribing to their

newsletter, I think it's fantastic to keep up with.

They do have really wonderful webinars, but let me

show you what I like to use it for.

So I'll go up here and look up let's say I

want to do out of state providers and what's that law

so we can do federal or state to look it up.

And then we have another tool that

will allow us to compare different States.

We'll look at this one a little bit

later, but let's look at cross state licensing.

So this is one way to go ahead and look up,

like, what is the out of state licensing like for Florida?

And then as you can see, you can

go through all of the States here.

So if you have questions

about that, definitely start here.

And then there is a tool that lets you compare States

as well that I'm trying to pull up for us.

We found it.

Okay, so this is where we're going to start comparing.

Goodness gracious, I'm on this site, like, once a day.

But of course, when you need to do something,

it's always a little bit more difficult to locate.

So let's look at sure we'll do

consent requirements, and then we're going to

compare Alabama's consent requirements for telehealth with

California's consent requirements with telehealth going to

go ahead and click Compare.

And this is what we have here.

And you'll see this a lot where some States

have very simple, not very laid out policies and

then oftentimes California has much more information and you

can come through each of those, but you can

look up tons of things here. Okay.

Cross state licensing is always one I tend to look

at just with who can work where, who can support

where, how do we get access to care here or

there or whatever it is, all of that stuff.

And it is pretty up to date.

So as soon as a new policy goes into effect,

they'll have it on here within 48 hours at least.

That's also a release.

Things are always changing very quickly.

So knowing that we can rely on this is a big help.

Alright, I'm going to really quickly pull up

our link for our page for the dietitians.

We're going to take a peek at

that and then we'll keep on moving.

And these links are available to

you in the PowerPoint that's attached.

But you can also go through

and just look them up yourself.

They're not too difficult to find.

So these are our telehealth

guidelines for our dietitians.

If you've not used I'm sure you've used this

website before because it's connected to where you become

registered, but nonetheless, if you've not had a chance

to read through it, I highly recommend it.

All right, let's go back to our presentation.

There we go.

All set up again, moving right along.

So let's talk about the difference

between Licensure Credentialing and then Privileging.

So Licensure is a state grant of

legal authority to practice a profession within

a designated scope of practice.

It is required in order to practice

or to call oneself a licensed professional.

Some States have single licenses and some States have

a tiered system and the names of licenses as

well as requirements vary from state to state.

Licensing can also be thought

of as a mandatory certification.

So, for example, I'm a licensed clinical mental health counselor

and although I could say I was a counselor, I

could definitely not say that I am an LMHC.

In order to get licensed, you usually have

to have some sort of graduate level degree,

sometimes a bachelor's, depending on the field, and

then go through a licensure process.

And this can take years or they can be a bit shorter.

So it all just depends.

And again, it's different from every state.

And if any of you have tried or are licensed

in multiple States, I'm sure that's something you've experienced.

One thing related to this is we are moving

towards having license your compacts, where people can be

licensed through several States or through a region, and

we'll talk about what that means and what exists

for that couple of slides here.

Credentialing according to the Joint Commission, Credentialing is

the process of obtaining, verifying and assessing the

qualifications of a practitioner to provide care or

services in or for a healthcare organization, credentials

are documented evidence of licensure, education, training, experience,

or other qualifications.

So if you have ever gone through a J

Co survey or you've had the Joint Commission run

around just preparing, making sure everything is good to

go and then inviting them to kind of go

over your work doing audit of sorts, that's credentialing.

So when we get credentialed, it's my organization that is

an expert in sort of what quality healthcare is.

The Joint Commission is the gold standard.

We'll talk about what that means

a bit more later as well.

But there who say like Discovery Baby Health

or center for Discovery or Discovery Mood Anxiety.

This specific program is of the highest quality.

It is a safe program, and

we verified everything they're doing.

Lastly, we have privileging.

The delineation of clinical privileges is the process

in which the organized medical staff evaluates and

recommends an individual practitioner be allowed to provide

specific patient care services in their health care

facility within well defined training criteria.

So privileging is almost always something

we see of the medical discipline.

So somebody in a hospital setting might

have surgery privileges or they might have

a different type of privilege.

Not to say that all of the people there

don't have MDS, but certain medical doctors in that

hospital have additional privileges compared to others.

So DBH, for example, would set

the privileges that we have.

But that isn't something we typically get into

for therapists, dietitians, all that jazz as far

as licensing initial requirements, generally speaking, you need

to be licensed in the state where the

originating side of the patient is receiving services.

So, for example, I am licensed in

Florida because that's where I'm from.

But now I live in California, and although I

live here, I can still provide services to patients

in Florida because that's where I'm licensed.

But if the patient were to leave Florida, then

I would not be licensed in that state necessarily,

unless there's like some special waiver in place.

Most of the time you can be in

a state other than where you're licensed.

As I said, as long as the patient is

in a state where you have the license.

Every state has very different requirements,

and they are changing quickly.

Now, there's also some exceptions, so we'll

talk about those down below as well.

But there's also States like Florida

which have a telehealth waiver.

So in Florida, you can get like temporary not a

license, but permission to practice telehealth for that state.

And I believe theirs is still standing.

In other States, they've had a similar waiver or

program where an out of state licensed professional could

practice in their state as long as they did,

the waiver registered in some way.

But a lot of those are ending.

So even if that is something that you have relied

on to practice in a state where you are not

fully licensed, make sure to check that expiration date.

It's also very common that we

seek licenses from multiple States.

It's easiest when your profession has a compact, but

when your profession does not have a compact like

mine, you're almost certainly going to be need to

need to get licensed in multiple States.

And that can be a little bit

tricky depending on which state you were

originally trained in, because each state has

specific educational requirements or hours requirements.

So it's just something you need to go through.

But I do recommend it, especially if you

are going to be like me, working in

Florida but also hoping to work as a

professional in California and just navigating that process.

But just know it can take a lot of time.

Some of the exceptions that we have are

the Indian Health Service and Veterans Administration will

allow individuals to practice outside of their state.

There's specifics to this it's

important to be aware of.

But if you are associated with either

of these health services or these populations,

I recommend reviewing those laws separately.

And primarily, these laws are

about physicians or medical doctors.

But there are, again, some exceptions for therapists.

So, again, something to look into if this

is related to what you are doing.

Let's talk about telehealth specific licensing so States can

choose to offer or not offer a discipline.

So there might be a specific license.

Florida doesn't have a specific license,

but they have a specific waiver.

Telemedicine Licensure is a special purpose license

that allows providers to practice medicine across

state lines only via telehealth.

So that's an example of a specific license

where you can operate in multiple States.

But you could not say you had the telemedicine

license for Kentucky but not the full license there.

You could not go there and practice in person.

Some States have specific licenses for

telehealth other than being fully licensed.

There's also the NBCC board certification

for telemetry health providers, the Bctmh.

The Bccmh can be helpful because with navigating these

compacts, with navigating these waivers, it's a way to

assert that you already have some expertise as a

telemetry health provider in the field.

To become a board certified telemetry health

provider, you need to complete a training

like this, something that is comparable to

the Telehealth Certification Institute's training, or I

believe it's the Newport Star training.

I did the Telehealth Certification Institute.

And this is just a way of saying

I have completed additional training, additional hours.

I've completed some sort of test, and

then you can apply to sit for

the board certified telemetry health provider exam.

The only caveat with that is it takes about

two months to get your scores back because they

are still setting what like those passive rates are.

So if you take it, just be patient.

It's going to be a hot minute.

I'm still waiting on my scores, and

I took it about six weeks ago.

So it's a lengthy process.

What I have felt was worth doing for

me and would recommend if you want more

information on it, please reach out.

Okay, let's talk about these licensure compacts.

So first of all, what is a compact?

A compact is an agreement that a

provider can practice in multiple States.

Currently, there's three, at least I'm aware of.

So we have our nursing, our

physician, and our psychologist compact.

The fourth image I included here

is actually the map for where

registered dietitians or dieticians can practice.

The oldest one is our nursing compact,

and it's also our most expensive one.

It's right here.

So that's our 39 States that

are enrolled in the nursing compact.

So oftentimes traveling nurses will be a part of

this compact, and that's what allows them or enables

them to move from state to state.

This can be really helpful for DBH in

areas where we need nurses, but maybe there's

a lack of nurses in that area.

What have you.

And then they can serve multiple

States as opposed to just one.

We also have Sidepacked, which has 13 States

so far and is continuing to grow.

So Psy Pet allow psychologists to practice in the

States that are in this blue color here.

And then we have our physician compact up here.

Each of these compacts has their own specifics that

go into like, even though you can practice in

multiple States, do you have full privileges?

Do you have partial privileges?

Do you need to complete additional stuff?

So it's not a one stop shop.

If you get that compact, like you're

good to go, you still need to

be aware of each individual state's practices.

And then with dietitians in some States,

they can practice across state lines.

In other States, they need to be

registered or licensed through that specific state.

And it's just something you need to

go through and identify every single time.

They also have different privileges, like

per state for our dietitians.

And the Edpro.org is where I would

recommend starting to navigate all of that.

Each of these compacts have their own

website, and the websites are wonderful.

They're super helpful, and

they're just super interesting.

So even if this doesn't necessarily relate to

you, I think it's something to be aware

of and to spend some time going through.

And then let's talk a little bit about what's coming

for our professionals who do not have compacts yet.

So the counseling compact, it was called Counseling Impact,

but I think they've changed the name recently.

They've rebranded.

So in theory, we're pretty close to

getting the counseling compact, which is by

the American Counseling Association, into practice enacted.

And that would allow us, as therapists who are

like licensed mental health counselors to be able to

practice across state lines a lot easier.

There are over ten States who

have the logs, like, pending.

Like, they're almost there, but not quite.

And as soon as they enact them, we're good to go.

We just need ten and I think they are

13 that have said they will do it, and

they have some sort of pending legislation, but only

two have actually enacted it, and that's Georgia and

Maryland social work is also working towards a compact.

Barriers is still sort of in its infancy, but they have

a lot of work groups related to it on these websites.

You can also find letters to help support

these compacts and to support these efforts.

And I think that's a really great

step to take as far as advocacy.

And you guys remember from the first training,

there's a huge health professional shortage right now.

So a lot of these States that are

more difficult to get licensed in happy shortages

and things like compacts would really dramatically improve

access to care for these patients.

And if that is something you

care about, definitely send some letters. All right.

Let's keep tracking along here.

As far as ongoing requirements for licensure, we

need to make sure we adhere to our

professional renewal requirements, whether that's every five years

or you have to do something every two

years, every single state is different.

You just need to know your

state renewal periods are not uniform.

Make sure that you keep up

to date with mandatory reporting requirements.

Those do change over time and complete

that reporting on a timely basis.

The other thing that comes to mind for

me here is completing your continuing education units

on time, getting those submitted, staying up to

date with specific courses, whether it's an HIV

AIDS education certification, whatever you need for your

field, and making sure those don't lapse.

Let's talk about credentialing requirements a

bit more in depth now.

So behavioral health organizations are required, not required

our credentials as a way to ensure quality.

Maybe it should be required,

but it's not always required.

Individuals that practice independently may

not need to be credentialed.

So if you have a private practice, you don't

necessarily need to go through Jacob, unless you have

something specific going on with that practice.

Joint Commission is who does our credentialing, at least

primarily, they provide their gold seal of approval.

So it's a pretty tough survey or audit to go through.

I've seen teams get a little bit stressed

out about it, and I understand why.

But it's all for the purpose of ensuring that

we are providing the highest of quality care.

And it's very important to DBH.

So some requirements for the Joint Commission gold

seal of approval are that patients need to

present to Identifiers for any session.

So when they get in and you just say name and

birthday, if they have an ID number or something like that.

This can look a little different for telehealth,

though, and that's why Joint Commission is still

working on some of these telehealth policies.

Just so you know, registering for the groups that they

do every day is a part of that identification.

So it's saying like, this is my birthday,

or this is my email, whatever it is.

But it's just like when a doctor comes into

the office and they go, Hi, what's your name?

What's your birthday? Great.

Tell me what's going on.

That's them doing those two Identifiers, and it's important for

us to do them as well, especially if for whatever

reason, you are not doing a video session and you're

doing a phone session, do something to verify that you

have the right person on the line.

And if you're ever doing text therapy, which you

wouldn't be doing for DBH, at least not for

a while, verify you are talking to the right

person before continuing in that conversation.

All of that jazz in groups.

We don't want them revealing patient

health information, so it's important to

screen, in a sense, before groups.

But we have other things set up as far as

how they register for groups to verify that each time.

Let's talk a little bit about malpractice.

So malpractice insurance does not necessarily differ for

telehealth, but you should verify with your malpractice

insurance provider on the specifics for telehealth.

Practitioners should also be sure to check

with their state requirements, because some States

require participation in state sponsored patient compensation

funds as an additional insurance requirement.

So if you have your malpractice insurance through

HPA or if it's through your state organization,

like I know the Florida Counseling Association offers

malpractice, whatever that is, go in and make

sure that telehealth is covered.

Of course, we have malpractice insurance for our

sites as well, and that does include telehealth.

But if you are carrying any individual liability

or malpractice insurance, be sure to review it.

And if you need to add telehealth because

this is where you're practicing, please do some

of the consequences for malpractice for not maintaining

your license would be losing your license some

sort of fine disciplinary issues.

They can be noted on your license that can make

it difficult to get another job down the line.

You can have an exclusion listing meaning you lose

some sort of privileges, or you are not able

to participate in certain types of care anymore.

You could be reported to

the National Practitioner database.

And if there's some mistake with one license

board, it can affect other state licenses.

Or if you're part of the compact, it can affect

your ability to even be a part of that compact.

So really do your best to make

sure that malpractice is up to date.

It covers what it needs to cover for you,

that you are meeting all of your initial and

ongoing licensure requirements, that you are staying up to

date with the telehealth specific regulations for your state,

your company, and the federal guidelines at the time.

And again, they are changing,

so please check regularly.

Join those newsletters so you just

get the information emailed to you.

Whatever feels manageable.

Above all, as long as you're documenting

appropriately, you're acting within your ethical codes,

you're not having an appropriate relationships with

clients, you really should be okay, but

always good information to revisit.

Next, let's talk about

Privacy, security and confidentiality.

So technology security is critical that we be aware

of security standards for technology in order to minimize

the risk of personal health information breaches.

Privacy and confidentiality environment.

So using the telehealth can create more

opportunities for personal health information breaches to

happen because additional persons could be present

in spaces that should not be.

So even if you're working in an office and

you're providing telehealth and somebody is popping into your

office in the middle of a session, technically, that

could be a breach in personal health information.

So do what you can to put that door hanger on.

Let them know I'm in a session.

I'll be out soon.

This is my schedule for today.

Like, please don't come in during these hours.

Or if they come in or enter,

you need to let the patient know.

Like, oh, my supervisor stepped in for a second.

Put them on mute.

Explain while the supervisor popped into the room.

It has nothing to do with you. This is their role.

This is why they're here, or I apologize.

Putting you on mute.

They didn't hear anything. Address them. I'm in session.

Keep going.

There are legal and regulatory

rights technology must abide to.

We're going to review these with the

DBH policy later in this training.

An example of this, just so you know, what

we're talking about here is to, like, use Zoom.

We don't use regular Zoom.

We use the HIPAA compliant Zoom

intended to be used for telehealth.

So the technology we have selected abides by HIPAA compliance

and security rules, and we found it to be effective

for us, and we would not choose technology that would

not be effective or safe for our patients.

Moving along here.

Medical record protection.

So the HIPAA security rule requires that

providers set up administrative, physical and technical

safeguards to protect electronic health information.

A physical safeguard might be something like having

a closed door that you leave your laptop

behind, this closed door that locks so literally

nobody can physically get to your computer that

has the patient's health information on it.

An administrative safeguard is going to be something

like a password, something that either the administrators

of that system or you yourself have put

into place, so nobody can access that information.

And then technical safeguards.

And this can be additional software on your computer

that ensures there's no malware, a VPN that ensures

that you have network safety, all sorts of things.

So the last piece of this is there needs

to be some sort of monitoring system in place

to ensure over time, things stay safe.

So not just at the beginning, but a consistent

process of having to change your password, of ensuring

that that door lock still works, of ensuring that

the VPN itself has not been corrupted and then

documenting any breaches, documenting any plan improvements?

When were the improvements put into place?

How are they working and continuing that process

to build a very robust and secure medical

record protection strategy for our patients?

Let's talk about response methods for breaches.

So how are we backing up our data and what

is that continuous review again, like, what is that monitoring?

What are we actually doing?

Security response team, whose responsibility is it if there

is some sort of a breach to go in

and correct the problem, to identify the problem, do

we have cybersecurity insurance ensuring that if for whatever

reason, you're in private practice, if you're working with

another company, they have something specific to cyber security

that protects you and then public relations.

So if a breach happens, who's in charge of

communicating that to the patients whose information was late?

Who's in charge of communicating

that to the practitioners?

Dbh has all of this in place?

We have several levels of the backup and continuous

review that a number of stakeholders are involved in,

including our It team, including our risk management team,

even our legal and our public relations team.

But these are all very important

factors in managing these breaches.

When they do happen, we'll talk about why that's

so important in a little bit here too.

Alright, so identification and informed consent, who is in the

room and do they all need to be there?

Everyone needs to identify themselves in their role,

make sure that your technology itself is with

the compliant and then avoid settings where an

encounter can be overheard or seen.

So again, if your supervisor is just chilling

in the room, which they probably wouldn't be,

they're too busy for that anyway.

Do they need to be there?

And if there's anybody in that space that does not

need to be in that session, let them go.

Because we want to minimize the amount of opportunities

that patient's health information has to be breached.

If you're meeting with a client and you see

them constantly looking and you hear a lot of

noise checking, is there anybody else in the room?

Okay, well, let's just do a quick little room check.

Let's see what's going on.

Someone So is in the room.

I'm going to document that there

was some sort of breach here.

The client allowed their friend into the room.

That's not appropriate.

I'm going to remind the client why that's

not appropriate, how important their health information is.

I'm going to share with my director what

happened so that they can direct me to

report that in an appropriate way.

And then in the future, I'm going to set

up safeguards to make sure it doesn't happen.

So maybe with this particular client, every single

time we meet, we're doing a room check

now and really checking with them to make

sure the clients themselves understand the importance of

protecting their personal health information.

As far as everyone needs to identify themselves in their

role, this is both for patients and for providers.

So if we have like an additional aunt in the

room, first of all, she shouldn't be in the town

hall session if she doesn't have her lease information.

Right?

But if she is and they're trying to give verbal

consent, I'm okay with Nana being in the room. Great.

What is your role in this room?

What is your role in this family session?

If I have multiple providers in

a room, what is everybody's role?

What are their titles?

What are they here to help you do technology as

far as being HIPAA compliant, look into the Privacy policies

for each piece of technology you are using.

Do some research on it to ensure there has

not been any major breaches with that technology.

And make sure that if you need any counterparts to

keep that technology safe, like an anti malware or antivirus

program on your computer, that you do have it.

And then the last piece of

this is fertile health sessions.

Try not to sit in things in front of things

like windows or sliding glass doors where the pool guy

can come in and see who you're on session with.

That feels somewhat obvious, but if you have

an office space where your desk is across

from the window, that's a little bit difficult.

So you might need to take

extra steps like closing the blind.

Or you might need to switch your position so that

nobody can see in or nobody can hear in.

As much as we can possibly minimize that headphones

are also a great way to minimize what other

people can hear and we need to direct our

patients to do the same things.

Remote work is a considerations, so you

can use something like a VPN.

I am somewhat techie, but I am not this

techie, so I'm going to speak to a VPN.

To the best of my knowledge, there is a

VPN called Nord, which I know is highly recommended.

But there's another other VPN, and what a VPN

does is it encrypts the transmission of your data.

So when your data is going across a network

or within your system itself, the VPN codes it.

So it's more difficult to kind of

crack the code and see what's going

on and see what information we're sending.

And it can be very helpful.

As far as HIPAA security, do not use

public or guest WiFi because they have access

to the data transmitted over that network.

So if you are for some reason working

in a hotel, like you're traveling and you're

a remote employee, but you're working at a

hotel, try and use your personal hotspot.

Maybe use your stipend to go towards private internet

with that hotel if that's available to you.

Set up the day to where you

don't need to use the Internet.

Use data on your device instead of the Internet.

But really try not to use this public or guest

WiFi because this can lead to data breaches of personal

health information for patient health information, and then physically block

site lines to prevent any person from saying Hi or

looking over your shoulder during a session.

Try and be in front of a wall again.

If I turn this and you can see kind

of this whole space and you could see the

door behind me, that's going to create additional opportunities

for somebody to walk through that door and be

like, hey, Annie, what's going on?

Nobody's going to do that because I've

told them I'm in a session.

But nonetheless, we don't want

to create opportunities like that.

So having myself where nobody can walk behind me,

nobody could peek over my shoulder is the best.

And that's what we want to do for you.

That's also what we want to teach our clients to do.

So even with some of the clients that we have here

in this graphic, you can see kind of the differences.

So we wouldn't want our clients to be in a grass field.

We definitely want to want them to be in front

of this window, unless, you know, on the 14th floor.

But our clients that are in front of

walls or in front of surfaces where nobody

can take over them, that's the most appropriate.

That's the safest thing for them.

Let's talk about consent.

So Medicare does not require consent to be

obtained from a patient before the session via

telemedicine, which is kind of surprising.

Medicare is very strict, so that's why

I featured it, because it's a little,

like out of character for Medicare.

Consent varies by state regulations on telehealth, so

be sure to check with your state.

I know you guys hear that every single slide, but

it really is the most important thing to do.

Telehealth consent ideally should include a little bit more

than our regular in person version of consent.

We want to be able to

provide psycho education on telehealth.

What is it?

Is it helpful?

Why is it helpful?

How is it going to support you?

And then what are the risks like?

Addressing technology is inherently more

of a security risk.

We know that banks, Facebook, things like that are hacked

all of the time, and it's important that clients understand

this risk and they know what we are doing to

mitigate this risk or minimize this risk for them.

We can also educate them on how to create more

security for themselves if they need to install now, where

if they need to make sure they're the only person

using their device and if it is a shared device

for the household, that they have different user profiles on

that device that only they can access, stuff like that

and then reviewing the documentation and consent with them, including

the telehealth policy.

On that note, let's talk a

little bit about patient rights.

In telehealth, patients have the

right to Privacy and confidentiality.

They have the right to know the names of the

people in the session and who are helping them.

They have the right to understand what consent

means, they have the right to complete HIPAA

complaint forms, and they have the right to

see your division specific patient rights document, and

we provide this to them anyway.

It's typically located in their welcome packet.

We also have them in our employee handbooks.

So if you're not sure what discovery, mood

and anxieties patient rights document looks like, definitely

go ahead and take a peek at that.

I also try and educate patients on this

document by including it in groups, having them

literally go over it and even create their

own rights to recover or something like that.

It's a very important thing for them to understand

patient provider relationship, so patients should be able to

trust us to provide them competent care, to place

their welfare above all of our other interests, including

financial, to provide patients with information they need to

make decisions, and then for us to respect their

confidentiality and Privacy, to do our best to ensure

continuity of care and for us to maintain boundaries.

It can be somewhat easier to slip into

inappropriate patient provider relationships when we are virtual

because we're seeing them in their homes.

They might feel a little bit more comfortable,

but we need to uphold these boundaries even

stronger on occasion than we would in person.

Just because we meet with them over the computer

does not mean we are accessible all the time.

It does not mean we're going to

answer emails all of the time.

What it does mean is we're still going to do

our best to provide ethical, legal, and evidence based care.

And how are we going to

do that, especially for adolescence?

Please go over with them as much as you need to.

Let's talk briefly about the Emergency

Medical and Treatment Labor Act.

So Empala is essentially what says if somebody comes in

and they're having a heart attack, you have to treat

them like you don't check their insurance first.

They're having a heart attack.

We are going to provide them care for telehealth.

There is some specific considerations to make care, so

patients are still required to be treated for emergency

even when they're being treated via telehealth.

However, patients should be assessed in person, although a

telehealth professional can supervise the visit or oversee the

visitor provide guidance to, say, a nurse.

So maybe a telemedicine doctor can provide

supervision to an in person nurse.

For a patient that has come in, that is okay.

We cannot just rely on the telehealth

assessment itself for emergency procedures, though.

So get them to the closest hospital and then Antola is

specific to state, so be sure to review your state.

I know I'm a broken record, but that's the truth.

Let's talk a little bit about prescribing practices.

I think these are very interesting, honestly.

So the DEA policies are federal,

and this is our Drug Administration.

Drug Enforcement Administration.

So at the government level at

the top, we have different policies.

We also have the Rhine Height Act.

So after a young man died due to

an overdose of medications he received from an

online pharmacy, this act was put into place

and requires that a person be evaluated in

person before being prescribed certain controlled substances online.

There's exceptions.

So Title 21 code determines which of the

five schedules of medication is a part of.

And then there's the special registration

for Telemedicine Act in 2018.

This is one of these exceptions I was mentioning,

and it requires the DEA to lift the need

for prior face to face relationships for certain companies.

So that's why there are online companies that

can do medication assistant treatment or that can

prescribe certain schedules of substances online.

They have special permissions, but in

general, we cannot do that.

Non controlled substances are fine.

They're not regulated in the same way.

So Advil, not that you prescribed advice over the

counter, but those can still be prescribed via telehealth.

There's a few other exceptions that go into this.

If you are a prescriber, please review

these as I'm sure you already have.

Please keep up to date with them.

This is another area where things are changing

a lot because of the expansion of telehealth,

but something to be aware of.

We also have our prescription drug monitoring program.

So these programs are by state, so

every state has its own PDMP, and

every state has different PDMP requirements.

So this could look like a prescriber needing

to review the prescription drug monitoring program before

every single prescription or at certain dates.

They have to check in with how

often they're prescribing certain controlled substances.

And this really comes into telehealth as far as

what you can and can't prescribe and if your

own practices will limit your ability to prescribe, ultimately.

So something to check on.

Let's talk about mental health holds.

So in Florida, this would be like our Baker Act system.

Not everybody calls at the Baker Act, but

usually we're talking about like an involuntary hold,

potentially for suicidality or some piece of harm

to themselves or somebody else.

As telemetry health professionals, oftentimes we cannot initiate

a Baker Act, which means we need to

be contacting somebody else in that patient's area

to enact that Baker active.

We can initiate that conversation.

This is when we have to break confidentiality.

We can call and say, Susie Hughes told me

a she told me she has a plan.

She told me she's going to follow through a plan.

Nothing's going to help.

Nothing is going to prevent her

falling through with this plan.

I need you to now assess them and to

complete the Baker Act or to complete the involuntary

hold or unfortunately, sometimes the police need to be

sent out to complete the hold, whatever that is.

But we really need to be aware of the

resources in that patient's area in order to initiate

these mental health holds, especially if you are working

in a state where you yourself as a telemental

health provider cannot initiate them.

If you don't know what the requirements are

for the state that you are working in,

pause this and go check right now.

This is incredibly important and it

will affect how you potentially document

and safety plan with this patient.

I'm going to power through these last two

because we only have a few minutes left.

Patient safety and planning and emergency Care We

have a whole presentation on emergency management, so

we're going to go over this relatively quickly.

The following should be documented and

available for every single patient encounter.

Where is the patient located?

What is the originating site?

Do you have a plan if the technology fails?

You can make this plan once and use this

plan over and over again, but it needs to

be documented direct contact information for the patient.

Again, you can do this once, but it

needs to be available at all times.

Same thing with the emergency contact information.

What are the expectations between sessions?

Is the patient meant to be implementing

a specific intervention or treatment plan? Are they not?

Are they meant to meet with you in three weeks?

Whatever it is?

Phone numbers for emergency care for moments like suicidality,

where we need another provider to make sure they

get where they need to go, and then phone

numbers for non emergency services as well, for example,

their TCP collaboration and continuity of care.

We need to be working with our treatment teams,

integrated or otherwise, in order to provide ethical communication,

to work towards practitioner collaboration, to uphold the standards

of care, and to integrate all medical and mental

health history into the record and to treatments for

the entire person, not just parts of their experience,

into the treatment plan.

Public health emergencies so in instances like

COVID-19, some things are going to change.

We will see some flexibility in our regulations and this

is often called the Section 1135 waiver and they can

be granted to allow expanded telehealth or expanded telemental help,

which is what happened with covid 19.

However, as soon as the state of emergency

is declared over, these waivers go away.

And also some of the waivers themselves have their

own expiration dates that can predate the emergency.

So constantly check these.

I know I get emails from the state board on these.

Make sure that you have access to this information some way

and an ability to stay up to date with it.

Ethical considerations work within

your scope of practice.

You all know this.

Respect confidentiality.

Anything that said stays here unless it's very clear

that you are harm to yourself or others and

there's nothing we can do to manage that.

Discipline Specific Ethics Make sure you

know what your ethical code is.

If you're a counselor like me, make sure you

are reviewing that ACA 2014 Code of Ethics.

Make sure you know the laws and regulations

specific to your state, specific to your profession

within that state, and the regulations specific to

your company, in this case, Discovery Behavioral Health.

Understand your organization's mission, vision and

values and work to uphold them.

Aim for aspirational care, not just okay care,

but aspirational set the standard medical ethical practices,

help them do everything in your power to

support the patients, in maintaining their dignity, their

wishes, and their values.

As I know, you all are okay.

So Zivanza and Intranet are your best resources as far

as going in and checking on what our policies are.

So my preferred way to log into Vidanta

is Savannah sends us all of these updates

essentially on what we need to do.

So if we need to do like the HIPAA compliance training or

we need to sign that document, go ahead and click on it

in your email and it's going to open up Savanta.

And even if you've already completed that training, you

can go to Savanta's Homepage and then search in

Savanta and it will pull up all the policies

related to what you want to know.

So type in HIPAA.

You're going to see everything that we have

related to HIPAA that lives in Savanta.

Be able to go through them, be able

to see hopefully read what you've signed.

But if not what you've signed, you

can see what our CEO has signed.

You can see what we're working towards.

And it's very similar with the Intranet.

So to access our Intranet, open up Outlook on your

computer or just like our Microsoft suite in general, and

then click the Discovery Behavioral Health logo for me.

It is located in like the top right?

And that's going to take you to the Internet.

And then you can search within the Internet as well.

So various departments within Discovery Behavioral

Health have documentation on these policies.

So you might find stuff that's

helpful in the Csqm Department.

You might find it helpful in

our risk management section through Origami.

So go in, familiarize yourself with

those documents, familiarize yourself with how

to access them, access them quickly.

We also have the Quick link, so if you scroll down

on the Internet, you can click on those quick links and

it can take you potentially right where you want to go.

Almost there.

Next, we're going to talk about the fact that

there has been more HIPAA breaches in the past

couple of years than there ever, ever has before.

This is one way to go in and look at them

and you can see HIPAA breaches for companies like Aetna.

You can see them for us.

But this is an important thing to be aware of.

So there has been something like a 20%

to 30% increase in the amount of health

information breaches in the past few years, in

large part due to the expansion of Telehealth.

And that's why this presentation and the skills that

you are going to implement from this presentation are

particularly so important we don't want to break confidentiality

unintentionally by allowing these breaches to happen and we

want to do everything in our power to mitigate

minimize the ability for people to take advantage of

our patients and for these things to happen.

I also again just kind of found this

fascinating to look for myself and would recommend

doing it if you have time.

All right, so we reviewed HIPAA

compliance, legal aspects and ethical considerations.

All of these things are imperative to

effectively implementing telehealth virtual programming for telemedical

health treatment is an ever growing, rapidly

expanding field allowing thousands of historically underserved

Americans to have access to quality care

for the first time.

And in order for it to be quality care we

have to protect the information, we have to protect ourselves.

We have to educate them on how to do that for them.

We need to educate ourselves on how to do it for us.

So if you have any questions or you run into

any issues again, you can always reach out to me.

There's a wealth of resources for you here

as well and the most important thing is

really to review your products as you're buying

them to review your technology as you're using

it, please use your discovery behavioral health technology.

If you do not have discovery behavioral health technology

yet, let your executive director now let me know

and we will get a form filled out for

you so that you can get a laptop or

something that allows you to separate your work information

and our patients personal health information from your own.

It's a really important piece of our success to get

on the line but other than that you have survived

yet another hour of listening to me talk and I

love this girl so much and I hope you guys

are having a fantastic day or week and I'll see

you guys next time in our fourth training.