We’re going over some extra security features we provide, such as two-step verification, and precautions you can take, such as using a password...
Optimistic resolutions for a successful New Year
These resolutions will help keep your account and practice running smoothly so you can tackle the New Year with confidence and optimism.
Let’s make 2022 the year of optimism. It’s easy to be pessimistic right now, which is why it’s all the more important that we make an effort to choose optimism instead – and patience, hope, fortitude, gratitude, and all of the other empowering states of mind that often fall to the wayside when things get tough.
One way we can choose optimism is by focusing on the things we have the power to change and taking action to make things better than they were before.
We’ve put together a collection of resolutions and actions to help strengthen three areas of your Hushmail account and practice management. We suggest you set up a schedule to tackle one of these sections each week. By the end of January, you’ll be set to take on the New Year with confidence and optimism.
Knock out basic maintenance at the start
There are a handful of relatively simple but important actions you should take at the start of every year to keep your Hushmail account running smoothly. We suggest you devote week one to basic maintenance.
Prevent hacking disasters now
One of the most effective actions you can take against hacking threats right now is to enable two-step verification. If you’re getting tired of hearing about this from us, take it as evidence that two-step verification is extremely important. So again, here are the steps to enable it for your Hushmail account:
- Sign in to your Hushmail account
- Go to the Preferences page by clicking the link in the upper right corner
- Select the Security tab
- To get started, click on the pencil icon to turn it on
- Follow the on-screen instructions
- For more detailed instructions, read our help article
The other step you can take to protect yourself against hacking is to diligently use a password manager. The best way to keep your passwords safe is to choose either a browser password manager (this is the manager you can set up in the preferences of Safari, Firefox, Chrome or other browsers) or a password manager app that provides advanced features you might want, such as group password sharing. PCMag’s The Best Password Managers for 2022 can help you figure out the best password manager for you.
Once you’ve chosen a password manager, follow the tips below to ensure your passwords are as secure as possible.
- Use a strong, unique password or passphrase for every website. No exceptions. If you’re using a password manager, it will no longer be difficult for you to keep up with all of the passwords, and many of them will generate good ones for you.
- Make sure your password manager doesn’t have master password recovery, which creates a vulnerability that can let in hackers. This means you’ll be responsible for remembering your master password.
- Use two-step verification.
- Update the software regularly. This ensures that any patches for vulnerabilities are implemented as soon as they come out.
Delete aliases you’re no longer using
Aliases are great for helping you organize your emails, but don’t let unused aliases build up in your account. Once you know you don’t want to receive emails to an alias, put that alias to rest. You can always create a new one later. You can also revive an alias if you need to.
Review your folder strategy
Don’t let your inbox get out of control this year. Take some time to clean up your inbox to start 2022. Then, keep it organized with a folder system that fits your work style. Our guest post from Organize and Thrive, Take control of your Hushmail inbox in 4 simple steps, will help you figure out a folder strategy that works for you by walking you through the steps to create new folders and rules.
Update your bio, signature, and headshot
Review your email signature. Is it up to date with your current title and contact information? Or perhaps you never made a signature. If that’s the case, here’s a help article that explains how to set one up. Do you need help fitting your headshot or logo into your signature? Contact Customer Care, and one of our specialists will be happy to assist.
Update your web form bio and headshot. Just like your email signature, don’t forget to make sure the bio on your web forms is current. It’s easy to forget about your bio on a standard form like an intake form, but it’s a simple edit to make and shouldn’t be neglected.
Upgrade if you need more forms, body charts, e-signatures
Did you sign up for Hushmail thinking you’d only need a form or two but have found you need to add a few more or one with a signature field? This might be the year to upgrade your plan.
Upgrading is easy. Go into your form builder and click on the badge that shows the number of remaining forms. You’ll be given the option to upgrade to a plan with more forms and features.
Subscribe to a yearly plan and automatically save
While you’re thinking about upgrading your plan, you might also want to switch to an annual plan if you’re currently paying monthly. You’ll get an entire month free!
Prep new clients about Hushmail
One reason why Hushmail is such a good choice for communicating securely with your clients is that they don’t need a Hushmail account of their own to benefit from our encryption. Instead of having to sign up for an account, they’ll read your messages and fill out forms on a private message center that’s free for them to use.
We suggest you let them know that this is how you’ll be communicating with them because they’ll need to look for an email with a secure link and then set up a password before they get started. It helps for them to know what to expect.
You’ll probably be bringing on some new clients for the new year. When you do, get them started on the right foot by sending them our handout about how to use the private message center.
Check your HIPAA compliance
Every year, you should take a close look at your security and privacy practices to ensure everything is compliant with HIPAA, particularly if you’re a covered entity subject to HIPAA requirements. Here are the questions to ask yourself now to make sure you’re up to speed for 2022.
Are you due for a risk assessment?
HIPAA requires healthcare practices to safeguard electronic protected health information (ePHI) through risk assessment (also called “risk analysis”).
Risk assessment involves identifying your practice’s assets, including its digital assets, and including all ePHI created, maintained, received, or transmitted, and identifying the risks and vulnerabilities to each of those assets and including to the confidentiality, integrity, and availability of that ePHI. As part of completing a risk assessment, you will also rate the risks and vulnerability by considering their likelihood of occurring and their impacts on your practice. This rating will give you an idea of where to focus your risk management efforts.
And that’s the importance of a risk assessment. It gives you a clear plan of how to protect your practice and your clients’ ePHI from security threats throughout the year.
Conducting a risk assessment might sound intimidating, but there’s no need to worry. Risk assessment is something you can do on your own at a level that’s comfortable for you.
Our Risk Assessment Guide gives you step-by-step guidance, or consider signing up for Person Centered Tech’s Tear-free Risk Assessment and Mitigation – consultant-led risk assessment and mitigation planning that’s done in two hours.
Are you responding to reviews correctly?
Sometimes simple actions you might take as a routine part of running your practice turn out to be more complicated than you think. Replying to reviews on third-party review sites, for example.
Responding to reviews on a site like Yelp is important for maintaining good client relationships. However, due to privacy concerns, responding to reviews from clients requires careful consideration. If your responses aren’t handled correctly, they could leave you vulnerable to significant fines and other penalties for disclosing client information.
Keep this in mind – your public response must be vague and not acknowledge the relationship with the reviewer. Then you can direct them to a secure contact form on your website to continue the conversation. Read more about how to handle reviews in our blog post The right and wrong way to respond to patient reviews.
Are you using secure contact forms when you need them?
Similar to responding to reviews in the proper, compliant manner is how you accept communication from directory sites such as Psychology Today. Unbeknownst to many, that very convenient email button on your profile page that allows potential clients to contact you through a form is not HIPAA compliant. You can read this in the form’s fine print.
Fortunately, if you’re a Hushmail customer, you already have the perfect solution. Psychology Today allows you to enable a website button that links to your website. We suggest that you disable the email button and set the website button to link to your website’s secure contact form that you built with Hush™ Secure Forms.
Or, if you don’t have a website, you can include the link to your secure web form that we host for you in your profile description. In fact, even if you have a website, it doesn't hurt to include the direct link to your contact form in your profile. That way, your potential client knows they have an easy way to reach you when they’re ready to connect.
Are you correctly informing your clients of their rights?
The HIPAA Privacy Rule stipulates that individuals have the right to request access to their PHI at any time, in the electronic format of their choice or as a hard copy.
It’s your responsibility to implement policies and procedures that make it easy for an individual to make this request. You also must respond in a timely manner and document the request and your response.
We break down exactly what is required in our blog post HIPAA tips: are you correctly informing your clients of their rights?. You can also look through the Office of Civil Rights (OCR) guidance: Individuals’ Right under HIPAA to Access their Health Information 45 CFR § 164.524
At the end of the day, make sure you document with as much detail as possible. Write out exactly how you will respond to requests for PHI and communicate that information to your clients. Then, be sure to keep records of every request that comes in and document your response. By placing your focus on meticulous documentation and following the guidelines mentioned in this post, you’ll be well on your way to satisfying this requirement.
Is your Notice of Privacy Practices up to speed?
Communication with your clients is extremely important when it comes to HIPAA, especially when it comes to explaining their rights. The HIPAA Privacy Rule requires practices to develop and distribute a notice that provides a clear, user-friendly explanation of your clients’ rights with respect to their PHI.
If you’re a covered entity and required to comply with HIPAA rules, you must make a Notice of Privacy Practices (NPP) easily accessible, and it must be in plain language.
The best step you can take to ensure that your NPP is up to speed is to review the model NPPs provided by the OCR and then create your NPP to match. The OCR provides several different versions of the models, all using plain language and approachable designs, so you can choose the design you feel will best serve your practice.
Schedule time for self-care
So after all of that security and HIPAA maintenance, what’s left?
Caring for you.
There’s a tendency to take on more and more just because we think we can or feel that we should. Because if we don’t do it, who else will? So much needs to be done right now, especially in the behavioral health community.
You can’t help anyone if you aren’t taking care of yourself. Of course, this is often easier said than done. You probably have your go-to list of things to do when you need to get back to a grounded place. Be sure to turn to that list often.
One powerful self-care action that might not be on your list is to connect with others in your profession on a regular basis. You can do this on a personal level – nothing beats a relaxed lunch with a colleague. But that one-on-one time isn’t always possible. That’s where finding a podcast or two that you can tune into regularly can help. A podcast you like can help you find a new perspective or simply feel kinship with others who are having similar experiences. Here are a few podcasts from our partners for you to sample.
Abundance Practice Podcast with Allison Puryear, is mostly about marketing your practice, but its tone is light and sassy, and Allison totally gets the trials and tribulations of going it alone in private practice. Pour yourself a cup of coffee and get ready to laugh while learning with someone who will feel like your best girlfriend right away.
Selling the Couch with Melvin Varghese, is a gentle, loving guide to not just the challenges of being a compassionate therapist but also growing your business beyond client sessions with podcasts and courses. The podcast is like a warm hug, but you come away with a ton of actionable information, too.
The Modern Therapist Podcast with Curt and Katie addresses regulatory changes that affect a therapist’s work and offers insight into where the profession is headed in a rapidly changing environment. Offering plenty of nitty-gritty professional items such as how to bill and take insurance, this podcast can answer a lot of your nagging questions about practical matters.
Private Practice Startup is a podcast produced by Kate and Katie, two savvy therapists in South Florida who address everything that goes into starting a private practice. Informative, fun, and intense, it’s a good podcast when you want a solid boost of motivation to keep going strong.
Happy New Year!
By tackling these three areas – basic account maintenance, HIPAA, and self-care – you’ll be in a good place to take on whatever the new year might have in store for us.
Let’s get ready for a successful 2022!
The new year is almost here. One way we can choose optimism for 2022 is by focusing on the things we have the power to change and taking action to make things better than they were before. We’ve put together a collection of resolutions and actions to help strengthen three areas of your Hushmail account and practice management – basic account maintenance, HIPAA, and self-care. We suggest you set up a schedule to tackle one of these sections each week. By the end of January, you’ll be set to tackle the New Year with confidence and optimism.