HIPAA for Behavioral Health Professionals: Privacy, Documentation, and Clinical Risk Management
Your Live PresenterOlivia Williams, PhD, LPCA
Join us live on Friday, November 6, 2026 for an interactive HIPAA webinar led by Olivia Williams, PhD, LPCA. Learn how the Privacy Rule and Security Rule apply to real clinical work, how to document defensibly, and how to respond to a breach, with the chance to ask questions and work through real-world scenarios with the presenter and your peers.
Nov 6, 2026
4:15 PM EST
CE Hours
Webinar
A live webinar link and access details are sent by email after you register. Attendance for the full session is required to earn your 5.5 live CE hours.
Your Presenter

Olivia Williams, PhD, LPCA
Developmental Psychologist / Licensed Professional Counselor Associate
Olivia Williams is a developmental psychologist and licensed professional counselor associate specializing in ADHD, anxiety, and child and adolescent mental health. Her sessions draw on CBT, family systems, and solution-focused approaches to bridge research and clinical practice. In this live webinar, Olivia translates HIPAA's dense regulatory language into clear, practical guidance clinicians can apply to their notes, releases, technology, and breach response, with live Q&A throughout.
Why Attend This Webinar Live?
HIPAA compliance is rarely a matter of memorizing rules. The hard part is applying the Privacy Rule and Security Rule to the messy, specific situations that come up in practice: a subpoena, a request to release records to a parent, a lost laptop, a text from a client. Attending live gives you something a self-paced course cannot: the ability to ask questions in the moment, work through your own scenarios in real time, and learn from the questions your peers raise.
Bring your toughest compliance questions. Olivia answers participant questions throughout the webinar, so you leave with clarity on the privacy and documentation situations that actually show up in your practice rather than generic guidance.
Work through realistic release-of-information, minor-consent, and breach scenarios as a group. Hearing how experienced clinicians reason through ambiguity builds the practical judgment that a policy manual alone cannot teach.
Complete a full 5.5 CE hours in one focused, structured session. Your live CE certificate is issued after the webinar, giving you a meaningful block of your renewal requirement in a single afternoon.
Understanding the Scope: Health Data Breaches in America
Protected health information is a constant target, and behavioral health records carry some of the most sensitive information a clinician holds. Understanding the scope of the problem helps mental health professionals recognize why sound HIPAA practices are a core part of clinical risk management.
According to the U.S. Department of Health and Human Services Office for Civil Rights (OCR), the number of large breaches of protected health information reported each year has climbed steadily, exposing well over a hundred million records in recent reporting years. Industry research, including the IBM Cost of a Data Breach report, consistently ranks healthcare as the most expensive sector for data breaches. For solo and small-group behavioral health practices, even a minor incident can trigger significant time, cost, and reputational harm, which is why practical, up-to-date HIPAA knowledge is essential for every clinician.
Live HIPAA Webinar Overview
This live continuing education webinar was developed in 2025 for mental health professionals and is delivered in real time by Olivia Williams, PhD, LPCA. HIPAA governs how behavioral health professionals protect, use, and disclose client information, and getting it wrong carries real clinical, ethical, and legal consequences. This 5.5-hour live webinar provides licensed professional counselors, social workers, marriage and family therapists, psychologists, and addiction counselors with a practical, current understanding of privacy, documentation, and risk management under HIPAA.
The webinar begins by clarifying what HIPAA actually requires, distinguishing the Privacy Rule from the Security Rule and explaining how each applies to day-to-day clinical work. Participants learn how protected health information is defined, when they can and cannot disclose it, and how special protections for psychotherapy notes change the analysis. Special attention is given to the situations clinicians find most confusing, including minors and parental access, releases of information, subpoenas and court orders, and coordination of care.
Beyond the rules themselves, this training emphasizes documentation that protects both clients and practitioners, reasonable safeguards for electronic records and telehealth, and a clear, step-by-step breach response process. Because it is delivered live, you can raise your own compliance questions and hear the presenter reason through them alongside you, turning abstract regulations into concrete decisions you can defend.
Who Should Attend This Live Webinar?
This live HIPAA training is designed for licensed mental health professionals across all disciplines and experience levels, working in private practice, group practice, community mental health, hospitals, schools, and telehealth settings where they create, store, and share protected health information.
Counselors, especially those in private practice, are often responsible for their own compliance decisions without a compliance department to consult. This training helps counselors understand their obligations under the Privacy and Security Rules, document defensibly, and handle releases, subpoenas, and technology with confidence.
Social workers share information across hospitals, community agencies, schools, and care teams, which makes disclosure rules a daily concern. This ASWB ACE-approved webinar clarifies when coordination of care is permitted, how to manage releases, and how to protect client information across systems.
Family therapists face unique privacy challenges when the client is a couple or family and records may involve multiple people. This training addresses how HIPAA applies to conjoint work, documentation of multiple parties, and requests for records in family and custody contexts.
Substance use records carry heightened confidentiality protections that interact with HIPAA. This NAADAC-approved webinar helps addiction professionals understand how these protections apply, when consent is required, and how to document and disclose substance use treatment information appropriately.
Psychologists managing testing data, therapy records, and supervision need a current understanding of psychotherapy notes, test security, and electronic recordkeeping. This webinar covers the documentation and safeguard practices most relevant to psychological practice and supervision.
Live Webinar Learning Objectives
Upon completing this live HIPAA webinar, mental health professionals will be able to:
- Explain the purpose and scope of HIPAA and identify who counts as a covered entity or business associate in behavioral health settings
- Distinguish the requirements of the HIPAA Privacy Rule from those of the Security Rule and apply each to clinical practice
- Define protected health information and identify permitted uses and disclosures without client authorization
- Apply the special protections for psychotherapy notes and distinguish them from the general clinical record
- Navigate releases of information, minors and parental access, subpoenas, and court orders in accordance with HIPAA
- Implement reasonable administrative, physical, and technical safeguards for electronic records and telehealth
- Create clinical documentation that supports care while protecting client privacy and reducing professional liability
- Recognize what constitutes a breach of protected health information and apply the required breach response and notification steps
- Identify common HIPAA pitfalls in small and solo behavioral health practices and strategies to prevent them
- Integrate HIPAA compliance into a broader clinical risk management approach that protects both clients and practitioners
What This Live Webinar Covers
Build a clear foundation in what HIPAA is and why it exists, including covered entities, business associates and business associate agreements, and the interaction between HIPAA and state confidentiality laws. Understand when HIPAA applies to your practice and how it fits alongside professional ethics codes.
Understand how protected health information is defined and the permitted uses and disclosures for treatment, payment, and healthcare operations. Learn when client authorization is and is not required, the minimum necessary standard, and how clients' rights of access and amendment apply to behavioral health records.
Examine the heightened protection HIPAA gives psychotherapy notes, what qualifies as a psychotherapy note, and how these notes must be kept separate from the general clinical record. Clarify how these protections interact with substance use confidentiality rules and requests from third parties.
Translate the Security Rule into practical administrative, physical, and technical safeguards for electronic protected health information. Address encryption, access controls, secure messaging, remote work, and choosing HIPAA-appropriate telehealth and electronic health record platforms.
Learn how to document defensibly and manage the situations clinicians find most challenging, including releases of information, minors and parental access, subpoenas versus court orders, and coordination of care. Understand how strong documentation supports both client care and professional risk management.
Understand what constitutes a breach, how to conduct a risk assessment, and the required notification steps and timelines. Close with practical strategies for preventing breaches, responding calmly when one occurs, and embedding HIPAA into an everyday clinical risk management routine.
This webinar is $110 on its own. With Unlimited Plus ($129/year), you get this live webinar plus all 24 live sessions across the year and our full library of 100+ on-demand courses. If you plan to attend more than one live event, the annual plan pays for itself immediately.
Get Unlimited Plus: $129/YearHow the Live Webinar Works
1. Register. Reserve your spot for the November 6, 2026 webinar. Individual registration is $110 for all 5.5 CE hours, or attend at no additional cost with an Unlimited Plus membership.
2. Receive your access link. After you register, you will receive a confirmation email with the live webinar link and instructions for joining. A reminder is sent before the event.
3. Attend live. Join on Friday, November 6, 2026 from 10:00 AM to 4:15 PM EST. Attendance for the full session is required to earn your 5.5 live CE hours. Participate in the Q&A and case discussion throughout the day.
4. Complete the post-test and earn your CE certificate. Complete the post-test (required for all live webinars) and course evaluation to receive your 5.5-hour live CE certificate. Your certificate includes all information required by licensing boards.
Privacy Rule, Security Rule, and Breach Response: The Core Framework
Most HIPAA confusion comes from blurring three distinct pieces: the Privacy Rule, the Security Rule, and the breach notification requirements. This live webinar breaks each one down and gives you the chance to ask how it applies to your own practice, so the rules become decisions you can actually make with confidence.
Part 1: The Privacy Rule. The Privacy Rule governs who may see and share protected health information and under what conditions. It defines protected health information, sets the minimum necessary standard, establishes client rights of access and amendment, and identifies the disclosures permitted for treatment, payment, and operations versus those that require client authorization.
Part 2: The Security Rule. The Security Rule applies specifically to electronic protected health information and requires reasonable administrative, physical, and technical safeguards. In practice this means access controls, encryption, secure messaging, device and workspace security, and HIPAA-appropriate telehealth and electronic health record platforms.
Part 3: Psychotherapy Notes. HIPAA gives psychotherapy notes extra protection. These are the clinician's private process notes, kept separate from the general clinical record, and they generally require specific authorization to disclose, even to parties who could otherwise access the record.
Part 4: Breach Response, Step by Step. When an incident occurs, the process is: identify and contain the incident, conduct a risk assessment to determine whether a breach occurred, notify affected individuals without unreasonable delay, notify the U.S. Department of Health and Human Services within the required timelines, and, for larger breaches, notify the media as required. Document each step.
Part 5: Putting It Together. Sound documentation and reasonable safeguards prevent most problems and limit the damage of the rest. Treating HIPAA as an ongoing part of clinical risk management, rather than a one-time policy, is what protects both your clients and your practice.
Live HIPAA Webinar CE Approvals
This live HIPAA webinar is approved for continuing education credit by the following national and state organizations. Our approvals ensure that mental health professionals can earn live CE credit accepted by their licensing boards.
NBCC: Therapy Trainings® has been approved by NBCC as an Approved Continuing Education Provider, ACEP No. 7439. Programs that do not qualify for NBCC credit are clearly identified. Therapy Trainings® is solely responsible for all aspects of the programs. This live HIPAA webinar qualifies for 5.5 NBCC clock hours.
ASWB ACE: Therapy Trainings®, #1945, is approved as an ACE provider to offer social work continuing education by the Association of Social Work Boards (ASWB) Approved Continuing Education (ACE) program. Regulatory boards are the final authority on courses accepted for continuing education credit. ACE provider approval period: 12/6/2024-12/6/2027. Social workers completing this live HIPAA webinar receive 5.5 continuing education credits.
NAADAC: This live HIPAA continuing education webinar has been approved by Therapy Trainings®, as a NAADAC Approved Education Provider, for 5.5 CE hours. NAADAC Provider #270493. Therapy Trainings® is responsible for all aspects of its programming.
Kentucky: Therapy Trainings® is approved by the Kentucky Board of Social Work as a continuing education provider. Provider #KBSWSP 202308. This live HIPAA webinar qualifies for 5.5 continuing education hours.
Ohio: Therapy Trainings® is approved by the Ohio Counselor, Social Worker, and Marriage and Family Therapist Board (CSWMFT) as a continuing education provider.
Florida: Therapy Trainings® is a CE Broker approved provider for the Florida Board of Clinical Social Work, Marriage & Family Therapy and Mental Health Counseling. CE Broker Provider #50-40520. You can self-report your completed hours using this provider number.
Live HIPAA Webinar: Frequently Asked Questions
See the Full Live CE Schedule
This HIPAA webinar is one of 24 live CE sessions we are offering throughout the year, covering ethics, telehealth, trauma, clinical supervision, and more. Browse the full schedule to plan your live CE, or get every session included with Unlimited Plus.
Reserve Your Spot for November 6, 2026
Earn 5.5 live CE hours in a single day with Olivia Williams, PhD, LPCA. Register for this webinar on its own, or attend every live session this year with Unlimited Plus.
Live CE certificate issued after the webinar. NBCC, ASWB ACE, and NAADAC approved.
Course curriculum
-
-
Join the Live Webinar
-
-
-
Assessment
-
About this course
- $110.00
- 2 lessons
- 0 hours of video content