Podcast: Play in new window | Download | Embed
Would you rather read the transcript? Click here.
Staying on top of the legal side of things is a huge pain, but we are at a point where keeping up with these digital shifts is just a core part of running a practice. In this episode, I’m walking through the 2026 HIPAA Security Rule updates and what they actually mean for you on a day-to-day basis. We’re moving away from the old “addressable” safeguards into a world where everything is mandatory, from multi-factor authentication to specific 72-hour data recovery rules. I also dig into the concept of data sovereignty, which is really just a fancy way of saying who actually controls your client data, and how to spot red flags in those long terms of service agreements that none of us ever want to read. My goal is to help you build a simple vetting process for your software so you can focus on the clinical work without worrying that your data is leaking into a global AI training model.
Main Topics
- 00:38: The 2026 HIPAA Security Rule update and the end of addressable safeguards
- 01:12: Mandatory multi-factor authentication (MFA) requirements for all systems
- 02:20: The 72-hour recovery rule for clinical data and vendor contract obligations
- 03:25: Updating Business Associate Agreements (BAA) for AI-specific clauses
- 04:15: Defining data sovereignty vs. data residency and why control matters
- 07:45: A three-point vetting checklist for clinical software and AI tools
- 09:12: Red flag phrases to look for in Terms of Service agreements
- 11:35: Cross-state compliance and the impact of the Delete Act on practice inventory
Cool Things Mentioned
- The Testing Psychologist mastermind groups and business consulting
- Reverb: the premier AI-powered report-writing platform for testing psychologists
Featured Resources
TherapyNotes is the leading EHR system for mental health practitioners. I’ve used TherapyNotes for over 10 years, and it just keeps getting better. Use this link and the promo code “testing” to get two free months and try it for yourself! www.therapynotes.com/testing
The Testing Psychologist podcast is approved for CEU’s!I’ve partnered with At Health to offer CE credits for podcast episodes! Visit this link to access current and past episodes available for CE credit. You can use code “TTP10” for a discount on ALL the course credits you purchase from At Health!
About Dr. Jeremy Sharp
I’m a licensed psychologist and Clinical Director at the Colorado Center for Assessment & Counseling, a private practice that I founded in 2009 and have grown to over 20 clinicians. I earned my undergraduate degree in Experimental Psychology from the University of South Carolina before getting my Master’s and PhD in Counseling Psychology from Colorado State University. These days, I specialize in psychological and neuropsychological evaluation with kids and adolescents.
As the host of the Testing Psychologist Podcast, I provide private practice consulting for psychologists and other mental health professionals who want to start or grow psychological testing services in their practices. I live in Fort Collins, Colorado with my wife (also a therapist) and two young kids.
Ready to grow your testing services? Click below to get on the waitlist!