Counseling Today, Features

Technology Tutor: Ethical and legal considerations of counseling tech

By Rob Reinhardt March 31, 2017

Last year, I interviewed a counselor who had been conducting text counseling via the Talkspace service (see Not long after this, two articles were published that brought some of the legalities and ethics of the Talkspace model into question (see and Given the continued growth of telehealth services, it seems a good time to provide an overview of ethics considerations when using technology in counseling.

Although those articles focused on alleged issues at one particular company, it is important that we apply our ethics decision-making lens to all applications of technology in our counseling work. This includes applications used for electronic health records (EHR), telemental health, internet faxing and so on.

Among the possible scenarios with ethical implications that have been raised for counselors using telemental health platforms are:

  • Concerns about potential violations of the Health Insurance Portability and Accountability Act (HIPAA).
  • Platforms removing the ability for clients to speak with their assigned clinicians.
  • Emails being sent to multiple clients in which the email addresses are visible to all recipients, resulting in possible confidentiality/HIPAA violations.
  • Platforms using the term “customer” instead of “client” in communications to those receiving services, suggesting that such platforms have only a business relationship with clients, not a professional one requiring the same level of privacy/confidentiality that is maintained by licensed clinicians.
  • Concerns that platforms do not have a quick and easy way for clinicians to access client contact information in cases of emergency.
  • Issues regarding mandated reporting and other ethical and legal responsibilities.

I am presenting these concerns here as an opportunity to explore potential real-life ethics situations in the digital age. Let’s examine how counselors can think about these issues and assess whether a particular telemental health or other software platform is right for them and their potential clients.



When interviewing any vendor that will come into contact with protected health information (PHI) for which you are responsible, a great starting point is to ask how the company complies with HIPAA. If you’re not satisfied with the vendor’s answer, this should be a nonstarter.

The vendor should be able to provide you with detailed information about how it complies with HIPAA and provide a copy of its business associate agreement (BAA). The BAA is the vendor’s contract with you acknowledging that it complies with HIPAA and detailing what its responsibilities are. If the vendor claims it doesn’t need to comply with HIPAA for some reason (a popular excuse is that the vendor “never has access to PHI”), you should proceed with extreme caution. This reason does apply in certain cases, but they are very rare.

Even if your vendor complies with HIPAA, it is very important not to assume that all of your bases are covered. There are still the ethics concerns noted earlier and the HIPAA compliance measures that you need to address yourself (see


Action point

Check your prospective vendors’ level of HIPAA compliance and confirm that they will enter into a BAA with you.


Client autonomy

“Autonomy, or fostering the right to control the direction of one’s life,” is the first guiding professional value listed in the 2014 ACA Code of Ethics (and is also an integral facet of HIPAA). Our ethics code says that clients have the right to choose their counselors. Therefore, counselors who are working as providers in these platforms have a duty to understand if this right will be given. It would be problematic if the platform could disconnect clients from their counselors without client consent or absent an ethical violation on the part of a counselor. If this is a possible scenario on a platform that a counselor is using, it should raise a red flag.


Action points

Relationship: When involving a third party such as a platform for telemental health in our counseling work, we must thoroughly investigate what the relationship between the third party and the client would be. Does the third party have “control” over that relationship and the associated records, or do the client and counselor maintain that control? It is important to consider what might happen in different situations. For example, if you decide to switch which vendor you partner with to provide a service, is there anything preventing you from working with the same clients through the new platform? If you need to refer out, how is that handled? Interestingly, these are the same sorts of questions to explore for those joining a group private practice.

Contact: As part of this confirmation of relationship dynamics, counselors should ensure that they have accurate contact information for clients or can gain access to that information in an emergency.


Handling of emergency situations

The handling of potential emergency situations is particularly relevant to any form of telehealth. As counselors, we are required by the 2014 ACA Code of Ethics to have a plan for handling contingencies, and when we involve a third party, it is important to explore whether that involvement might present new barriers to such a plan. For example, let’s say a counselor has an urgent need to contact a client or that client’s emergency contact. The counselor uses a cloud-based electronic health records (EHR) system to store client information. What happens if the EHR system or the internet connection is offline? Does the counselor or the EHR vendor have a contingency plan for accessing that information?


Action points

Vendor policies and procedures: Know how your vendors handle emergency situations. Is there a way to access data when you have lost your usual route of access? What are your vendors’ contingency plans? Do they have any documentation of past “up time” (percent of time they are up and running) or “outages”?

Contingency planning: Once you know your options with the vendor, what is your plan? Do you keep a secure backup of client contact information in case of emergency? Do you have a backup internet connection (perhaps you can access the EHR via your mobile device via the cellular network)?

If you need additional guidance regarding the creation of a contingency plan, see


Who is responsible for what?

One of the challenges described by clinicians who have worked with these platforms is identifying exactly who is responsible for what. Tied into both of the previous points, questions are raised about who is responsible for handling emergency situations, record-keeping, billing and even coordination of care with other providers.

Action points

Noting key responsibilities: It might help to make a checklist of your key ethical, legal and clinical responsibilities when it comes to clients (informed consent, HIPAA privacy and security compliance, etc.). Although many of these responsibilities are universal, others may differ depending on the environment in which you work and the clients with whom you work. Construct this checklist so that you are clear on who has ownership of each of these responsibilities and, if necessary, what the contingency plan is for each.

Vetting vendors (or “What are you agreeing to?”): What are the policies and procedures of the third-party vendor? What are the terms and conditions? What is the corporate climate and goals of the vendor? Is the vendor’s organization a for-profit venture run by venture capitalists with no experience in mental health care? Do they express an understanding, both verbally and in policy, of the ACA Code of Ethics? What limitations, if any, do they place on your provision of care? Are there additional limitations, such as clinicians being prohibited to talk with the news media about their experience using the software?


Terms and conditions

As tempting, and common, as it is to breeze through “terms and conditions” pages, this is definitely not the time to do so. Many of the action points I’ve mentioned will involve finding answers not just by asking vendor representatives, but by reading the terms and conditions or contract. What is written there is likely more binding than something that a customer service or sales representative told you. Furthermore, if what is written in the terms and conditions differs from what was verbally communicated to you, that should raise a red flag.


Action point

Go through the vendor’s terms and conditions with a fine-toothed comb. Weigh them against your ethics and legal responsibilities to ensure compatibility.




Please note that this is not an exhaustive list. As we increasingly integrate technology into our counseling work, it also increases the number of risk management items on our plate. Thankfully, if handled well, the use of technology can also be of great benefit to our clients and our work with them.

Have questions about how your situation or the use of a specific service is affected by ethics and HIPAA? Send me an email. For a broader overview of telehealth considerations, read the article at

Note that the American Counseling Association does not endorse or condemn the use of any particular telemental health platform. Counselors should always consider the 2014 ACA Code of Ethics, local and national laws, and their own best judgment before using new technologies.




Rob Reinhardt, a licensed professional counselor supervisor, is a private practice and business consultant who helps counselors create and maintain efficient, successful private practices. Before becoming a professional counselor, he worked as a software developer and director of information technology. Contact him at


Letters to the editor:




Opinions expressed and statements made in articles appearing on CT Online should not be assumed to represent the opinions of the editors or policies of the American Counseling Association.

Leave a Reply

Your email address will not be published. Required fields are marked *