Tag Archives: technology tutor

Technology Tutor: Answering your questions: From protected health information to search engine optimization

By Rob Reinhardt August 31, 2017

I often receive questions during consultations that require fairly brief answers. Although I tend to focus on “big picture” topics in this column, I thought I’d take a break from that routine to answer some of the most popular questions I get asked related to technology in private practice.

Some of these questions touch on legal matters, but please note that my answers do not qualify as legal advice. You should always consult an attorney about legal questions.

 

****

 

Can I use online accounting/billing services such as QuickBooks Online and remain compliant with the Health Insurance Portability and Accountability Act (HIPAA)?

The short answer: It depends. The answer centers around whether you are storing protected health information (PHI) in whatever online system you are using. According to the U.S. Department of Health and Human Services (HHS) summary of the HIPAA privacy rule, PHI is information, including demographic data, that relates to:

  • The individual’s past, present or future physical or mental health or condition
  • The provision of health care to the individual
  • The past, present or future payment for the provision of health care to the individual

This information must identify the individual, or a reasonable basis must exist to believe that it can be used to identify the individual.

If you are storing PHI with a third party, you must enter into a business associate agreement (BAA) with that party. The BAA is a contract that essentially states that the vendor will comply with HIPAA. It also lays out what the vendor’s responsibilities and your responsibilities are for protecting PHI, among other things.

To the question at hand, to use any online service that stores client information, you would need to choose a vendor that complies with HIPAA and that will enter into a BAA with you. At the time of this writing, QuickBooks Online does not meet those requirements. In fact, QuickBooks Online recommends that its users do not enter PHI into its system (see bit.ly/QBHIPAA).

So, why was my initial answer, “It depends”? Because if you are not entering any PHI into QuickBooks Online, then you can still use it while complying with HIPAA. The most common case for this is when client billing is handled through a separate application (see bit.ly/EHRReviews) and a counselor uses QuickBooks only for accounting (tracking of revenue and expenses not attached to any particular client).

 

****

Can I remain HIPAA compliant if I use services such as an online calendar from a vendor that isn’t HIPAA compliant if I use only the client’s initials?

The short answer: No. HHS has clearly stated that “a data set that contained patient initials, or the last four digits of a Social Security number, would not meet the requirement of the Safe Harbor method for de-identification.”

HHS is referring to the de-identification of PHI. HIPAA does allow the storage and transfer of PHI if it has been properly de-identified. This means that someone would not be able to determine the individual with whom the PHI is associated because enough identifying information has been stripped away.

There are two methods to achieve this level of de-identification. One is the “expert method.” This means that you or someone you hire who has “appropriate knowledge of and experience with generally accepted statistical and scientific principles and methods for rendering information not individually identifiable” is able to declare and document that the PHI has been properly de-identified. This is a highly unlikely scenario for most counselors, so you will instead need to rely on the HHS guidance for obtaining Safe Harbor. That guidance is available at hhs.gov/hipaa/for-professionals/privacy/special-topics/de-identification/index.html.

 

****

How can I get my website on the first page of search results?

The short answer is that there is no guaranteed way to get on the first page of search results. I encourage you to be wary of any “SEO optimization” vendor or service that promises that you’ll land on the top of the first page of Google search results, for example.

That being said, SEO (search engine optimization) is a real thing. It encompasses myriad tools and steps that you can take to improve the performance of your website in searches. Much of the process boils down to the content and keywords on your website, along with having external links pointing to your site, but it truly requires a focused, multipronged effort and time to achieve results. 

A great place to start is with the SEO tutorial at moz.com/beginners-guide-to-seo. After reading the tutorial, you should have a good idea of the things you might be able to do yourself. Even if you ultimately hire someone else to do it all for you, you’ll be better informed about what to realistically expect and better equipped to identify those who might be making false promises.

 

****

If you’d like for me to address more questions like these in future Technology Tutor columns, send me an email. In the meantime, be sure to check out the new free TherapyTech with Rob and Roy podcast (I’m the Rob in there!) at therapytechrobroy.com.

 

****

 

 

 

Rob Reinhardt, a licensed professional counselor supervisor, is a private practice and business consultant who helps counselors create and maintain efficient, successful private practices. Before becoming a professional counselor, he worked as a software developer and director of information technology. Contact him at rob@tameyourpractice.com.

Letters to the editorct@counseling.org

 

****

 

Opinions expressed and statements made in articles appearing on CT Online should not be assumed to represent the opinions of the editors or policies of the American Counseling Association.

Technology Tutor: Ethical and legal considerations of counseling tech

By Rob Reinhardt March 31, 2017

Last year, I interviewed a counselor who had been conducting text counseling via the Talkspace service (see ct.counseling.org/2016/06/technology-tutor/). Not long after this, two articles were published that brought some of the legalities and ethics of the Talkspace model into question (see bit.ly/ForbesTS and bit.ly/TSVerge). Given the continued growth of telehealth services, it seems a good time to provide an overview of ethics considerations when using technology in counseling.

Although those articles focused on alleged issues at one particular company, it is important that we apply our ethics decision-making lens to all applications of technology in our counseling work. This includes applications used for electronic health records (EHR), telemental health, internet faxing and so on.

Among the possible scenarios with ethical implications that have been raised for counselors using telemental health platforms are:

  • Concerns about potential violations of the Health Insurance Portability and Accountability Act (HIPAA).
  • Platforms removing the ability for clients to speak with their assigned clinicians.
  • Emails being sent to multiple clients in which the email addresses are visible to all recipients, resulting in possible confidentiality/HIPAA violations.
  • Platforms using the term “customer” instead of “client” in communications to those receiving services, suggesting that such platforms have only a business relationship with clients, not a professional one requiring the same level of privacy/confidentiality that is maintained by licensed clinicians.
  • Concerns that platforms do not have a quick and easy way for clinicians to access client contact information in cases of emergency.
  • Issues regarding mandated reporting and other ethical and legal responsibilities.

I am presenting these concerns here as an opportunity to explore potential real-life ethics situations in the digital age. Let’s examine how counselors can think about these issues and assess whether a particular telemental health or other software platform is right for them and their potential clients.

 

HIPAA

When interviewing any vendor that will come into contact with protected health information (PHI) for which you are responsible, a great starting point is to ask how the company complies with HIPAA. If you’re not satisfied with the vendor’s answer, this should be a nonstarter.

The vendor should be able to provide you with detailed information about how it complies with HIPAA and provide a copy of its business associate agreement (BAA). The BAA is the vendor’s contract with you acknowledging that it complies with HIPAA and detailing what its responsibilities are. If the vendor claims it doesn’t need to comply with HIPAA for some reason (a popular excuse is that the vendor “never has access to PHI”), you should proceed with extreme caution. This reason does apply in certain cases, but they are very rare.

Even if your vendor complies with HIPAA, it is very important not to assume that all of your bases are covered. There are still the ethics concerns noted earlier and the HIPAA compliance measures that you need to address yourself (see tameyourpractice.com/HIPAA).

 

Action point

Check your prospective vendors’ level of HIPAA compliance and confirm that they will enter into a BAA with you.

 

Client autonomy

“Autonomy, or fostering the right to control the direction of one’s life,” is the first guiding professional value listed in the 2014 ACA Code of Ethics (and is also an integral facet of HIPAA). Our ethics code says that clients have the right to choose their counselors. Therefore, counselors who are working as providers in these platforms have a duty to understand if this right will be given. It would be problematic if the platform could disconnect clients from their counselors without client consent or absent an ethical violation on the part of a counselor. If this is a possible scenario on a platform that a counselor is using, it should raise a red flag.

 

Action points

Relationship: When involving a third party such as a platform for telemental health in our counseling work, we must thoroughly investigate what the relationship between the third party and the client would be. Does the third party have “control” over that relationship and the associated records, or do the client and counselor maintain that control? It is important to consider what might happen in different situations. For example, if you decide to switch which vendor you partner with to provide a service, is there anything preventing you from working with the same clients through the new platform? If you need to refer out, how is that handled? Interestingly, these are the same sorts of questions to explore for those joining a group private practice.

Contact: As part of this confirmation of relationship dynamics, counselors should ensure that they have accurate contact information for clients or can gain access to that information in an emergency.

 

Handling of emergency situations

The handling of potential emergency situations is particularly relevant to any form of telehealth. As counselors, we are required by the 2014 ACA Code of Ethics to have a plan for handling contingencies, and when we involve a third party, it is important to explore whether that involvement might present new barriers to such a plan. For example, let’s say a counselor has an urgent need to contact a client or that client’s emergency contact. The counselor uses a cloud-based electronic health records (EHR) system to store client information. What happens if the EHR system or the internet connection is offline? Does the counselor or the EHR vendor have a contingency plan for accessing that information?

 

Action points

Vendor policies and procedures: Know how your vendors handle emergency situations. Is there a way to access data when you have lost your usual route of access? What are your vendors’ contingency plans? Do they have any documentation of past “up time” (percent of time they are up and running) or “outages”?

Contingency planning: Once you know your options with the vendor, what is your plan? Do you keep a secure backup of client contact information in case of emergency? Do you have a backup internet connection (perhaps you can access the EHR via your mobile device via the cellular network)?

If you need additional guidance regarding the creation of a contingency plan, see tameyourpractice.com/contingency.

 

Who is responsible for what?

One of the challenges described by clinicians who have worked with these platforms is identifying exactly who is responsible for what. Tied into both of the previous points, questions are raised about who is responsible for handling emergency situations, record-keeping, billing and even coordination of care with other providers.

Action points

Noting key responsibilities: It might help to make a checklist of your key ethical, legal and clinical responsibilities when it comes to clients (informed consent, HIPAA privacy and security compliance, etc.). Although many of these responsibilities are universal, others may differ depending on the environment in which you work and the clients with whom you work. Construct this checklist so that you are clear on who has ownership of each of these responsibilities and, if necessary, what the contingency plan is for each.

Vetting vendors (or “What are you agreeing to?”): What are the policies and procedures of the third-party vendor? What are the terms and conditions? What is the corporate climate and goals of the vendor? Is the vendor’s organization a for-profit venture run by venture capitalists with no experience in mental health care? Do they express an understanding, both verbally and in policy, of the ACA Code of Ethics? What limitations, if any, do they place on your provision of care? Are there additional limitations, such as clinicians being prohibited to talk with the news media about their experience using the software?

 

Terms and conditions

As tempting, and common, as it is to breeze through “terms and conditions” pages, this is definitely not the time to do so. Many of the action points I’ve mentioned will involve finding answers not just by asking vendor representatives, but by reading the terms and conditions or contract. What is written there is likely more binding than something that a customer service or sales representative told you. Furthermore, if what is written in the terms and conditions differs from what was verbally communicated to you, that should raise a red flag.

 

Action point

Go through the vendor’s terms and conditions with a fine-toothed comb. Weigh them against your ethics and legal responsibilities to ensure compatibility.

 

*****

 

Please note that this is not an exhaustive list. As we increasingly integrate technology into our counseling work, it also increases the number of risk management items on our plate. Thankfully, if handled well, the use of technology can also be of great benefit to our clients and our work with them.

Have questions about how your situation or the use of a specific service is affected by ethics and HIPAA? Send me an email. For a broader overview of telehealth considerations, read the article at bit.ly/TYPTH.

Note that the American Counseling Association does not endorse or condemn the use of any particular telemental health platform. Counselors should always consider the 2014 ACA Code of Ethics, local and national laws, and their own best judgment before using new technologies.

 

****

 

Rob Reinhardt, a licensed professional counselor supervisor, is a private practice and business consultant who helps counselors create and maintain efficient, successful private practices. Before becoming a professional counselor, he worked as a software developer and director of information technology. Contact him at rob@tameyourpractice.com.

 

Letters to the editor: ct@counseling.org

 

****

 

Opinions expressed and statements made in articles appearing on CT Online should not be assumed to represent the opinions of the editors or policies of the American Counseling Association.

Technology Tutor: Starting the year off on the right technological foot

By Rob Reinhardt March 6, 2017

Many of us are aware of the ebb and flow of people seeking counseling services. Around the holidays and the beginning of the school year, more calls come in for help. During the summer, things slow down a bit.

Having provided technology consultation to mental health clinicians for seven years now, I’ve noticed some patterns myself. One that stands out is that many counselors in private practice seem to take stock in the business and technology side of their practices as we transition into the new year. I’ve reached this conclusion by looking at the significant rise in the number of emails and phone calls I receive each year at the beginning of January.

With that in mind, I present some of the top business and technology challenges and questions that counselors have been addressing lately. Some of these may not apply to every counselor, whereas others are items we should all be taking care of.

HIPAA compliance

Now is a great time to revisit your compliance with the Health Insurance Portability and Accountability Act (HIPAA). HIPAA is not a one-and-done kind of thing. It requires that you periodically review your risk analysis and management plans, as well as your policies and procedures. Assuming that you already have completed at least an initial risk analysis, a review can be done fairly quickly. The following are some primary tasks to cover.

  • Review your current risk analysis and remove technology that is no longer used to store or transmit protected health information (PHI).
  • Of the items remaining, ensure that the level of risk presented by those technologies hasn’t changed and that your current methods for managing risk are still effective and appropriate.
  • Now be sure to add any new technologies that might be missing. It’s always best to add new items to your risk management plan as they are implemented in your practice. Making sure that you cover all bases to catch anything that slipped through the cracks is a prudent measure.

If you’re not sure what all of this risk management and analysis means, check out my blog article on the Tame Your Practice site for additional information (bit.ly/HIPAArisk).

Encrypted communications

Both HIPAA and the ACA Code of Ethics (see Standard H.2.d) require counselors to use encryption to secure PHI, including communications with clients, whenever it is reasonable. The truth is that, these days, it’s almost always reasonable to use encryption.

Encrypted email is inexpensive to implement, and although it isn’t always quite as user friendly as unencrypted options, sometimes the cost of privacy is a bit of inconvenience. It’s like those extra seconds you take to turn on the sound machine outside your office — it can really make a measurable difference.

Both the ACA Code of Ethics and HIPAA also provide for client autonomy, which means clients can choose for PHI to be transmitted through unsecured means. It is important to note, however, that this requires that clients have been informed of and understand the risks. It is also important to evaluate whether we should really consider risking confidentiality, either out of convenience or for the sake of saving a few dollars a month. Roy Huggins of Person-Centered Tech makes a great case for why it makes sense to follow through with encrypting email and text (bit.ly/encryptornot).

Want to see how easy it is to use encrypted email? I included a demonstration video in the following blog post: bit.ly/emailencrypt.

Social media policy

Now is also a great time to make sure that you’re satisfying the requirements of Standard H.6. of the ACA Code of Ethics pertaining to social media presence and use. If you are utilizing social media (Facebook, Instagram, LinkedIn, Twitter, etc.), the ethics code requires that you:

  • Maintain a separate personal and professional presence. This relates to our responsibility to avoid engaging in dual relationships. This means taking actions such as creating a professional Facebook page.
  • Incorporate social media into your informed consent. We have a responsibility to inform our clients of the “benefits, limitations and boundaries of the use of social media” (Standard H.6.b.). Depending on how you engage in social media use and marketing, this may vary according to the platform you are using. It is important for clients to understand, for example, the potential benefits and ramifications of them “liking” your professional Facebook page, such as their friends seeing that they liked your page and the kinds of online advertisements that will be displayed to them as a result of liking your page.
  • Maintain client confidentiality by not disclosing information about them online. Also respect their online privacy unless they provide consent to view that information. I strongly encourage you to read my September Technology Tutor column on the dangers of online disclosure (ct.counseling.org/2016/08/thinking-discussing-clients-online-think-twice/). It’s not as simple as making sure that you don’t use identifying information.

An excellent way to address this is to develop a social media policy that you can then incorporate as part of the client orientation/informed consent process. Keely Kolmes offers a wonderful template as a starting point (drkkolmes.com/social-media-policy/).

Business and technology evaluation

Even if you have all of the above buttoned up nicely, it’s always a good idea to evaluate your business operations at least once per year. Is what you are doing working? Could it be improved? Can you implement technology, streamline processes or align your efforts to better move toward your goals? This is also a great opportunity to examine the return on investment (bit.ly/ROITYP) on things you’ve already implemented. Are you getting the expected results?

You’ll find plenty of freely available articles at the Tame Your Practice website (tameyourpractice.com) on these topics and more if you need additional details.

 

****

 

Rob Reinhardt, a licensed professional counselor supervisor, is a private practice and business consultant who helps counselors create and maintain efficient, successful private practices. Before becoming a professional counselor, he worked as a software developer and director of information technology. Contact him at rob@tameyourpractice.com.

Letters to the editor:ct@counseling.org

 

****

 

Opinions expressed and statements made in articles appearing on CT Online should not be assumed to represent the opinions of the editors or policies of the American Counseling Association.

Technology Tutor: Mastering your domain (name)

By Rob Reinhardt November 8, 2016

It’s been some time since I have conveyed knowledge about a technical concept here in the Technology Tutor column. Now seems like a great time to discuss something that continues to be confusing not just to counselors but also for others who don’t possess inside knowledge of how the internet works.

We aren’t necessarily required to have this knowledge. However, possessing it can be incredibly helpful in making important decisions involving our businesses and the Health Insurance Portability and Accountability Act (HIPAA). To provide an illustration, I have only basic knowledge of how automobile engines work. I just want my car to run when I need it to. However, I have educated myself about what sort of maintenance my car needs so that it continues running well and to ensure that I have a good sense of what the mechanic is explaining to me when it doesn’t. This level of knowledge allows me to make educated decisions and to save time and money.

With that in mind, let’s look at a significant underpinning of the internet: the Domain Name Service (DNS). Despite the internet being commonplace for more than two decades now, the inner workings of DNS remain a mystery to many. Yet it is very important that business owners understand how it works because it plays a significant role in many of their business, technology and marketing decisions. For that matter, it is beneficial knowledge for all of us to have because it can be integral to privacy and security of data. For example, it’s important to know that your choice of domain name can significantly affect your search engine results. Because many potential clients will search for “counseling your city,” having those terms as part of your domain name can be beneficial. Furthermore, knowing that you can register more than one domain name and point them all to the same website can also be integral to marketing.

Two examples of domain names are counseling.org and tameyourpractice.com. You’re probably used to seeing domain names in your web browser address bar or as part of someone’s email address. Domain names are all owned by an individual entity, whether that is a person, a corporation or another organization. The process of purchasing a domain name is called registration.

The questions I hear most often about domain registration include:

  • Do I have to host my domain with my web host?
  • How are my domain, web host and email connected?

Let’s start with the technical details, and then I’ll draw an analogy to help pull it all together. When a domain is registered, three important things are established: the owner of the domain page22name (the registrant), the company responsible for maintaining the domain name records (the registrar) and the name server(s). In many cases, the registrar and name servers are connected/owned by the same company, but that’s not required. At this point, your domain isn’t actually doing anything but sitting there. It’s simply a placeholder and not associated with a website, email address or anything else. This is where DNS comes in.

Devices connected to the internet (such as web servers, email servers and even your computer) are assigned a numerical internet protocol (IP) address that looks something like 75.103.237.161 (the American Counseling Association’s web server). Imagine having to remember the numerical address of all the websites you’d like to visit. Fortunately, you don’t have to. DNS converts the domain name to those numerical addresses. Although bookmarks might help with that, you’ll likely agree that it’s more visually appealing to look at counseling.org than 75.103.237.161 in your browser address bar.

To give you a visual, here’s a simplified version of what a DNS record looks like:

Domain name – tameyourpractice.com

Name     Type*     Address

www     A     104.99.99.999

@     MX     109.99.99.999

*For the curious, A = Address and MX = Mail Exchange (because it involves email, thus the “@”)

When you type www.tameyourpractice.com into your web browser, DNS responds, directing you to the actual numerical address of the server hosting the Tame Your Practice website. It knows that you want to go to the website because of the “www” and because you’re using a web browser.

Here’s the kicker. Other services for Tame Your Practice, such as email, might be hosted on an entirely different server and thus have an entirely different IP address. Fortunately, because of the magic of domain names, you don’t need to know that. All you have to do is send an email to rob@tameyourpractice.com (our contact form makes this really easy), and DNS points it to the correct server.

Interestingly, there are potential benefits to hosting your DNS separately from your web hosting, and both separate from your email. Web designer Kat Love has written an excellent article on that topic (see bit.ly/DNSSeparate). The confusion often happens because so many companies provide everything — domain registration and hosting, web hosting, email and more — in one nice package. People sometimes assume that’s just how it’s done and may not even realize that things such as domain names and web hosting are entirely separate functions. Remember that you have important choices and can host each service with a different company.

Let’s bring this all together with an analogy. Consider your name. Even though people may know your name, they may not know where you live or how to reach you by phone. This is akin to how domain names work. Consider someone in your list of contacts. You may have that person’s street address, home phone number, cell phone number and email address. When you decide to contact that person, which path you follow will depend on how you want to communicate with that person. You don’t simply call out the person’s name and hope for the best. You navigate to his or her name in your contacts and choose the correct item. That contact listing is your own personal DNS for that person. With domain names, you don’t have to keep all the IP addresses in a contact list; DNS does the calling and navigating for you.

Understanding this core functionality of the internet will not only help you understand how applications, websites and other services interact online, but can also increase your confidence about making implementation decisions regarding technology.

Need help applying these concepts to your own situation? Send me an email with your questions.

 

****

 

Rob Reinhardt, a licensed professional counselor supervisor, is a private practice and business consultant who helps counselors create and maintain efficient, successful private practices. Before becoming a professional counselor, he worked as a software developer and director of information technology. Contact him at rob@tameyourpractice.com.

Letters to the editor: ct@counseling.org

 

****

 

Opinions expressed and statements made in articles appearing on CT Online should not be assumed to represent the opinions of the editors or policies of the American Counseling Association.

Technology Tutor: Thinking about discussing clients online? Think twice

By Rob Reinhardt August 29, 2016

Our work as counselors can be isolating at times. It is important for our professional growth, our work with our clients and our own mental health to seek peer consultation.

The internet has significantly broadened the potential pool of peers with whom we can consult. Counselors are flocking to mailing lists, forums, LinkedIn and Facebook groups to connect and learn from one another. This is a good thing! It comes with some caveats, however, especially facebookwhen the focus of a discussion is a client issue.

I hope most of us have had the positive experience of taking a client situation to a group of peers and receiving helpful feedback. These discussions might start with a brief case study: “I’m working with a young black male who is in management at his work. He has a history of anxiety that has been exacerbated recently because he feels he is being discriminated against and passed over for promotions despite his excellent performance reviews.”

This likely would be followed by questions from the counseling peer group to learn more about the situation and then a group exploration of how to proceed with the case. It’s nice to think that this discussion could take place with a large number of peers from all over the country — or even the world. Imagine gathering the synthesis of a wide array of different perspectives on this case.

The challenge on the internet is creating this scenario while maintaining client privacy and confidentiality. You’ve likely been informed at some point not to put anything on the internet that you don’t want the whole world to know. In truth, there are some areas and services on the internet that are far more secure than others (for example, electronic health records, banks, etc.). However, such high-level security doesn’t apply in places such as mailing lists and Facebook groups. In considering whether to post something about clients online, I encourage you to use the mnemonic PIT — the place where information falls in and can be discovered by anyone who happens to peer in. PIT stands for Permanence, Identity and Transferability.

Permanence

It’s important to assume that once something is sent across or stored on the internet, it’s there forever. Unless you’re operating on a private server that you have complete control over, presume there are redundant backups and other measures in place to ensure that data aren’t lost. Need a visual example? Head to the Wayback Machine and have a look at what the American Counseling Association website looked like in 1997 (bit.ly/ACAWayBack). And be aware that it is not only websites that are archived like this.

Some of us might think, “Well, if we share minimal data about this client, it won’t matter if it’s permanent.” Consider, however, that this permanence increases the chances that someone may recognize the client through your description because that information has the potential to be read for months and years to come.

Identity

In educational, employment or office settings, you are likely sitting face to face with people you know. Their identities have either previously been verified or can be verified quite easily in the moment.

Now consider online forums. Even those with the most stringent identity-verification procedures are problematic. Yes, there are professional peer groups that ask members to verify their identities and professional licenses, but few of these groups engage in authentication processes. In other words, there is no way to be perfectly sure that everyone in the online group:

  • Is who they say they are
  • Is a mental health professional
  • Subscribes to the same code of ethics and conduct
  • Agrees to hold all information posted in confidence
  • Will not make a mistake and share, forward, screenshot or otherwise cause the information posted to be viewed by someone outside of the intended audience (can you say “reading your Facebook news feed while sitting in a coffee shop?”)

That last bullet point is a big one. I don’t know of too many people who have never accidentally hit the “Share,” “Forward” or “Retweet” buttons. Even though some groups (particularly on Facebook) are set up to prevent sharing of posts outside of the group, it isn’t foolproof. And they can’t prevent things such as screen shots, which brings us to the next point.

Transferability

Almost all information posted on the internet can be forwarded or duplicated in some manner. Emails can be forwarded. Replies can be inadvertently sent to the wrong person. Facebook posts can be shared and reshared. And then there are screen shots.

Screen shots make it possible to share any type of content virtually anywhere. A screen shot of an email can be posted on Facebook. A screen shot of a Facebook post can be placed on a webpage. There’s no limit to how far and wide a piece of information can be shared.

Perhaps you’ve seen the posts on Facebook by teachers and parents who want to prove this concept to kids. They post a picture and ask everyone to like and share it so that kids can see how quickly information can travel to thousands — potentially millions — of people. Although this is a deliberate behavior, I encourage you to consider it when deciding whether to post something online.

Additional considerations

When discussing this topic with mental health professionals, their first consideration is often whether someone might recognize the client. They reason that if they leave out identifiers and keep the information general enough, the likelihood of someone positively identifying the client is small.

What I think many neglect to consider is the possibility that the clients themselves may view this information. It’s very difficult to speak generally about clients and not have them recognize themselves, particularly when they already know they are working with the counselor who shared this information.

Not convinced? As an exercise, think about how you would describe a client in a peer support context in a way that would leave that client unidentified. Now give thought to whether the client would recognize himself or herself if you shared those same details.

Psychologist and “Selling the Couch” podcaster Melvin Varghese echoed these sentiments when asked his thoughts on discussing clients online: “When thinking about asking a clinical question in a public forum like a FB [Facebook] community, I run my mind through two steps. First, I ask myself, ‘If my client saw what I just typed, would they feel like their privacy was being violated?’ Second, I ask myself, ‘If the roles were reversed, would I feel like my privacy was being violated?’ If the answer is yes to either question, I either need to make the question more general (i.e., remove anything that could remotely identify a client, from geographic location to age, gender, etc., and/or connect them to me) or leave it to an in-person consult with a colleague or supervisor.”

From a big picture perspective, I also encourage counselors to consider the public perception of mental health professionals. Even if someone can’t recognize a client on the basis of something you’ve written online, how will that person feel knowing that a mental health professional is discussing clients online? Will this change the likelihood of that person seeking help when he or she needs it? How will it change that person’s perception of counselors?

Tamara Suttle, chief inspiration officer at Private Practice From the Inside Out (tamarasuttle.com), hosts her own Facebook group and is a member of others. Although she has strict rules prohibiting the discussion of clients on her Facebook group and website, she knows that others do not. Here’s what Tamara, a member of the American Counseling Association, said about this topic: “I see [and] hear therapists talking about clients on social media almost weekly. It’s tragic really that they don’t realize how damaging this can be [not only] to their clients, but also to a therapist’s own professional reputation. I left one Facebook group for a while because of this very thing. The shocking part is that when therapists were confronted either on the group or privately, many rationalized and attempted to justify their behaviors by stating things like, ‘Therapists need a place to vent too!’ Even more shocking were the numbers of otherwise well-respected therapists who chose to remain silent on the issue.”

Ethics

To reinforce the importance of these points, we need to look at this topic from our ethical framework as counselors. The ACA Code of Ethics states that:

  • “Counselors protect the confidential information of prospective and current clients.” (Standard B.1.c.)
  • “Counselors discuss confidential information only in settings in which they can reasonably ensure client privacy.” (Standard B.3.c.)
  • “Counselors take precautions to ensure the confidentiality of all information transmitted through the use of any medium.” (Standard B.3.e.)
  • “When consulting with colleagues, counselors do not disclose confidential information that reasonably could lead to the identification of a client … unless they have obtained the prior consent of the person …” (Standard B.7.b.)

As previously noted, case consultation is an import aspect of the work we do as counselors. We typically address this through informed consent, letting clients know that case consultation happens and what the parameters are. It’s important to note the context of those consultations. Most clients are likely to understand and support face-to-face case consultations between licensed professionals within a secure office environment. But will they provide their consent if you inform them that these discussions may take place in Facebook groups? Can you ensure their privacy and confidentiality there?

To be clear, ACA representatives share these concerns, advocating for a strict interpretation of the ethics code. This includes a stance that online group forums do not constitute group supervision or consultation. ACA Chief Professional Officer David Kaplan states, “Professional counselors are ethically mandated to not discuss clients — with or without identifying information or circumstances — in public spaces, to include online spaces.”

Readers interested in exploring this further may want to pick up a copy of Using Technology to Enhance Clinical Supervision by Tony Rousmaniere and Edina Renfro-Michel. The book is published by ACA.

Legality

It is also important that counselors consider the legal implications of anything they share online. In addition to HIPAA (the Health Insurance Portability and Accountability Act), they need to be aware of any applicable privacy laws in their states.

Anne Marie “Nancy” Wheeler, an attorney licensed in Maryland and Washington, D.C., serves as ACA’s risk management consultant. “Discussing clients online can lead to potentially serious risk management and legal problems for counselors,” she warns. “Even when the information is supposedly deidentified, a client who recognizes himself in an online post could file a complaint against the counselor alleging a number of issues, including intentional infliction of emotional distress.”

Now look back at the client example I presented at the beginning of this article. It may have seemed appropriately vague at the time. But having read this article, I encourage you to give some thought to whether you would still post such information anywhere online.

Appropriate discussion

These cautions don’t mean that we have to ignore all the wonderful benefits that can result from connecting and discussing things with peers online. We simply have to give careful thought to our approach. Consider these guidelines.

1) Approach it from a “nonclient” perspective. Using our example, you might ask, “I’d like to hear experiences from those who have worked with people experiencing discrimination. What techniques and interventions have you found to be effective?”

2) When seeking someone to refer to, focus on the counselor’s skills, not the client’s issues. For example, you might say, “I’m looking for a counselor who helps clients with anxiety and also has experience working with clients experiencing discrimination.”

3) Before posting, give consideration to whether any of your clients might think you are talking about them in public and breaking confidentiality, or whether the general public might have a negative or positive view of what you are posting.

4) If you can’t be sure of protecting a client’s privacy and complying with laws and ethics, save the discussion for peer consultation in a secure environment.

As we increasingly lean on technology to carry out our work, it is important that we continue to analyze the risks and make informed decisions according to the priority of protecting our clients and their confidentiality.

 

****

 

Rob Reinhardt, a licensed professional counselor supervisor, is a private practice and business consultant who helps counselors create and maintain efficient, successful private practices. Before becoming a professional counselor, he worked as a software developer and director of information technology. Contact him at rob@tameyourpractice.com.

Letters to the editor:ct@counseling.org

 

****

 

Opinions expressed and statements made in articles appearing on CT Online should not be assumed to represent the opinions of the editors or policies of the American Counseling Association.