Tag Archives: technology tutor

Technology Tutor: Why counselors need to understand health information exchange

By Rob Reinhardt June 6, 2018

Because most counselors have flown under the “meaningful use” radar so far, they may not be familiar with the term health information exchange (HIE). Moving forward, however, it will be important for counselors to educate themselves because the model for provision of care in the United States continues to move toward that of interoperability and integrated care. In this article, I discuss the basics of HIE and the reasons that counselors need to understand it.

Interoperability

The picture of how HIE came about is complex. It developed over many years and includes previously existing Medicare and Medicaid programs, programs created by the Affordable Care Act, as well as the Health Information Technology for Economic and Clinical Health (HITECH) Act. The overarching goal that resulted in the genesis of HIE was that of interoperability as a critical component of improving the quality, efficiency and safety of health care delivery while reducing its overall costs.

As described on the HealthIT.gov website, interoperability is generally accepted to mean the ability of two or more systems or components to 1) exchange information and 2) use the information that has been exchanged.

The promise of interoperability is that health care providers can readily share and use each other’s information in the provision of services. This means that if you visit your primary care physician (PCP), who then sends you to a specialist, that specialist should be able to receive your records from your PCP before you arrive. In other words, there is no need for you to cart your records around and report the entire story over again. There is no need to repeat tests that have already been completed. This also means that in emergency situations, a hospital should be able to quickly access your medical history and know exactly what medications you are currently taking.

From a big-picture standpoint, interoperability also means that data can be aggregated more quickly and effectively to track things such as outbreaks of the flu or other illnesses. These are just a few examples of the benefits of interoperability, but they illustrate why it is considered critical to the mission of the Affordable Care and HITECH acts.

The Meaningful Use program and HIEs

How critical is interoperability? In 2010, the State Health Information Exchange Cooperative Agreement Program was created, which led to $548 million being awarded to states for the purposes of establishing and improving state-managed HIEs. In April 2015, Congress declared it “a national objective to achieve widespread exchange of health information through interoperable certified EHR [electronic health record] technology nationwide by December 31, 2018.”

The Meaningful Use program was created to provide incentives for EHR adoption by eligible professionals. The program also includes reimbursement penalties for those who do not participate. (For more, see tameyourpractice.com/blog/meaningful-use-and-mental-health-professionals.) Although the Meaningful Use program tasked providers with adopting EHRs that could exchange information, that process has been slow, and it is not always efficient or effective. In addition, counselors have not been included in the incentives or penalties for meaningful use (the same holds true for all mental health providers apart from those who prescribe medications).

HIEs are meant to speed up the achievement of interoperability while also filling in gaps and providing a central repository of records. Providers who haven’t fully achieved the ability to exchange information with other providers can at least provide it to the HIE. For example, rather than a hospital having to query multiple providers for records, it can query just one system, the HIE, to get vital information about a patient. The time savings in emergency situations can also save lives.

Implications for counselors

So, if counselors haven’t been a part of meaningful use, why do we need to pay attention to it? The fact is that despite of our exclusion from the Meaningful Use program, the national engine pushing for all health care providers to achieve interoperability has still been running. States have been incentivized to help move that engine along too, and their ability to continue to fund their programs is attached to milestones.

To that end, states are increasingly enacting measures requiring participation in HIEs or other programs in an effort to achieve widespread interoperability. For example, here in North Carolina where I am located, participation in HIE has been mandated for any health care provider receiving state funds. This includes not only those who accept Medicaid, but also those who work with employees of the state (through a plan currently managed by Blue Cross Blue Shield of North Carolina). As of this writing there are over 700,000 people in North Carolina dependent on the State Employees’ Health plan and almost 2 million Medicaid recipients. Counselors will be able to continue serving those clients only if they meet the HIE mandate deadlines (currently June 1, 2018, for Medicaid and June 1, 2019, for state employees).

Other states have or are pursuing similar measures. The following website links to each state’s respective HIE website so that counselors can stay up to date on developments: healthit.gov/topic/onc-hitech-programs/state-health-information-exchange.

Before proclaiming, “I don’t accept insurance” and turning the page, read on. In some states (such as Minnesota), mandates have been applied to all providers, regardless of how payments are received. (Minnesota’s mandate has since been amended to provide some exceptions and currently carries no penalties.)

Perhaps more important, as other providers experience the benefits of efficient and timely exchange of health information, they are looking to partner with other providers who already possess this capability. In the future, providers who cannot exchange health care information through their EHRs or HIE may find themselves receiving fewer referrals from other health care providers. This same effect may also be experienced with clients as they begin to understand and appreciate the value of having all of their health care data conveniently accessible in one location, most likely through their PCP.

The momentum for EHRs and interoperability is also being bolstered by other initiatives, including reimbursement based on outcomes. As part of the Affordable Care Act — and currently primarily associated with the Medicare Access and CHIP Reauthorization Act of 2015 (see tinyurl.com/MACRA2015) — is a move toward merit-based payments for providers, as opposed to the current service-based payments.

In a merit-based payment program, providers are paid more when achieving efficient, effective outcomes instead of being paid for providing individual services. In other words, providers are incentivized to work harder to help clients achieve positive outcomes rather than “rack up charges” by providing multiple services. Participation in these programs currently requires a data management system that can not only track but also report outcomes electronically. It is likely that similar programs will find their way into the commercial insurance market and beyond in the future.

Exploration of this topic would require an article of its own. I bring it up here to note that the forces behind this movement — and their reasons for pushing for all health care providers to use electronic records and achieve interoperability — are myriad and regularly making progress.

These topics take on additional weight when combined with other initiatives. For example, we can strengthen our argument that counselors should be able to join the ranks of mental health professionals who provide services for Medicare recipients if we demonstrate an understanding of current reporting and reimbursement policies.

As the world becomes further steeped in technology, it is important that counselors keep up. This will allow us not only to keep pace as providers and businesspeople but also to better serve our clients.

Resources

  • I recently did a webinar with the American Counseling Association titled “Private Practice: Choosing a Best-Fit EHR” (see aca.digitellinc.com/aca/sessions/10741/view). It was telecast May 16 and is now available on demand. In the webinar, I explain how counselors can select electronic practice management resources to meet the unique needs of their practice and explore how to avoid costly mistakes.
  • Are you considering an EHR to meet your technology/HIE needs? Be sure to check out the freely available reviews on my website at tameyourpractice.com/EHRReviews.

 

****

 

Rob Reinhardt, a licensed professional counselor supervisor, is a private practice and business consultant who helps counselors create and maintain efficient, successful private practices. Before becoming a professional counselor, he worked as a software developer and director of information technology. Contact him at rob@tameyourpractice.com.

Letters to the editorct@counseling.org

 

Opinions expressed and statements made in articles appearing on CT Online should not be assumed to represent the opinions of the editors or policies of the American Counseling Association.

Technology Tutor: Scams aimed at counselors

By Rob Reinhardt January 18, 2018

Unlike social media, scams aren’t something new brought on by the advent of technology and the internet. Con artists, swindlers, charlatans, grifters — whatever you might call them — have existed since the dawn of humanity. What is new, however, is that these purveyors of fraud can carry out their schemes with more reach, speed and efficiency because of technology. A number of these scams are even targeted directly at mental health professionals. I have heard about some of these scams often enough over the past few years that I thought it would be helpful to summarize a few of them here to help prevent counselors from getting ensnared.

This is by no means an exhaustive list because new scams are cropping up all the time. We can expect continued and probably increased attempts aimed at mental health professionals because medical data carry such high value. It probably doesn’t help that counselors are altruistic and potentially more prone to easily trusting others. This makes many of us ideal targets for scammers.

The overpayment scam

In my experience, the overpayment scam has been the most prevalent in recent years. It starts with the counselor receiving an email requesting services from someone. Typically, the prospective client suggests that they are out of town or out of the country but want to secure several appointments for when they return. They offer to send a check for payment upfront for multiple sessions.

Shortly after the check is received, the person contacts the counselor, saying either that they have “mistakenly overpaid” or suddenly realized that they won’t be in town for all of the sessions for which they have paid. The person then asks the counselor to send a refund for the difference, typically via wire transfer. The scam is that the check the person sent is fraudulent. The counselor sends the refund, only to find out later that the check has bounced or been identified as a forgery, so the counselor has no recourse.

There are slight variants to this scam, including the con artist stating upfront that they are going to overpay and request a refund. In another frequent variant, the con artist suggests that they want to pay for services for a child, relative or friend who lives in the counselor’s area. In one of the most convincing versions I have heard about, the scammer suggests that he or she is part of a couple seeking counseling. The person goes into great detail about their issues and their desire to get several counseling sessions in while they are “back in town.” Alternatively, they have a very convincing reason why they can’t attend counseling where they live and thus are seeking services elsewhere.

Sadly, counselors who fall victim to this scam can end up dealing with more trouble than a simple loss of funds. If they cash the fraudulent check, the bank and, potentially, federal investigators may investigate to ensure that the counselor is not a willing participant in the scheme.

HIPAA phishing email

Although I haven’t seen the HIPAA phishing email lately, it’s a good example of how convincing phishing scams can look. A phishing attack is when someone with less than good intentions attempts to get information from you, typically by posing as another entity.

At the end of 2016, many medical professionals received what appeared to be an official email from the federal Department of Health and Human Services (HHS) Office for Civil Rights (OCR), the folks responsible for enforcing the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The email came from OSOCRAudit@hhs-gov.us and directed people to a website:
www.hhs-gov.us.

The email was on mock HHS letterhead and suggested that the recipient might be included in the HIPAA Privacy, Security and Breach Rules Audit Program. The link led to a website that was marketing cybersecurity services. It was convincing, in part, because of how similar the addresses were to the legitimate HHS website, which exists at hhs.gov, and the HHS email address of OSOCRAudit@hhs.gov.

For more details on phishing scams and tips for recognizing and avoiding them, read my blog post at bit.ly/TYPphishing.

You too can be a radio host

The following scenario might be filed under “disingenuous” rather than full-blown scam. It starts with an email or phone call suggesting that you would be a great person to have their own radio show on a popular radio or podcasting network. You may or may not have heard of this network. The questionable part of this scheme is that they only tell you further along in the process that you actually have to pay for “radio time.”

In a variant to this, you are invited to interview on an existing show. After the recording and a producer raving about how you’re “a natural” for radio, they spell out what it will cost to have your own show.

Not a scam: Informational audits

Many counselors have been receiving requests from third-party vendors, purportedly on behalf of private insurance companies, requesting client documentation for purposes of a “chart audit.” These can actually be legitimate requests. Insurance companies use this information for internal purposes, such as Affordable Care Act reporting, justifying rate increases and more. The chart audit isn’t the same as an audit to gauge medical necessity. It is more about quantifying things such as the frequency of certain diagnoses and codes.

Interestingly, the letters, emails and phone calls from these third-party vendors tend to be vague and ask for complete charts when those aren’t always necessary. This makes these requests look like scams. It can be especially concerning when something resembles a scam, yet the vendor mentions specific clients and dates of birth within the communication.

If you are in network with the insurance company, some question exists about whether you need to participate in these audits. Review your contract and consult with an attorney if you are unsure. As a first step, ask the third-party vendor to provide official documentation from the insurance company proving that the vendor is carrying out official business on the insurance company’s behalf. It is also prudent to verify this directly with the insurance company. My understanding is that counselors who are out-of-network providers are under no obligation to respond.

 

Ways to avoid scams

Trust your instincts: If red flags are raised for you, stop and investigate. Seek consultation, ask colleagues about it and do an internet search to determine whether the situation you are encountering has been seen before by others. Typical warning signs include prospective clients stating how many sessions they want and when, providing false phone numbers and asking for very specific modalities of treatment without apparent justification or understanding. In addition, any request from an unknown entity made via email or over the phone for client information or sensitive clinician information should be met with a healthy dose of skepticism.

Take your time: As natural helpers, our instinct may be to respond to requests promptly. If a request makes you feel uneasy, however, it is important to slow down and ensure that it is legitimate.

Use caution with checks: Especially in this day and age when credit card payments are the norm, accept payment via check only from trusted parties and only for the correct amount. It is important to note that you are responsible for any funds deposited via check. You are not safe just because a check initially clears. If the check is later discovered to be fraudulent, you will have to refund that money to the bank.

Report it: Many government agencies are involved with battling fraud and crime. The following website can help you determine where to report a scam: usa.gov/stop-scams-frauds.

 

Have you received a communication that you’re unsure about? Do you think you may have identified a new scam? Drop me a line at rob@tameyourpractice.com so we can investigate.

 

****

Related reading from the Counseling Today archives, on the overpayment scam: “Fraudster targets counselor’s innate empathy

 

****

 

Rob Reinhardt, a licensed professional counselor supervisor, is a private practice and business consultant who helps counselors create and maintain efficient, successful private practices. Before becoming a professional counselor, he worked as a software developer and director of information technology. Contact him at rob@tameyourpractice.com.

Letters to the editorct@counseling.org

 

****

 

Opinions expressed and statements made in articles appearing on CT Online should not be assumed to represent the opinions of the editors or policies of the American Counseling Association.

Technology Tutor: Revisiting the ethics of discussing clients online

By Rob Reinhardt November 7, 2017

If you have given even a cursory observation to the advertisements that appear on Facebook, during Google searches or on many of the websites that you visit, you will have noticed that these advertisements are targeted at you. The ads might be related to web searches you have performed, the area you live in or something that is generally popular with your age group.

This is how companies such as Facebook and Google make almost all of their money. They gather information about you (and everyone else) and sell advertising to companies that want to target you. They make a lot of money doing this because they are very good at letting those companies get very specific with their targeting. (Google reported revenues of $26 billion in the fourth quarter of 2016 alone.) For a glimpse into the kinds of details that Facebook collects about people, check out the great infographic at bit.ly/FBTargetOptions. That list keeps growing and getting more refined. It is especially important to note this passage from Facebook’s overview of how to target ads: “Behaviors are constructed from both someone’s activity on Facebook and offline activity provided by data from Facebook’s trusted third-party partners.”

In other words, to target advertising to their users, Facebook is collecting data from many different sources about both online and offline activity. So, this is not restricted only to the activity on Facebook.

What does this have to do with our clients (and potential clients)?

I continue to witness counselors engaging in referrals and case consultation in online forums such as Listservs and Facebook groups. This is despite my previous article on this topic last year in Counseling Today (see bit.ly/discussingclients) in which I discussed the difficulty of maintaining confidentiality for clients and the PIT principle (permanence, identity, transferability), and even with American Counseling Association Chief Professional Officer David Kaplan clearly stating that discussing clients online is an ethics no-no. The existence of marketing databases curated by entities such as Facebook and Google adds yet another reason that we need to consider other ways of addressing client needs.

Take this example of a completely fictional situation that could quite easily refer to a real situation:

Johnny Client contacts Susie Counselor about an appointment. He provides some background, and Susie recognizes that she is not a great fit for him. She decides to reach out to her local mailing list or Facebook group of therapists to see if she can provide Johnny with a solid referral. She writes: “Looking for referral for 30-something male dealing with depression. Needs counselor in network with ABC Insurance.”

Although this may seem innocuous at first, it is likely more than enough information for Johnny to be identified. In my previous article, I pointed out the human reasons this is an issue. (For instance, what if someone who knows Johnny or even Johnny himself is in the group? What if someone copies and pastes or screenshots the information?)

Now let’s look at it from a targeted marketing standpoint. Johnny’s call to Susie didn’t happen in a vacuum. Prior to calling her, Johnny did a search for “Counselor MyTown” and visited Susie’s website. These are traceable behaviors tied directly to Johnny, and they likely will end up in the databases used by entities such as Google and Facebook to target advertising. Based on these behaviors, Johnny is likely to start seeing ads on his computer for mental health treatments, counselors in the area and self-help books.

It is important to note that Susie Counselor is now probably connected to Johnny in these databases because he visited her website and placed a call to her. So, when she posts about the 30-something male with depression shortly after receiving Johnny’s call, it’s not a huge leap for database algorithms to figure out that this is the same Johnny Client who recently visited her website and called her — the same Johnny Client whose address, birthday and many other pieces of information already exist in the databases. Except now, thanks to Susie, those databases have learned that Johnny is dealing with depression. They may well have already known what insurance Johnny has, but if not, that’s another bonus that Susie provided for them.

What you can do

I’d like to highlight one of my suggestions from the previous article as well as provide a couple of other suggestions:

  • Make it counselor-centric: When seeking someone to refer to, focus on the counselor’s skills, not the client’s issues. For example, you might say, “I’m looking for a counselor who helps clients dealing with depression.”
  • Keep it offline: Go old school! Keep your own notebook or database of people you can refer to. Note their strengths, location, the insurance they accept, etc. Network and get to know them to elevate the quality of your referrals.
  • Raise awareness: Sometimes, counselors need to be reminded of things that we often tell our clients. For instance, just because others are engaging in a behavior doesn’t make it OK. Make others in your online forums aware of the privacy issues surrounding discussing referrals and cases online. Point them to this article and to my previous article that I referenced earlier. Point them to the pertinent passages in the ACA Code of Ethics (noted below). Even if they aren’t counselors, the ethics codes for social workers, psychologists, marriage and family therapists and psychiatrists contain similar passages, so their concern for client privacy and confidentiality should be just as great. Above all, be kind and compassionate in your approach.

Pertinent standards in the ACA Code of Ethics

B.1.c. Respect for Confidentiality

“Counselors protect the confidential information of prospective and current clients. Counselors disclose information only with appropriate consent or with sound legal or ethical justification.”

****

Note the inclusion of “prospective” clients. Do you have the person’s consent before disclosing anything about them online? Can you accomplish your goal without disclosing information about them online? If so, what is your legal or ethical justification for disclosing?

B.2.e. Minimal Disclosure

“To the extent possible, clients are informed before confidential information is disclosed and are involved in the disclosure decision-making process. When circumstances require the disclosure of confidential information, only essential information is revealed.”

****

Do clients (or prospective clients) fully understand the ramifications of you disclosing information about them online? Do they understand how few details it might take for computer algorithms to identify them? Are they aware of all the options for accomplishing the goal, and do they approve of online disclosure?

B.3.c. Confidential Settings

“Counselors discuss confidential information only in settings in which they can reasonably ensure client privacy.”

****

Is there any way that this standard doesn’t completely rule out using online forums for any disclosure? Based on my experience and expertise, there simply is no way that counselors can reasonably ensure client privacy if they share any details about clients in most online forums.

****

For an interesting discussion of this topic, including an interview with social media policy expert Keely Kolmes, check out Episode 104 of the TherapyTech with Rob and Roy podcast.

 

****

 

Rob Reinhardt, a licensed professional counselor supervisor, is a private practice and business consultant who helps counselors create and maintain efficient, successful private practices. Before becoming a professional counselor, he worked as a software developer and director of information technology. Contact him at rob@tameyourpractice.com.

Letters to the editor: ct@counseling.org

 

****

 

Opinions expressed and statements made in articles appearing on CT Online should not be assumed to represent the opinions of the editors or policies of the American Counseling Association.

Technology Tutor: Answering your questions: From protected health information to search engine optimization

By Rob Reinhardt August 31, 2017

I often receive questions during consultations that require fairly brief answers. Although I tend to focus on “big picture” topics in this column, I thought I’d take a break from that routine to answer some of the most popular questions I get asked related to technology in private practice.

Some of these questions touch on legal matters, but please note that my answers do not qualify as legal advice. You should always consult an attorney about legal questions.

 

****

 

Can I use online accounting/billing services such as QuickBooks Online and remain compliant with the Health Insurance Portability and Accountability Act (HIPAA)?

The short answer: It depends. The answer centers around whether you are storing protected health information (PHI) in whatever online system you are using. According to the U.S. Department of Health and Human Services (HHS) summary of the HIPAA privacy rule, PHI is information, including demographic data, that relates to:

  • The individual’s past, present or future physical or mental health or condition
  • The provision of health care to the individual
  • The past, present or future payment for the provision of health care to the individual

This information must identify the individual, or a reasonable basis must exist to believe that it can be used to identify the individual.

If you are storing PHI with a third party, you must enter into a business associate agreement (BAA) with that party. The BAA is a contract that essentially states that the vendor will comply with HIPAA. It also lays out what the vendor’s responsibilities and your responsibilities are for protecting PHI, among other things.

To the question at hand, to use any online service that stores client information, you would need to choose a vendor that complies with HIPAA and that will enter into a BAA with you. At the time of this writing, QuickBooks Online does not meet those requirements. In fact, QuickBooks Online recommends that its users do not enter PHI into its system (see bit.ly/QBHIPAA).

So, why was my initial answer, “It depends”? Because if you are not entering any PHI into QuickBooks Online, then you can still use it while complying with HIPAA. The most common case for this is when client billing is handled through a separate application (see bit.ly/EHRReviews) and a counselor uses QuickBooks only for accounting (tracking of revenue and expenses not attached to any particular client).

 

****

Can I remain HIPAA compliant if I use services such as an online calendar from a vendor that isn’t HIPAA compliant if I use only the client’s initials?

The short answer: No. HHS has clearly stated that “a data set that contained patient initials, or the last four digits of a Social Security number, would not meet the requirement of the Safe Harbor method for de-identification.”

HHS is referring to the de-identification of PHI. HIPAA does allow the storage and transfer of PHI if it has been properly de-identified. This means that someone would not be able to determine the individual with whom the PHI is associated because enough identifying information has been stripped away.

There are two methods to achieve this level of de-identification. One is the “expert method.” This means that you or someone you hire who has “appropriate knowledge of and experience with generally accepted statistical and scientific principles and methods for rendering information not individually identifiable” is able to declare and document that the PHI has been properly de-identified. This is a highly unlikely scenario for most counselors, so you will instead need to rely on the HHS guidance for obtaining Safe Harbor. That guidance is available at hhs.gov/hipaa/for-professionals/privacy/special-topics/de-identification/index.html.

 

****

How can I get my website on the first page of search results?

The short answer is that there is no guaranteed way to get on the first page of search results. I encourage you to be wary of any “SEO optimization” vendor or service that promises that you’ll land on the top of the first page of Google search results, for example.

That being said, SEO (search engine optimization) is a real thing. It encompasses myriad tools and steps that you can take to improve the performance of your website in searches. Much of the process boils down to the content and keywords on your website, along with having external links pointing to your site, but it truly requires a focused, multipronged effort and time to achieve results. 

A great place to start is with the SEO tutorial at moz.com/beginners-guide-to-seo. After reading the tutorial, you should have a good idea of the things you might be able to do yourself. Even if you ultimately hire someone else to do it all for you, you’ll be better informed about what to realistically expect and better equipped to identify those who might be making false promises.

 

****

If you’d like for me to address more questions like these in future Technology Tutor columns, send me an email. In the meantime, be sure to check out the new free TherapyTech with Rob and Roy podcast (I’m the Rob in there!) at therapytechrobroy.com.

 

****

 

 

 

Rob Reinhardt, a licensed professional counselor supervisor, is a private practice and business consultant who helps counselors create and maintain efficient, successful private practices. Before becoming a professional counselor, he worked as a software developer and director of information technology. Contact him at rob@tameyourpractice.com.

Letters to the editorct@counseling.org

 

****

 

Opinions expressed and statements made in articles appearing on CT Online should not be assumed to represent the opinions of the editors or policies of the American Counseling Association.

Technology Tutor: Ethical and legal considerations of counseling tech

By Rob Reinhardt March 31, 2017

Last year, I interviewed a counselor who had been conducting text counseling via the Talkspace service (see ct.counseling.org/2016/06/technology-tutor/). Not long after this, two articles were published that brought some of the legalities and ethics of the Talkspace model into question (see bit.ly/ForbesTS and bit.ly/TSVerge). Given the continued growth of telehealth services, it seems a good time to provide an overview of ethics considerations when using technology in counseling.

Although those articles focused on alleged issues at one particular company, it is important that we apply our ethics decision-making lens to all applications of technology in our counseling work. This includes applications used for electronic health records (EHR), telemental health, internet faxing and so on.

Among the possible scenarios with ethical implications that have been raised for counselors using telemental health platforms are:

  • Concerns about potential violations of the Health Insurance Portability and Accountability Act (HIPAA).
  • Platforms removing the ability for clients to speak with their assigned clinicians.
  • Emails being sent to multiple clients in which the email addresses are visible to all recipients, resulting in possible confidentiality/HIPAA violations.
  • Platforms using the term “customer” instead of “client” in communications to those receiving services, suggesting that such platforms have only a business relationship with clients, not a professional one requiring the same level of privacy/confidentiality that is maintained by licensed clinicians.
  • Concerns that platforms do not have a quick and easy way for clinicians to access client contact information in cases of emergency.
  • Issues regarding mandated reporting and other ethical and legal responsibilities.

I am presenting these concerns here as an opportunity to explore potential real-life ethics situations in the digital age. Let’s examine how counselors can think about these issues and assess whether a particular telemental health or other software platform is right for them and their potential clients.

 

HIPAA

When interviewing any vendor that will come into contact with protected health information (PHI) for which you are responsible, a great starting point is to ask how the company complies with HIPAA. If you’re not satisfied with the vendor’s answer, this should be a nonstarter.

The vendor should be able to provide you with detailed information about how it complies with HIPAA and provide a copy of its business associate agreement (BAA). The BAA is the vendor’s contract with you acknowledging that it complies with HIPAA and detailing what its responsibilities are. If the vendor claims it doesn’t need to comply with HIPAA for some reason (a popular excuse is that the vendor “never has access to PHI”), you should proceed with extreme caution. This reason does apply in certain cases, but they are very rare.

Even if your vendor complies with HIPAA, it is very important not to assume that all of your bases are covered. There are still the ethics concerns noted earlier and the HIPAA compliance measures that you need to address yourself (see tameyourpractice.com/HIPAA).

 

Action point

Check your prospective vendors’ level of HIPAA compliance and confirm that they will enter into a BAA with you.

 

Client autonomy

“Autonomy, or fostering the right to control the direction of one’s life,” is the first guiding professional value listed in the 2014 ACA Code of Ethics (and is also an integral facet of HIPAA). Our ethics code says that clients have the right to choose their counselors. Therefore, counselors who are working as providers in these platforms have a duty to understand if this right will be given. It would be problematic if the platform could disconnect clients from their counselors without client consent or absent an ethical violation on the part of a counselor. If this is a possible scenario on a platform that a counselor is using, it should raise a red flag.

 

Action points

Relationship: When involving a third party such as a platform for telemental health in our counseling work, we must thoroughly investigate what the relationship between the third party and the client would be. Does the third party have “control” over that relationship and the associated records, or do the client and counselor maintain that control? It is important to consider what might happen in different situations. For example, if you decide to switch which vendor you partner with to provide a service, is there anything preventing you from working with the same clients through the new platform? If you need to refer out, how is that handled? Interestingly, these are the same sorts of questions to explore for those joining a group private practice.

Contact: As part of this confirmation of relationship dynamics, counselors should ensure that they have accurate contact information for clients or can gain access to that information in an emergency.

 

Handling of emergency situations

The handling of potential emergency situations is particularly relevant to any form of telehealth. As counselors, we are required by the 2014 ACA Code of Ethics to have a plan for handling contingencies, and when we involve a third party, it is important to explore whether that involvement might present new barriers to such a plan. For example, let’s say a counselor has an urgent need to contact a client or that client’s emergency contact. The counselor uses a cloud-based electronic health records (EHR) system to store client information. What happens if the EHR system or the internet connection is offline? Does the counselor or the EHR vendor have a contingency plan for accessing that information?

 

Action points

Vendor policies and procedures: Know how your vendors handle emergency situations. Is there a way to access data when you have lost your usual route of access? What are your vendors’ contingency plans? Do they have any documentation of past “up time” (percent of time they are up and running) or “outages”?

Contingency planning: Once you know your options with the vendor, what is your plan? Do you keep a secure backup of client contact information in case of emergency? Do you have a backup internet connection (perhaps you can access the EHR via your mobile device via the cellular network)?

If you need additional guidance regarding the creation of a contingency plan, see tameyourpractice.com/contingency.

 

Who is responsible for what?

One of the challenges described by clinicians who have worked with these platforms is identifying exactly who is responsible for what. Tied into both of the previous points, questions are raised about who is responsible for handling emergency situations, record-keeping, billing and even coordination of care with other providers.

Action points

Noting key responsibilities: It might help to make a checklist of your key ethical, legal and clinical responsibilities when it comes to clients (informed consent, HIPAA privacy and security compliance, etc.). Although many of these responsibilities are universal, others may differ depending on the environment in which you work and the clients with whom you work. Construct this checklist so that you are clear on who has ownership of each of these responsibilities and, if necessary, what the contingency plan is for each.

Vetting vendors (or “What are you agreeing to?”): What are the policies and procedures of the third-party vendor? What are the terms and conditions? What is the corporate climate and goals of the vendor? Is the vendor’s organization a for-profit venture run by venture capitalists with no experience in mental health care? Do they express an understanding, both verbally and in policy, of the ACA Code of Ethics? What limitations, if any, do they place on your provision of care? Are there additional limitations, such as clinicians being prohibited to talk with the news media about their experience using the software?

 

Terms and conditions

As tempting, and common, as it is to breeze through “terms and conditions” pages, this is definitely not the time to do so. Many of the action points I’ve mentioned will involve finding answers not just by asking vendor representatives, but by reading the terms and conditions or contract. What is written there is likely more binding than something that a customer service or sales representative told you. Furthermore, if what is written in the terms and conditions differs from what was verbally communicated to you, that should raise a red flag.

 

Action point

Go through the vendor’s terms and conditions with a fine-toothed comb. Weigh them against your ethics and legal responsibilities to ensure compatibility.

 

*****

 

Please note that this is not an exhaustive list. As we increasingly integrate technology into our counseling work, it also increases the number of risk management items on our plate. Thankfully, if handled well, the use of technology can also be of great benefit to our clients and our work with them.

Have questions about how your situation or the use of a specific service is affected by ethics and HIPAA? Send me an email. For a broader overview of telehealth considerations, read the article at bit.ly/TYPTH.

Note that the American Counseling Association does not endorse or condemn the use of any particular telemental health platform. Counselors should always consider the 2014 ACA Code of Ethics, local and national laws, and their own best judgment before using new technologies.

 

****

 

Rob Reinhardt, a licensed professional counselor supervisor, is a private practice and business consultant who helps counselors create and maintain efficient, successful private practices. Before becoming a professional counselor, he worked as a software developer and director of information technology. Contact him at rob@tameyourpractice.com.

 

Letters to the editor: ct@counseling.org

 

****

 

Opinions expressed and statements made in articles appearing on CT Online should not be assumed to represent the opinions of the editors or policies of the American Counseling Association.