Tag Archives: technology tutor

Technology Tutor: Making sure your website is seen and complies with the ACA Code of Ethics

By Rob Reinhardt September 11, 2018

Having a website is a building block that is integral to most successful businesses these days. This is no different for counselors running a nonprofit, agency, private practice or other venture. Increasingly, people are connecting with their service providers by first encountering them online through directory listings and websites. Even when referred directly to a counselor by someone else, many prospective clients want to read more about the counselor before making contact.

The expanding importance of websites leads to various topics, including creating quality content that attracts, and connects with, the people for whom you or your organization are best suited to provide services. Before that can happen, however, people need to be able to find your website.

To that end, I want to discuss some important recent developments that affect the visibility of websites. For good measure, I’ll also cover some items you should review to ensure compliance with the 2014 ACA Code of Ethics.

What’s the big deal about SSL?

SSL, or Secure Sockets Layer, is the encryption protocol for websites and browsers. If a site is using SSL, you will see “https” instead of “http” in front of the internet address/URL. Depending on your browser, you may also see a lock, the word “Secure” or both.

In the past, SSL was used primarily on e-commerce sites. The prevailing logic at the time was that the SSL level of security was necessary only when carrying out financial transactions. Later, any site featuring accounts or logins was added to the list of those needing this higher level of security.

Now, however, it is important for every site that collects information to use SSL. This is true even if you have only a simple contact form. Here’s why:

  • Security: The use of SSL can help prevent malware/viruses on your website. Even if the only way that people submit information through your website is a contact form, you don’t want someone to have the potential of spying on everything submitted via that form.
  • Search engine optimization (SEO): SEO is the process of improving how your website performs in searches. In short, you want your website at or near the top of the page when people search for specific terms (for example, “counselor your town”). Google “punishes” sites in search results that don’t use SSL. This means that your website may be less likely to be found by potential clients if you aren’t using SSL.
  • Ethics and professional appearance: This past July, Google Chrome started showing sites as “Not Secure,” along with a red caution triangle, in the Chrome web address bar if they aren’t using SSL. This isn’t likely to make a good first impression on potential clients who are investigating your services. Furthermore, the 2014 ACA Code of Ethics requires that we take reasonable measures to protect people’s privacy and confidentiality.

Standard H.2.d. states: “Counselors use current encryption standards within their websites and/or technology-based communications that meet applicable legal requirements. Counselors take reasonable precautions to ensure the confidentiality of information transmitted through any electronic means.”

Fortunately, SSL has become much easier to implement, and many web hosts offer it for little or no cost. One program that many participate in is called Let’s Encrypt (letsencrypt.org). Be sure to check with your web host or web developer to address this if you haven’t already.

Pro tip: To learn more about SEO, check out the excellent beginner’s tutorial at moz.com/beginners-guide-to-seo.

Pro tip 2: Now is the time to incorporate video. Not only does video provide an opportunity to let clients “meet” you and your organization, but it also tends to help with SEO. Counselors in private practice have reported significant success in having videos of themselves speaking about counseling and their approach or even giving tours of their office. Videos along these lines can help clients connect with us and feel more at ease about contacting us.

On the ethics side

While looking at potential improvements to your website, you have the perfect opportunity to also ensure that you’re taking steps to comply with the 2014 ACA Code of Ethics. Here are a few of the things to have on your checklist:

Post your informed consent, policies and licensure information

Standard H.5.b. of the ACA Code of Ethics says: “Counselors who offer distance counseling services and/or maintain a professional website provide electronic links to relevant licensure and professional certification boards to protect consumer and client rights and address ethical concerns.”

There isn’t necessarily a specific way or format in which these need to be posted, but they should be readily accessible. It may be a good idea to have them somewhere in your menu structure to ensure that you have accessibility covered.

Testimonials and reviews

Do you have testimonials or reviews posted on your site? Although these can be incredibly helpful for most businesses, there are some very important restrictions and caveats that counselors must follow. (For more, see ct.counseling.org/2015/04/ethical-pitfalls-of-online-testimonials-and-reviews/). Now is a great time to add some testimonials from colleagues and referral sources.

Social media policy

You likely have social media such as your Facebook page linked from your website. So, be sure that you also have an updated social media policy available on your site.

Standard H.6.b. states: “Counselors clearly explain to their clients, as part of the informed consent procedure, the benefits, limitations and boundaries of the use of social media.”

Secure contact form

Although SSL will secure data sent from a client’s computer to your web server, the protection ends there. Depending on your web host and package, there may be no encryption on the server or on the delivery of the contact form contents to your email address. This is the one point of data collection almost every counselor and counseling-related organization has on their site that can be considered a point of potential vulnerability. The good news is that there are easy and inexpensive ways to secure contact form submissions. (See tameyourpractice.com/email for more information.)


Want to know more about improving your website? Do you have specific questions? Do you have suggestions for what to cover in a future Technology Tutor column? Drop me a line.




Rob Reinhardt, a licensed professional counselor supervisor, is a private practice and business consultant who helps counselors create and maintain efficient, successful private practices. Before becoming a professional counselor, he worked as a software developer and director of information technology. Contact him at rob@tameyourpractice.com.

Letters to the editor: ct@counseling.org




Opinions expressed and statements made in articles appearing on CT Online should not be assumed to represent the opinions of the editors or policies of the American Counseling Association.

Technology Tutor: Why counselors need to understand health information exchange

By Rob Reinhardt June 6, 2018

Because most counselors have flown under the “meaningful use” radar so far, they may not be familiar with the term health information exchange (HIE). Moving forward, however, it will be important for counselors to educate themselves because the model for provision of care in the United States continues to move toward that of interoperability and integrated care. In this article, I discuss the basics of HIE and the reasons that counselors need to understand it.


The picture of how HIE came about is complex. It developed over many years and includes previously existing Medicare and Medicaid programs, programs created by the Affordable Care Act, as well as the Health Information Technology for Economic and Clinical Health (HITECH) Act. The overarching goal that resulted in the genesis of HIE was that of interoperability as a critical component of improving the quality, efficiency and safety of health care delivery while reducing its overall costs.

As described on the HealthIT.gov website, interoperability is generally accepted to mean the ability of two or more systems or components to 1) exchange information and 2) use the information that has been exchanged.

The promise of interoperability is that health care providers can readily share and use each other’s information in the provision of services. This means that if you visit your primary care physician (PCP), who then sends you to a specialist, that specialist should be able to receive your records from your PCP before you arrive. In other words, there is no need for you to cart your records around and report the entire story over again. There is no need to repeat tests that have already been completed. This also means that in emergency situations, a hospital should be able to quickly access your medical history and know exactly what medications you are currently taking.

From a big-picture standpoint, interoperability also means that data can be aggregated more quickly and effectively to track things such as outbreaks of the flu or other illnesses. These are just a few examples of the benefits of interoperability, but they illustrate why it is considered critical to the mission of the Affordable Care and HITECH acts.

The Meaningful Use program and HIEs

How critical is interoperability? In 2010, the State Health Information Exchange Cooperative Agreement Program was created, which led to $548 million being awarded to states for the purposes of establishing and improving state-managed HIEs. In April 2015, Congress declared it “a national objective to achieve widespread exchange of health information through interoperable certified EHR [electronic health record] technology nationwide by December 31, 2018.”

The Meaningful Use program was created to provide incentives for EHR adoption by eligible professionals. The program also includes reimbursement penalties for those who do not participate. (For more, see tameyourpractice.com/blog/meaningful-use-and-mental-health-professionals.) Although the Meaningful Use program tasked providers with adopting EHRs that could exchange information, that process has been slow, and it is not always efficient or effective. In addition, counselors have not been included in the incentives or penalties for meaningful use (the same holds true for all mental health providers apart from those who prescribe medications).

HIEs are meant to speed up the achievement of interoperability while also filling in gaps and providing a central repository of records. Providers who haven’t fully achieved the ability to exchange information with other providers can at least provide it to the HIE. For example, rather than a hospital having to query multiple providers for records, it can query just one system, the HIE, to get vital information about a patient. The time savings in emergency situations can also save lives.

Implications for counselors

So, if counselors haven’t been a part of meaningful use, why do we need to pay attention to it? The fact is that despite of our exclusion from the Meaningful Use program, the national engine pushing for all health care providers to achieve interoperability has still been running. States have been incentivized to help move that engine along too, and their ability to continue to fund their programs is attached to milestones.

To that end, states are increasingly enacting measures requiring participation in HIEs or other programs in an effort to achieve widespread interoperability. For example, here in North Carolina where I am located, participation in HIE has been mandated for any health care provider receiving state funds. This includes not only those who accept Medicaid, but also those who work with employees of the state (through a plan currently managed by Blue Cross Blue Shield of North Carolina). As of this writing there are over 700,000 people in North Carolina dependent on the State Employees’ Health plan and almost 2 million Medicaid recipients. Counselors will be able to continue serving those clients only if they meet the HIE mandate deadlines (currently June 1, 2018, for Medicaid and June 1, 2019, for state employees).

Other states have or are pursuing similar measures. The following website links to each state’s respective HIE website so that counselors can stay up to date on developments: healthit.gov/topic/onc-hitech-programs/state-health-information-exchange.

Before proclaiming, “I don’t accept insurance” and turning the page, read on. In some states (such as Minnesota), mandates have been applied to all providers, regardless of how payments are received. (Minnesota’s mandate has since been amended to provide some exceptions and currently carries no penalties.)

Perhaps more important, as other providers experience the benefits of efficient and timely exchange of health information, they are looking to partner with other providers who already possess this capability. In the future, providers who cannot exchange health care information through their EHRs or HIE may find themselves receiving fewer referrals from other health care providers. This same effect may also be experienced with clients as they begin to understand and appreciate the value of having all of their health care data conveniently accessible in one location, most likely through their PCP.

The momentum for EHRs and interoperability is also being bolstered by other initiatives, including reimbursement based on outcomes. As part of the Affordable Care Act — and currently primarily associated with the Medicare Access and CHIP Reauthorization Act of 2015 (see tinyurl.com/MACRA2015) — is a move toward merit-based payments for providers, as opposed to the current service-based payments.

In a merit-based payment program, providers are paid more when achieving efficient, effective outcomes instead of being paid for providing individual services. In other words, providers are incentivized to work harder to help clients achieve positive outcomes rather than “rack up charges” by providing multiple services. Participation in these programs currently requires a data management system that can not only track but also report outcomes electronically. It is likely that similar programs will find their way into the commercial insurance market and beyond in the future.

Exploration of this topic would require an article of its own. I bring it up here to note that the forces behind this movement — and their reasons for pushing for all health care providers to use electronic records and achieve interoperability — are myriad and regularly making progress.

These topics take on additional weight when combined with other initiatives. For example, we can strengthen our argument that counselors should be able to join the ranks of mental health professionals who provide services for Medicare recipients if we demonstrate an understanding of current reporting and reimbursement policies.

As the world becomes further steeped in technology, it is important that counselors keep up. This will allow us not only to keep pace as providers and businesspeople but also to better serve our clients.


  • I recently did a webinar with the American Counseling Association titled “Private Practice: Choosing a Best-Fit EHR” (see aca.digitellinc.com/aca/sessions/10741/view). It was telecast May 16 and is now available on demand. In the webinar, I explain how counselors can select electronic practice management resources to meet the unique needs of their practice and explore how to avoid costly mistakes.
  • Are you considering an EHR to meet your technology/HIE needs? Be sure to check out the freely available reviews on my website at tameyourpractice.com/EHRReviews.




Rob Reinhardt, a licensed professional counselor supervisor, is a private practice and business consultant who helps counselors create and maintain efficient, successful private practices. Before becoming a professional counselor, he worked as a software developer and director of information technology. Contact him at rob@tameyourpractice.com.

Letters to the editorct@counseling.org


Opinions expressed and statements made in articles appearing on CT Online should not be assumed to represent the opinions of the editors or policies of the American Counseling Association.

Technology Tutor: Scams aimed at counselors

By Rob Reinhardt January 18, 2018

Unlike social media, scams aren’t something new brought on by the advent of technology and the internet. Con artists, swindlers, charlatans, grifters — whatever you might call them — have existed since the dawn of humanity. What is new, however, is that these purveyors of fraud can carry out their schemes with more reach, speed and efficiency because of technology. A number of these scams are even targeted directly at mental health professionals. I have heard about some of these scams often enough over the past few years that I thought it would be helpful to summarize a few of them here to help prevent counselors from getting ensnared.

This is by no means an exhaustive list because new scams are cropping up all the time. We can expect continued and probably increased attempts aimed at mental health professionals because medical data carry such high value. It probably doesn’t help that counselors are altruistic and potentially more prone to easily trusting others. This makes many of us ideal targets for scammers.

The overpayment scam

In my experience, the overpayment scam has been the most prevalent in recent years. It starts with the counselor receiving an email requesting services from someone. Typically, the prospective client suggests that they are out of town or out of the country but want to secure several appointments for when they return. They offer to send a check for payment upfront for multiple sessions.

Shortly after the check is received, the person contacts the counselor, saying either that they have “mistakenly overpaid” or suddenly realized that they won’t be in town for all of the sessions for which they have paid. The person then asks the counselor to send a refund for the difference, typically via wire transfer. The scam is that the check the person sent is fraudulent. The counselor sends the refund, only to find out later that the check has bounced or been identified as a forgery, so the counselor has no recourse.

There are slight variants to this scam, including the con artist stating upfront that they are going to overpay and request a refund. In another frequent variant, the con artist suggests that they want to pay for services for a child, relative or friend who lives in the counselor’s area. In one of the most convincing versions I have heard about, the scammer suggests that he or she is part of a couple seeking counseling. The person goes into great detail about their issues and their desire to get several counseling sessions in while they are “back in town.” Alternatively, they have a very convincing reason why they can’t attend counseling where they live and thus are seeking services elsewhere.

Sadly, counselors who fall victim to this scam can end up dealing with more trouble than a simple loss of funds. If they cash the fraudulent check, the bank and, potentially, federal investigators may investigate to ensure that the counselor is not a willing participant in the scheme.

HIPAA phishing email

Although I haven’t seen the HIPAA phishing email lately, it’s a good example of how convincing phishing scams can look. A phishing attack is when someone with less than good intentions attempts to get information from you, typically by posing as another entity.

At the end of 2016, many medical professionals received what appeared to be an official email from the federal Department of Health and Human Services (HHS) Office for Civil Rights (OCR), the folks responsible for enforcing the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The email came from OSOCRAudit@hhs-gov.us and directed people to a website:

The email was on mock HHS letterhead and suggested that the recipient might be included in the HIPAA Privacy, Security and Breach Rules Audit Program. The link led to a website that was marketing cybersecurity services. It was convincing, in part, because of how similar the addresses were to the legitimate HHS website, which exists at hhs.gov, and the HHS email address of OSOCRAudit@hhs.gov.

For more details on phishing scams and tips for recognizing and avoiding them, read my blog post at bit.ly/TYPphishing.

You too can be a radio host

The following scenario might be filed under “disingenuous” rather than full-blown scam. It starts with an email or phone call suggesting that you would be a great person to have their own radio show on a popular radio or podcasting network. You may or may not have heard of this network. The questionable part of this scheme is that they only tell you further along in the process that you actually have to pay for “radio time.”

In a variant to this, you are invited to interview on an existing show. After the recording and a producer raving about how you’re “a natural” for radio, they spell out what it will cost to have your own show.

Not a scam: Informational audits

Many counselors have been receiving requests from third-party vendors, purportedly on behalf of private insurance companies, requesting client documentation for purposes of a “chart audit.” These can actually be legitimate requests. Insurance companies use this information for internal purposes, such as Affordable Care Act reporting, justifying rate increases and more. The chart audit isn’t the same as an audit to gauge medical necessity. It is more about quantifying things such as the frequency of certain diagnoses and codes.

Interestingly, the letters, emails and phone calls from these third-party vendors tend to be vague and ask for complete charts when those aren’t always necessary. This makes these requests look like scams. It can be especially concerning when something resembles a scam, yet the vendor mentions specific clients and dates of birth within the communication.

If you are in network with the insurance company, some question exists about whether you need to participate in these audits. Review your contract and consult with an attorney if you are unsure. As a first step, ask the third-party vendor to provide official documentation from the insurance company proving that the vendor is carrying out official business on the insurance company’s behalf. It is also prudent to verify this directly with the insurance company. My understanding is that counselors who are out-of-network providers are under no obligation to respond.


Ways to avoid scams

Trust your instincts: If red flags are raised for you, stop and investigate. Seek consultation, ask colleagues about it and do an internet search to determine whether the situation you are encountering has been seen before by others. Typical warning signs include prospective clients stating how many sessions they want and when, providing false phone numbers and asking for very specific modalities of treatment without apparent justification or understanding. In addition, any request from an unknown entity made via email or over the phone for client information or sensitive clinician information should be met with a healthy dose of skepticism.

Take your time: As natural helpers, our instinct may be to respond to requests promptly. If a request makes you feel uneasy, however, it is important to slow down and ensure that it is legitimate.

Use caution with checks: Especially in this day and age when credit card payments are the norm, accept payment via check only from trusted parties and only for the correct amount. It is important to note that you are responsible for any funds deposited via check. You are not safe just because a check initially clears. If the check is later discovered to be fraudulent, you will have to refund that money to the bank.

Report it: Many government agencies are involved with battling fraud and crime. The following website can help you determine where to report a scam: usa.gov/stop-scams-frauds.


Have you received a communication that you’re unsure about? Do you think you may have identified a new scam? Drop me a line at rob@tameyourpractice.com so we can investigate.



Related reading from the Counseling Today archives, on the overpayment scam: “Fraudster targets counselor’s innate empathy




Rob Reinhardt, a licensed professional counselor supervisor, is a private practice and business consultant who helps counselors create and maintain efficient, successful private practices. Before becoming a professional counselor, he worked as a software developer and director of information technology. Contact him at rob@tameyourpractice.com.

Letters to the editorct@counseling.org




Opinions expressed and statements made in articles appearing on CT Online should not be assumed to represent the opinions of the editors or policies of the American Counseling Association.

Technology Tutor: Revisiting the ethics of discussing clients online

By Rob Reinhardt November 7, 2017

If you have given even a cursory observation to the advertisements that appear on Facebook, during Google searches or on many of the websites that you visit, you will have noticed that these advertisements are targeted at you. The ads might be related to web searches you have performed, the area you live in or something that is generally popular with your age group.

This is how companies such as Facebook and Google make almost all of their money. They gather information about you (and everyone else) and sell advertising to companies that want to target you. They make a lot of money doing this because they are very good at letting those companies get very specific with their targeting. (Google reported revenues of $26 billion in the fourth quarter of 2016 alone.) For a glimpse into the kinds of details that Facebook collects about people, check out the great infographic at bit.ly/FBTargetOptions. That list keeps growing and getting more refined. It is especially important to note this passage from Facebook’s overview of how to target ads: “Behaviors are constructed from both someone’s activity on Facebook and offline activity provided by data from Facebook’s trusted third-party partners.”

In other words, to target advertising to their users, Facebook is collecting data from many different sources about both online and offline activity. So, this is not restricted only to the activity on Facebook.

What does this have to do with our clients (and potential clients)?

I continue to witness counselors engaging in referrals and case consultation in online forums such as Listservs and Facebook groups. This is despite my previous article on this topic last year in Counseling Today (see bit.ly/discussingclients) in which I discussed the difficulty of maintaining confidentiality for clients and the PIT principle (permanence, identity, transferability), and even with American Counseling Association Chief Professional Officer David Kaplan clearly stating that discussing clients online is an ethics no-no. The existence of marketing databases curated by entities such as Facebook and Google adds yet another reason that we need to consider other ways of addressing client needs.

Take this example of a completely fictional situation that could quite easily refer to a real situation:

Johnny Client contacts Susie Counselor about an appointment. He provides some background, and Susie recognizes that she is not a great fit for him. She decides to reach out to her local mailing list or Facebook group of therapists to see if she can provide Johnny with a solid referral. She writes: “Looking for referral for 30-something male dealing with depression. Needs counselor in network with ABC Insurance.”

Although this may seem innocuous at first, it is likely more than enough information for Johnny to be identified. In my previous article, I pointed out the human reasons this is an issue. (For instance, what if someone who knows Johnny or even Johnny himself is in the group? What if someone copies and pastes or screenshots the information?)

Now let’s look at it from a targeted marketing standpoint. Johnny’s call to Susie didn’t happen in a vacuum. Prior to calling her, Johnny did a search for “Counselor MyTown” and visited Susie’s website. These are traceable behaviors tied directly to Johnny, and they likely will end up in the databases used by entities such as Google and Facebook to target advertising. Based on these behaviors, Johnny is likely to start seeing ads on his computer for mental health treatments, counselors in the area and self-help books.

It is important to note that Susie Counselor is now probably connected to Johnny in these databases because he visited her website and placed a call to her. So, when she posts about the 30-something male with depression shortly after receiving Johnny’s call, it’s not a huge leap for database algorithms to figure out that this is the same Johnny Client who recently visited her website and called her — the same Johnny Client whose address, birthday and many other pieces of information already exist in the databases. Except now, thanks to Susie, those databases have learned that Johnny is dealing with depression. They may well have already known what insurance Johnny has, but if not, that’s another bonus that Susie provided for them.

What you can do

I’d like to highlight one of my suggestions from the previous article as well as provide a couple of other suggestions:

  • Make it counselor-centric: When seeking someone to refer to, focus on the counselor’s skills, not the client’s issues. For example, you might say, “I’m looking for a counselor who helps clients dealing with depression.”
  • Keep it offline: Go old school! Keep your own notebook or database of people you can refer to. Note their strengths, location, the insurance they accept, etc. Network and get to know them to elevate the quality of your referrals.
  • Raise awareness: Sometimes, counselors need to be reminded of things that we often tell our clients. For instance, just because others are engaging in a behavior doesn’t make it OK. Make others in your online forums aware of the privacy issues surrounding discussing referrals and cases online. Point them to this article and to my previous article that I referenced earlier. Point them to the pertinent passages in the ACA Code of Ethics (noted below). Even if they aren’t counselors, the ethics codes for social workers, psychologists, marriage and family therapists and psychiatrists contain similar passages, so their concern for client privacy and confidentiality should be just as great. Above all, be kind and compassionate in your approach.

Pertinent standards in the ACA Code of Ethics

B.1.c. Respect for Confidentiality

“Counselors protect the confidential information of prospective and current clients. Counselors disclose information only with appropriate consent or with sound legal or ethical justification.”


Note the inclusion of “prospective” clients. Do you have the person’s consent before disclosing anything about them online? Can you accomplish your goal without disclosing information about them online? If so, what is your legal or ethical justification for disclosing?

B.2.e. Minimal Disclosure

“To the extent possible, clients are informed before confidential information is disclosed and are involved in the disclosure decision-making process. When circumstances require the disclosure of confidential information, only essential information is revealed.”


Do clients (or prospective clients) fully understand the ramifications of you disclosing information about them online? Do they understand how few details it might take for computer algorithms to identify them? Are they aware of all the options for accomplishing the goal, and do they approve of online disclosure?

B.3.c. Confidential Settings

“Counselors discuss confidential information only in settings in which they can reasonably ensure client privacy.”


Is there any way that this standard doesn’t completely rule out using online forums for any disclosure? Based on my experience and expertise, there simply is no way that counselors can reasonably ensure client privacy if they share any details about clients in most online forums.


For an interesting discussion of this topic, including an interview with social media policy expert Keely Kolmes, check out Episode 104 of the TherapyTech with Rob and Roy podcast.




Rob Reinhardt, a licensed professional counselor supervisor, is a private practice and business consultant who helps counselors create and maintain efficient, successful private practices. Before becoming a professional counselor, he worked as a software developer and director of information technology. Contact him at rob@tameyourpractice.com.

Letters to the editor: ct@counseling.org




Opinions expressed and statements made in articles appearing on CT Online should not be assumed to represent the opinions of the editors or policies of the American Counseling Association.

Technology Tutor: Answering your questions: From protected health information to search engine optimization

By Rob Reinhardt August 31, 2017

I often receive questions during consultations that require fairly brief answers. Although I tend to focus on “big picture” topics in this column, I thought I’d take a break from that routine to answer some of the most popular questions I get asked related to technology in private practice.

Some of these questions touch on legal matters, but please note that my answers do not qualify as legal advice. You should always consult an attorney about legal questions.




Can I use online accounting/billing services such as QuickBooks Online and remain compliant with the Health Insurance Portability and Accountability Act (HIPAA)?

The short answer: It depends. The answer centers around whether you are storing protected health information (PHI) in whatever online system you are using. According to the U.S. Department of Health and Human Services (HHS) summary of the HIPAA privacy rule, PHI is information, including demographic data, that relates to:

  • The individual’s past, present or future physical or mental health or condition
  • The provision of health care to the individual
  • The past, present or future payment for the provision of health care to the individual

This information must identify the individual, or a reasonable basis must exist to believe that it can be used to identify the individual.

If you are storing PHI with a third party, you must enter into a business associate agreement (BAA) with that party. The BAA is a contract that essentially states that the vendor will comply with HIPAA. It also lays out what the vendor’s responsibilities and your responsibilities are for protecting PHI, among other things.

To the question at hand, to use any online service that stores client information, you would need to choose a vendor that complies with HIPAA and that will enter into a BAA with you. At the time of this writing, QuickBooks Online does not meet those requirements. In fact, QuickBooks Online recommends that its users do not enter PHI into its system (see bit.ly/QBHIPAA).

So, why was my initial answer, “It depends”? Because if you are not entering any PHI into QuickBooks Online, then you can still use it while complying with HIPAA. The most common case for this is when client billing is handled through a separate application (see bit.ly/EHRReviews) and a counselor uses QuickBooks only for accounting (tracking of revenue and expenses not attached to any particular client).



Can I remain HIPAA compliant if I use services such as an online calendar from a vendor that isn’t HIPAA compliant if I use only the client’s initials?

The short answer: No. HHS has clearly stated that “a data set that contained patient initials, or the last four digits of a Social Security number, would not meet the requirement of the Safe Harbor method for de-identification.”

HHS is referring to the de-identification of PHI. HIPAA does allow the storage and transfer of PHI if it has been properly de-identified. This means that someone would not be able to determine the individual with whom the PHI is associated because enough identifying information has been stripped away.

There are two methods to achieve this level of de-identification. One is the “expert method.” This means that you or someone you hire who has “appropriate knowledge of and experience with generally accepted statistical and scientific principles and methods for rendering information not individually identifiable” is able to declare and document that the PHI has been properly de-identified. This is a highly unlikely scenario for most counselors, so you will instead need to rely on the HHS guidance for obtaining Safe Harbor. That guidance is available at hhs.gov/hipaa/for-professionals/privacy/special-topics/de-identification/index.html.



How can I get my website on the first page of search results?

The short answer is that there is no guaranteed way to get on the first page of search results. I encourage you to be wary of any “SEO optimization” vendor or service that promises that you’ll land on the top of the first page of Google search results, for example.

That being said, SEO (search engine optimization) is a real thing. It encompasses myriad tools and steps that you can take to improve the performance of your website in searches. Much of the process boils down to the content and keywords on your website, along with having external links pointing to your site, but it truly requires a focused, multipronged effort and time to achieve results. 

A great place to start is with the SEO tutorial at moz.com/beginners-guide-to-seo. After reading the tutorial, you should have a good idea of the things you might be able to do yourself. Even if you ultimately hire someone else to do it all for you, you’ll be better informed about what to realistically expect and better equipped to identify those who might be making false promises.



If you’d like for me to address more questions like these in future Technology Tutor columns, send me an email. In the meantime, be sure to check out the new free TherapyTech with Rob and Roy podcast (I’m the Rob in there!) at therapytechrobroy.com.






Rob Reinhardt, a licensed professional counselor supervisor, is a private practice and business consultant who helps counselors create and maintain efficient, successful private practices. Before becoming a professional counselor, he worked as a software developer and director of information technology. Contact him at rob@tameyourpractice.com.

Letters to the editorct@counseling.org




Opinions expressed and statements made in articles appearing on CT Online should not be assumed to represent the opinions of the editors or policies of the American Counseling Association.