Technology & Private Practice: Understanding the Legal & Ethical Challenges Bianca Puglia, Ph.D., LPC, NCC/Puglia Counseling Services Panagiotis Markopoulos, M.A., PLPC/Doctoral student, University of New Orleans
Code of Ethics & Technology 2014 ACA CODE OF ETHICS H.1.a. Knowledge and Competency Counselors who engage in the use of distance counseling, technology, and/or social media develop knowledge and skills regarding related technical, ethical, and legal considerations (e.g. special certifications, additional course work). H.2.a. Informed consent and disclosure Clients have the freedom to choose whether to use distance counseling, social media, and/or technology within the counseling process. H.2.b. Confidentiality maintained by the counselor Counselors acknowledge the limitations of maintaining the confidentiality of electronic records and transmissions. They inform clients that individuals might have authorized access to such records or transmissions. H.2.d. Security Counselors use current encryption standards within websites and/or technology-based communications that meet applicable legal requirements. Counselors take reasonable precautions to ensure the confidentiality of information transmitted through any electronic media.
Code of Ethics & Technology (cont.) H.3. Client Verification Counselors who engage in the use of distance counseling, technology, and/or social media to interact with clients take steps to verify the client’s identity at the beginning and throughout the therapeutic process. H.4.a. Benefits and Limitations Counselors inform clients of the benefits and limitations of using technology applications in the provision of counseling services. Such technologies include, but are not limited to, computer hardware and/or software, telephones and applications, social media and Internet-based applications and other audio and/or video communication, or data storage devices or media. H.4.b. Professional Boundaries in Distance Counseling Counselors understand the necessity of maintaining a professional relationship with their clients. Counselors discuss and establish professional boundaries with clients regarding the appropriate use and/or application of technology and the limitations of its use within the counseling relationship (e.g., lack of confidentiality, times when not appropriate to use). H.5.a. Records Counselors maintain electronic records in accordance with relevant laws and statutes. Counselors inform clients on how records are maintained electronically. This includes, but is not limited to, the type of encryption and security assigned to the records, and if/for how long archival storage of transaction records is maintained.
HIPPA COMPLIANCE Privacy Rule -- Protection of individually identifiable health information. Three types of covered entities: a. Health Plans b. Health care clearinghouses c. Health care providers Security Rule -- Confidentiality, Integrity, & availability of electronic protected health information (e-PHI). What is “encryption”? “Encryption is the conversion of data into a form that cannot be read without the decryption key or password. It is important to encrypt data stored locally on your mobile device (data at rest) and data sent by your mobile device (data in motion) so that it is protected from unauthorized users” (healthit, 2016).
HIPPA COMPLIANCE (cont.) Enforcement-OCR: The Security Rule requires covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting e-PHI. Audits: What is going on currently? enforcement/audit/index.html#when
HIPAA Technology & Software Certified Health IT Product List Practice Management Software MER/ EHR (comprehensive service for all aspects of practice) Examples: MyClientsPlus; Simple Practice Scheduling : Jituzu; Yellow Schedule List of reviews of Software programs : software/ software/
HIPAA Technology & Software (cont.) Flash drives: a) Golden Key with Secure Flash b) IronKey Medical Healthcare c) Kanguru Medical Healthcare f) CE Secure
HIPAA Technology & Software (cont.) Cell Phones Remotely lock your cell-phone or erase-data from your cell phone a. Android device: your-android- phone/ b. iPhone device:
HIPAA Technology & Software (cont.) Gatekeeper Wireless Bluetooth Computer Lock Black/dp/B016N9UVW8/ref=sr_1_2?ie=UTF8&qid= &sr=8- 2&keywords=gatekeeper+wireless+bluetooth+computer+lock Cloud Storage Example: HIPAA companies: 4secur HealthBI HushmailHushmail – offers free accounts Neomailbox Luxsci SendIncSendInc – offers free accounts More information at: companies/
HIPAA Technology & Software (cont.) Videoconferencing Software
Distance Counseling Distance Counseling American Mental Health Counselors Association Code of Ethics B.6 Telehealth, Distance Counseling and the Use of Social Media Counselors only engage in distance counseling when they are licensed in the state of the client. Counselors only provide distance counseling when they have had training, experience, and supervision to do so. Types of Distance Counseling: Mental health counselors should advise clients about the risks of exchanging s. It is recommended to include a disclaimer when sending s. Refer to the most update to date HIPAA regulations. transmissions are part of the client record; copies should be maintained in the client file. Text messages: Text messages are not a secure form of communication therefore texting of personal information should be discouraged. Text messages are considered a part of the client record, and should be kept in the client file. Online scheduling: Any online scheduling software should be encrypted and secure. If not, counselors should disclose to clients the fact that the software is not encrypted and therefore is not confidential. Chat Rooms: Counselors should not include chat rooms, because these may imply that a counselor is able to intervene in the event that a crisis is mentioned.
Distance Counseling (cont.) Distance Counseling (cont.) a. American Association of State Counseling Boards (AASBB) b. State Counseling Boards
Useful Resources WEBSITES A) Healthit.gov (HIPAA and Health IT) B) U.S. Department of Health & Human Services Health Information Technology technology/index.html Healthcare Dive (Healthcare & Health IT News)
Useful Resources (cont.) LISTERVS OCR Privacy & Security Listservs: A) Privacy List Serv Visit the OCR-PRIVACY-LIST for a summary of archived announcements OCR-PRIVACY-LIST -OR- Subscribe, delete or update your subscription to the OCR Privacy Listserv B) Security List Serv Visit the OCR-SECURITY-LIST for a summary of archived announcements OCR-SECURITY-LIST -OR- Subscribe, delete or update your subscription to the OCR Security Listserv
Q&A
Contact Information Bianca Puglia, Ph.D., LPC, NCC Puglia Counseling Services Panagiotis Markopoulos, M.A., PLPC Doctoral student, University of New Orleans
References American Mental Health Counselor Association. (2015). Code of ethics. Retrieved from Healthit.gov. (2016). What is encryption? Retrieved from Herlihy, B., & Corey, G. (2014). ACA ethical standards casebook (7 th ed.). Alexandria, VA: American Counseling Association. U.S. Department of Health and Human Services. (2016). HIPAA for professionals. Retrieved