The American Counseling Association approved its 2014 Code of Ethics at the ACA Annual Conference and Expo on Tuesday, March 25th, 2014. The ACA has historically been a trendsetter on inclusion of technology-related items in its Code. This article is the second in a series on the impact of the 2014 Code on the use of technology in Counseling – and potentially other psychotherapeutic – practice. To see the previous two articles:

• Initial Client Contact by Email: The 2014 ACA Code of Ethics vs. HIPAA
• Emailing and Texting Security vs. The ACA 2014 Code of Ethics

Do you keep records on your computer or on “the cloud?” If so: if you told all of your clients exactly how your records are stored and kept safe and asked for consent to the records being kept that way, would every client provide that consent?

Many mental health care professionals in this digital era have reasons to use electronic records. “Electronic records” means:

• Keeping reports, information, or whole client records – any information relating to clients – on your computer
• Keeping that information in an online record-keeping system
• Keeping backups of that information on external hard drives, thumb drives, on the cloud, etc.

A growing area of discourse in the world of electronic records is that of informed consent on the part of clients/patients whose records are kept electronically. As much as I am an advocate of digital technology, I and other technologists are aware that electronic records of all kinds have palpable risks that differ from paper records and that those risks need to be properly addressed and handled. As the pressure for American health care providers to use electronic records grows quickly, there is an awareness that not all health care providers, hospitals and clinics are addressing these risks as well as they should.

Informed consent is a sticky issue with record-keeping, however. Providers need to keep their records somehow and they can’t be expected to adjust their system for every client based on individual desires around record-keeping.

Many argue that this fact does not cancel the need for clients/patients to be made aware of how their sensitive information is being maintained by providers, however. Thus, the 2014 ACA Code of Ethics now requires professional counselors to, at the very least, tell their clients how electronic records are being kept and how security of those records is being maintained.

The Shiny New ACA Code of Ethics Section H on Electronic Records Disclosure

H.5.a. Records
Counselors maintain electronic records in accordance with relevant laws and statutes. Counselors inform clients on how records are maintained electronically. This includes, but is not limited to, the type of encryption and security assigned to the records, and if/for how long archival storage of transaction records is maintained.
(American Counseling Association, 2014)

Section H of the 2014 ACA code, which is now the technology-oriented section, includes a requirement that I personally have not seen in other ethics codes or guidelines to date.

Counselors disclose to clients if they keep records electronically. They disclose the following things about their electronic record-keeping systems:

• How records are kept. This may get complex, depending on how focused your record-keeping system is.
• How you maintain the security of electronic records.
• If you use a cloud-based system, then the company that keeps your records may have “transaction logs.” This means they keep a log of all the little changes and additions you make to records. If your company keeps these logs, then you need to inform clients of this fact and you must tell them how long the logs stick around before they’re purged.The company may also keep backups of older versions of your records – this can help you recover lost information or roll back some error you made. You also need to inform clients if these are kept and how long they’re kept.

In order to supply the above information to clients, you need to know it yourself. If you use a cloud-based record system or record-keeping software on your computer, inquire with the company for details.

Note: To assist this process, we offer our free Sample Electronic Records Disclosure Form along with several other clinical and HIPAA compliance forms to our free newsletter subscribers. Subscribe to our newsletter here to get access to these and other useful forms. There is not cost to do so.

How Do I Demonstrate My Records are Secure? Are My Records Secure?

An onus (and from certain perspectives, a bonus) of this new ethical requirement is that counselors must review their system of e-record keeping to make sure it is demonstrably secure. Imagine if a client reads your disclosure and loses faith that their record is safe in your hands.

It is likely that observing standards of HIPAA Security Rule compliance around your electronic records is the most straightforward way of ensuring you are following the new ethical requirement for counselors. This would include addressing things like:

• Encryption, firewalls, and antivirus for computers
• Tracking and securing mobile devices like smart phones and tablet computers that are used to access online records — or sometimes to store records
• HIPAA Business Associate Agreements with any cloud companies you use
• The security policies of the cloud companies you use
• Backups of records

We have far more articles on the above sections that I can reasonably list here. Feel free to search our site for information.

Also consider that all the above topics are covered in our live monthly webinar CE series:

• Digital Confidentiality According to Professional Ethics and HIPAA: A Heart-Centered Approach

Do I Have to Keep Electronic Records?

Unless you’re in Minnesota, you probably are not required to by law. This article is more aimed at those who do keep electronic records or who are considering doing so.

Be aware that pressure and incentive to use electronic records is growing. For example, recent prospective changes to Medicare payment rules include a requirement for skilled nursing facilities to use electronic health records, despite the fact that those facilities are not part of the federal program that provides monetary incentives for adopting electronic health records. (Hirsch, 2014) It is uncertain if similar changes to law will end up requiring mental health professionals in general to adopt electronic health records.

For more information to help you understand the shifting climate around electronic health records and mental health, see these online resources:

• Electronic Health Records in Mental Health: Are They Required or Otherwise Necessary?
• Protect Your Client Records: Put Them On the Internet
• Therapy Tech With Rob and Roy: Electronic Health Records and Practice Management Systems (free video, 54 min.)
• Online course: Electronic Health Records In Mental Health Practice (2 CE hrs, $19)

For Minnesota clinicians, here is some information and help for you regarding the 2015 electronic health record mandate for MN health care providers:

• Guidance for Understanding the Minnesota 2015 Interoperable EHR Mandate
• Annie Schwain of Voda Counseling in the Twin Cities area offers excessively affordable workshops to help prepare for the mandate. Check out her website here.

If you’re looking for information about transitioning to cloud-based record-keeping, we always recommend:

• Rob Reinhardt’s Cloud-Based Practice Management System Reviews

And, of course, you can always hire Roy for consultation if you need closer guidance.

References

• American Counseling Association. (2014). ACA Code of Ethics. Alexandria, VA: Author.
• Hirsch, M. D. (2014, Aug 5). EHRs embedded in payment rules for non-MU providers. Retrieved Aug 24, 2014, from FierceEMR: http://www.fierceemr.com/story/ehrs-embedded-payment-rules-non-mu-providers/2014-08-05