Email and Texting in Mental Health Practice: Legal-Ethical and Risk Management Issues
2 CE Credit Hours. Legal-Ethical. Guided Reading Course.
Presented By: Roy Huggins, LPC NCC
Think about the difference between clients calling to say they’re running late and clients emailing or texting to say they’re running late.
The convenience difference is huge! And clients love it. But if the questions we get at Person-Centered Tech are any indication, most clinicians are still wondering how email and texting can fit into their practices without legal or ethical complications. Can we use them and be HIPAA compliant? Is it really true that clients can request that I send them unencrypted emails? What options are available to me for email and texting services that work for my HIPAA needs?
This course will get into all of that and more, including how email and texting fit into the professional practice and HIPAA landscape, perspectives on secure and nonsecure emails and texts, general risk management concerns, professional engagement with clients by email or text, and finally the big questions of what and how to document all those messages exchanged with clients. The Resources page will point you towards some viable service provider options, and we provide some handy practice forms in the Handouts page.
This introductory-level course is intended for counselors, marriage and family therapists, clinical social workers, and counseling and clinical psychologists.
- Assess email and texting services for appropriateness for use in professional practice, and work with clients to use them effectively and safely.
- Comply with legal-ethical security standards when using email and texting in professional practice.
- Communicate professionally with clients over email and text messaging.
- Maintain legal and ethical documentation when using email and texting in professional practice.
This course is a guided reading, which means it is made up of a series of related articles. Below are the articles included in this course:
- Email and HIPAA Compliant Practice: Is It Possible?: A survey of how email fits into the security and privacy landscape of mental health practice. Briefly covers risk management issues and HIPAA requirements.
- Texting and HIPAA Compliant Practice: Also a survey of what we call “text messaging” and how the different forms of it look under the hood terms of security and privacy. HIPAA’s applications are discussed.
- Clients Have the Right to Receive Unencrypted Emails (and Texts) Under HIPAA: An explanation of how, and theories as to why, HIPAA allows clients the autonomy to request unsecure emails and texts from their health care providers. HIPAA’s rules are compared with ethics codes and state laws, and some risk management considerations are explained.
- Even Though They Have a Right Under HIPAA To Unencrypted Emails: A Case For Only Using Secure Email and Texting With Clients: A case is made for not only using secured email and texting, but also for how one could go about making that security comfortable and attractive. Strategies for fostering better security are provided.
- Non-Internet Risks in Email and Texting With Clients: A survey of risks to client confidentiality and safety when emails and texts from therapists sit at rest in client cloud services and devices. These risks remain even when good security is used to send emails over the Internet. Strategies for collaboration on risk management are provided.
- Professionalism In Engaging With Clients by Email and Text: Explores the ethical issues of professional voice in textual communication and turnaround time/boundaries around textual communications from clients. Strategies for managing both are covered.
- How Do You Document Emails and Text Messages Received From Clients?: Explores the documentation-related questions of whether or not to document, how much to document, and the logistics of going about documenting. Strategies and ethical rules for all 3 points are discussed.
- American Association of Marriage and Family Therapists. (2015). Code of Ethics . Alexandria, VA: Author.
- American Counseling Association. (2014). Code of Ethics . Alexandria, VA: Author.
- American Psychological Association. (2010). American Psychological Association Ethical Principles of Psychologists and Code of Conduct . Washington, DC: Author.
- American Psychological Association. (2013). Guidelines for the Practice of Telepsychology. Author.
- American Telemedicine Association. (2009). Practice Guidelines for Videoconferencing-Based Telemental Health. Author.
- Chiad, M. O. (2008). Structural and Linguistic Analysis of SMS Text Messages. Journal of Kerbala University , 6 (4).
- HHS Health Information Privacy Division. (n.d.). Individuals’ Right under HIPAA to Access their Health Information 45 CFR § 164.524. Retrieved September 01, 2016, from http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/
- Johnson, E. H. (2012). To Encrypt Email or Not to Encrypt Email? Practical Answers to a Question That Is Surprisingly Complex. Retrieved September 01, 2016, from http://www.jdsupra.com/legalnews/to-encrypt-email-or-not-to-encrypt-email-24987/
- Kolmes, K. (2010). Additional Thoughts on Documentation for Clinicians. Retrieved July 11, 2013, from Dr. Keely Kolmes: http://drkkolmes.com/2010/07/14/additional-thoughts-on-documentation-for-clinicians/
- NASW and ASWB. (2005). Standards for Technology and Social Work Practice. Author.
- National Association of Social Workers. (2008). Code of Ethics . Washington, DC: Author.
- National Board for Certified Counselors. (2012). Code of Ethics . Greensboro, NC: Author.
- Stewart, J. M., Chapple, M., & Gibson, D. (2015). Certified Information Systems Security Professional Study Guide. Indianapolis, IN: John Wiley and Sons.
- Suler, J. (1999, May). Psychotherapy in Cyberspace A Five Dimensional Model of Online and Computer-mediated Psychotherapy [PDF]. Author. Retrieved Oct 1st, 2016 from http://www-usr.rider.edu/~suler/psycyber/therapy.html
- US Dept. of Health and Human Services. (2006). HIPAA Administrative Simplification. Washington, DC: Author.
- US Department of Health and Human Services. (2013). HIPAA Omnibus Final Rule. US Federal Register.
- Zur, O. (2010). Record-Keeping of Phone Messages, Email and Texts. Retrieved July 11, 2013, from Zur Institute: http://zurinstitute.com/digital_records.html
Roy Huggins, LPC NCC, is a counselor in private practice who also directs Person-Centered Tech. Roy worked as a professional Web developer for 7 years before changing paths, and makes it his mission to grow clinicians’ understanding of the Internet and other electronic communications mediums for the future of our practices and our professions.
Roy is an adjunct instructor at the Portland State University Counseling program where he teaches Ethics, and is a member of the Zur Institute advisory board. He has acted as a subject matter expert on HIPAA, security and clinical use of technology for Counseling licensure boards and both state and national mental health professional organizations. He has co-authored or authored 2 book chapters, and he routinely consults with mental health colleagues on ethical and practical issues surrounding tech in clinical practice. He served for 5 years on the board of the Oregon Mental Health Counselors Association and then the Oregon Counseling Association as the Technology Committee Chair.
He really likes this stuff.
Accuracy, Utility, and Risks Statement: The contents of this program are based primarily on publications from the US Department of Health and Human Services, publications from attorneys, and on guidelines and/or ethics codes of these professional organizations: AAMFT, ACA, APA, ATA, NASW, and NBCC. Some interpretation and analysis presented is made by the presenter, in consultation with knowledgeable colleagues and expert consultants. Statements about applications to technology are according to presenter’s understanding of the technology at the time of the program. The presenter may not know how to apply all principles discussed to every technology type or product. This program discusses strategies for complying with covered ethics codes and HIPAA, and for legally and ethically using email and texting in practice. It may not include information on all applicable state laws. Misapplication of the materials, or errors in the materials, could result in security problems, data breaches, or non-compliance with applicable laws or ethics codes.
Conflicts of Interest: None.
Commercial Support: None.