Legal-Ethical Issues in Electronic Payments for Mental Health Professionals
1 CE Credit Hour. Legal-Ethical. Continuing Education Session Replay
Developed by: Roy Huggins, LPC NCC
Presented By: Roy Huggins, LPC NCC; Liath Dalton
While checks and cash may still exist, they aren’t how the majority of mental health private practice clients pay for services. And electronic payment is going well past being simply about swiping credit cards — clients often want to use cash transfer services like Venmo or Square Cash, and many therapists want to hold credit card info on file to charge no-shows. Behind all these services are privacy issues, potential boundary pitfalls, and regulatory concerns related somewhat to HIPAA but also to PCI DSS (which we sometimes call “credit card HIPAA.”)
This survey of legal-ethical issues in electronic payments is developed and presented at a beginner level for counselors, marriage and family therapists, clinical social workers, and counseling and clinical psychologists. It will explore electronic payments, for services rendered in a private practice, through a primarily ethical lens — but HIPAA and PCI DSS will also be explored. The course will explore how electronic payments support or threaten client privacy, clinician-client boundaries, and clinicians’ regulatory compliance.
- Create practice policies that mitigate the risks of harmful dual relationships that arise from client debt to the therapist
- Set and collect fees in a manner that maintains healthy therapeutic alliances and prevents boundary violations
- Select and use electronic payment solutions that meet HIPAA Security and PCI DSS standards
- How do payments from clients, electronic and otherwise, impact clinical boundaries?
- Debt and harmful dual relationships
- Passing finance fees on to clients
- Clients’ financial issues as a clinical matter
- Using revolving debt to finance therapy
- Therapist and client resistance to turning towards finance as part of health
- How do electronic payment services use and move confidential information?
- What happens to client info when you run a card on your phone or tablet
- What happens to client info when it is stored in your practice management system
- What happens to client info when using a social cash service like Venmo
- What are the HIPAA and ethics-related issues that arise when using electronic payments?
- Financial services and the HIPAA Business Associate Rule
- Keeping client info confidential while using electronic payment services
- What is PCI DSS and why should I care about it?
- The Payment Card Industry Data Security Standard
- Compliance standards and enforcement
- American Association of Marriage and Family Therapists. (2012). Code of Ethics . Alexandria, VA: Author.
- American Counseling Association. (2014). ACA Code of Ethics. Alexandria, VA: Author.
- American Psychological Association. (2010). American Psychological Association Ethical Principles of Psychologists and Code of Conduct . Washington, DC: Author.
- Gutheil, T. G., & Gabbard, G. O. (1993). The Concept of Boundaries in Clinical Practice: Theoretical and Risk-Management Dimensions. Retrieved April 26, 2013, from Articles, Research, & Resources in Psychology: http://kspope.com/ethics/boundaries.php
- National Association of Social Workers. (2017). Code of Ethics . Washington, DC: Author.
- National Board for Certified Counselors. (2016). Code of Ethics . Greensboro, NC: Author.
- Remley, T., & Herlihy, B. (2012). Ethical, Legal, and Professional Issues in Counseling (4th ed.). Upper Saddle River, NJ: Merrill Prentice-Hall.
- US Dept. of Health and Human Services. (2006). HIPAA Administrative Simplification . Washington, DC: Author.
- US Dept. of Health and Human Services. (2013). HIPAA Omnibus Final Rule . Washington, DC: Author.
- Zur, O. (2011). Dual Relationships, Multiple Relationships & Boundaries In Psychotherapy, Counseling & Mental Health. Retrieved May 20, 2013, from Zur Institute: http://www.zurinstitute.com/dualrelationships.html
Roy Huggins, LPC NCC, is a counselor in private practice who also directs Person-Centered Tech. Roy worked as a professional Web developer for 7 years before changing paths, and makes it his mission to grow clinicians’ understanding of the Internet and other electronic communications mediums for the future of our practices and our professions.
Roy is an adjunct instructor at the Portland State University Counseling program where he teaches Ethics, and is a member of the Zur Institute advisory board. He has acted as a subject matter expert on HIPAA, security and clinical use of technology for Counseling licensure boards and both state and national mental health professional organizations. He has co-authored or authored 2 book chapters, and he routinely consults with mental health colleagues on ethical and practical issues surrounding tech in clinical practice. He served for 5 years on the board of the Oregon Mental Health Counselors Association and then the Oregon Counseling Association as the Technology Committee Chair.
He really likes this stuff.
Liath Dalton is a Ph.D candidate in Religious Studies. She began her academic career at Reed College and continued her graduate work at the University of Cape Town.
Liath is the Deputy Director for Person Centered Tech and runs our HIPAApropriateness review program. Through her combination of experience evaluating products for their utility and security in regards to how they can meet risk management needs and providing guidance to members around what product options will best meet their specific practice needs, Liath has an intimate knowledge of both what the practice tech needs are for mental health professionals and what it takes for a product to meet those needs.
Accuracy, Utility, and Risks Statement: Some interpretation and analysis presented is made by the presenter, in consultation with knowledgeable colleagues and expert consultants. Statements about applications to technology are according to presenter’s understanding of the technology at the time of the program. The presenter may not know how to apply all principles discussed to every technology type or product. This program discusses strategies for complying with HIPAA, PCI DSS, and covered ethics codes. It may not include information on all applicable state laws. Misapplication of the materials, or errors in the materials, could result in security problems, data breaches, or non-compliance with applicable laws or ethics codes.
Conflicts of Interest: None
Commercial Support: None