Credit/Debit Cards and Electronic Payments in Mental Health Private Practice: Regulatory and Ethical Issues
1 CE Credit Hour. Legal-Ethical. Guided Reading Course.
Presented By: Roy Huggins, LPC NCC
Credit cards are becoming par for the course in private practice! Many clinicians know that clients love the convenience, but may be hazy on the legal and ethical issues involved.
How does HIPAA come in to keeping card information safe? Are those email receipts okay? Can I pass the fees on to the client? What the heck is PCI DSS and do I have to comply with it?
All of those essential questions around regulatory and ethical issues in taking plastic are addressed in this introductory-level guided reading written for counselors, marriage and family therapists, clinical social workers, and counseling and clinical psychologists.
- Comply with applicable regulations when using payment cards to accept client payments
- Create policies for storage and use of payment cards that are ethical and that comply with applicable regulations
- Create informed consent policies and documents, as needed, to ensure ethical and safe use of payment cards to accept client payments
This course is a guided reading, which means it is made up of a series of related articles. Below are the articles included in this course:
- Banks and HIPAA: Checks & Credit Cards vs. Receipts & Invoices: HIPAA has a special relationship to banks and financial institutions, and thus we treat them differently when working on our HIPAA compliance. This article explores that relationship and pitfalls to avoid.
- Ethics of Disclosure to Clients Who Pay With Plastic or Online Transfers: Modern credit card and online payment services make the process of payment very smooth, but they include a number of communicative elements that can put our clients’ confidentiality at risk. This article explores those risks and how to manage them, and supplies a handout item to help you do it in your practice.
- Passing Credit Card Fees On To Clients: Is It Ethical, Legal or Good Business Practice?: Many therapists shy away from the finance fees involved in taking cards, and wish to pass those fees on to clients. This practice may not be legal, and doing so legally is often onerous. This article discusses the legal ins and outs as well as the ethical ones involved in this practice.
- What is PCI DSS and Why Do I Care?: PCI DSS is what we like to call “payment card HIPAA.” It’s an industry regulation standard that defines how we need to keep payment cards secure and clients’ sensitive payment information safe. This article described what it is and what you’re required to do for it.
- Holding Client Credit Card Info On File: Why and How To Do It, How Not To Do It: Many private practitioners choose to hold on to client payment card information so they can charge it later. This practice is fraught with issues both in HIPAA and in PCI DSS, but there are ways to make it work. This article explores the issues and presents solutions.
- American Association of Marriage and Family Therapists. (2015). Code of Ethics . Alexandria, VA: Author.
- American Counseling Association. (2014). ACA Code of Ethics. Alexandria, VA: Author.
- American Psychological Association. (2010). American Psychological Association Ethical Principles of Psychologists and Code of Conduct . Washington, DC: Author.
- Augsburger, M. (2013, Feb 13). The Convergence of Health Care and Banking. Retrieved Jan 11, 2014, from Health Care Law Matters: http://www.healthcarelawmatters.com/compliance/the-convergence-of-health-care-and-banking/
- Mastercard (n.d.) What merchant surcharge rules mean to you. Retrieved 7/6/2016 from https://www.mastercard.us/en-us/merchants/get-support/merchant-surcharge-rules.html
- Mastercard (2016). What merchants need to know about securing transactions. Retrieved 7/6/2016 from https://www.mastercard.us/en-us/merchants/safety-security/security-recommendations/merchants-need-to-know.html
- National Association of Social Workers. (2008). Code of Ethics . Washington, DC: Author.
- National Board for Certified Counselors. (2012). Code of Ethics . Greensboro, NC: Author.
- US Dept. of Health and Human Services. (2013). HIPAA Omnibus Final Rule . Washington, DC: Author.
- Visa (2013). Surcharging Credit Cards – Q&A for Merchants. Retrieved 7/6/2016 from https://usa.visa.com/dam/VCOM/download/merchants/surcharging-faq-by-merchants.pdf
- VIsa (2016). Data security compliance. Retrieved 7/6/2016 from https://usa.visa.com/support/small-business/security-compliance.html
- Zur, O. (2010). Fees in Psychotherapy and Counseling. Retrieved 4/29/2013 from http://www.zurinstitute.com/feeincounseling_intro.html
Roy Huggins, LPC NCC, is a counselor in private practice who also directs Person-Centered Tech. Roy worked as a professional Web developer for 7 years before changing paths, and makes it his mission to grow clinicians’ understanding of the Internet and other electronic communications mediums for the future of our practices and our professions.
Roy is an adjunct instructor at the Portland State University Counseling program where he teaches Ethics, and is a member of the Zur Institute advisory board. He has acted as a subject matter expert on HIPAA, security and clinical use of technology for Counseling licensure boards and both state and national mental health professional organizations. He has co-authored or authored 2 book chapters, and he routinely consults with mental health colleagues on ethical and practical issues surrounding tech in clinical practice. He served for 5 years on the board of the Oregon Mental Health Counselors Association and then the Oregon Counseling Association as the Technology Committee Chair.
He really likes this stuff.
Accuracy, Utility, and Risks Statement: The contents of this program are based primarily on publications from the federal the Payment Card Industry Security Standards Council (PCI SSC), the US Department of Health and Human Services, publications from attorneys, and on the ethics codes of these professional organizations: AAMFT, ACA, APA, NASW, NBCC. Some interpretation and analysis presented is made by the presenter, in consultation with knowledgeable colleagues and expert consultants. Statements about applications to technology are according to presenter’s understanding of the technology at the time of the program. The presenter may not know how to apply all principles discussed to every technology type or product. This program discusses strategies for complying with HIPAA, PCI DSS, and covered ethics codes, and for improving security of clients’ financial information. It may not include information on all applicable state laws. Misapplication of the materials, or errors in the materials, could result in security problems, data breaches, or non-compliance with applicable laws or ethics codes.
Conflicts of Interest: None.
Commercial Support: None.