Vital Stats
Relevant Product Characteristics
- This product is designed specifically with mental/behavioral health professionals in mind.
What Is This Product?
CounSol is a practice management system designed only for solo practitioners, although it does support multiple office locations. If you’re looking for a tool that provides a client scheduling portal, forms, payment, client reminder via e-mail/SMS/voice, videoconferencing, and secure messaging, CounSol has it all.
One thing that stood out about CounSol was how configurable it was – something you don’t often see in small-scale practice management solutions. In general the default options were good, and our notes below can help guide you to making informed decisions about changing any of them.
Several of the features we really appreciate were the ability to view provider and client logins to CounSol, an option to change the login timeout, and the option of including trans* and non-binary as client gender options. They also have tool-tip pop-ups on most fields which tell you more information about fields and settings without cluttering up the display.
Our Impressions:
CounSol appears to put a lot of thought into security and many of the default configurations are set in a way that help providers stay committed to best privacy practices.
This product has also been reviewed by:
- Tame Your Practice: Rob Reinhardt of Tame Your Practice does highly-respected reviews of EHR products. While we review them primarily for risk management appropriateness, Rob reviews them for features and quality. Read Rob’s review of this product→
Caveats
Caveats are criticsms of the company or product that we feel are relevant to your risk management or other important considerations.
1) Don’t delete or edit your progress notes!
CounSol allows you to edit or delete a signed client progress note. This could allow you to delete medical records. Don’t do it!
There is at least an audit trail that is kept, so you can see that notes were deleted, but you still shouldn’t be deleting records.
Notes
Notes cover points where the product can’t ensure compliance or ethical action for you. These help you know what your part of the compliance puzzle looks like when using this product. A high note count usually correlates with a feature-rich product, and not necessarily with a product that has problems.
1) Change your initial password immediately
CounSol sends your password to your e-mail address. Change this as soon as you receive it, which CounSol will prompt you to do as your first step in the configuration walk-through. They also have refreshingly complex password requirements, which is always a plus.
2) Complete the Business Associate Agreement
CounSol does not automatically execute a BAA with you. We were prompted to download the BAA, sign it, and send it in when we logged into CounSol for the second time. If that doesn’t happen automatically for you, reach out to your account manager at CounSol.
3) Turn on two-factor authentication
Two Factor Authentication in Counsol
CounSol has support for two-factor authentication — where you enter another code after you enter your normal password. This requires that you have an Android smartphone or tablet or an Apple iPhone or iPad, and that you install the Google Authenticator app. We strongly recommend you use two-factor authentication.
4) Consider turning on passwords for downloaded files
CounSol allows the provider to set a password for all files it sends. The benefit of this is that if you work with a client or clients who live with an abuser or who are unhoused, it might be unsafe for them to download bills to a computer where someone else might have access to that information. Consider turning this on if a risk assessment warrants it.
5) Be mindful of how you use the secure messaging portal
CounSol includes integrated secure messaging; this is where you send a client an email that doesn’t contain the actual message and they have to log into a portal to retrieve it. Be aware that the message does include the name of your practice. So, as we mentioned earlier, determine if your client could be harmed by someone seeing the name of your practice in an e-mail.
A sample e-mail from Imaginary Practice 1.
Additionally, the portal sends your client an e-mail when their account is first created. This e-mail contains a password to access their account. Gently urge your clients to log in and change their password as soon as they receive it.
6) Pay attention to what information is shared outside of CounSol
It is possible to share your CounSol calendar with such tools as Google Calendar or iCal. If you do that, first make sure you have a BAA with that other organization and that you are using appropriate device security measures for whatever devices might have access to that calendar.
CounSol has several options to help restrict what PHI is shared with external calendar providers. You can choose what information you want to show in notifications and synced calendar items. For example, you can show only the “Client Number” instead of the client’s name.
There’s a setting to receive an email each time a session is scheduled and we’d recommend against that; lucky for you it’s turned off by default.
7) Be sure you are following simple security measures like using appropriate passwords and computer/device security
It’s important to make sure whatever device you’re using to access CounSol is secured against threats to privacy. Our Device Security Instruction Center covers smartphone security in detail. Our video on how to use the security features of your smartphone is also quite helpful.
8) Avoid sending unsecured appointment reminders or payment notifications without proper collaborative risk analysis
We know you hear us say this in many other reviews, but it bears repeating no matter the tool we’re discussing.
Counsol offers appointment reminders by email, SMS text message, and voice. It can also send other notifications with the option of including specific diagnostic information.
Be sure to have an informed consent discussion with your clients before sending them email, SMS text, or voice notifications. We recommend being very explicit with your clients around contact methods for both appointment reminders and billing.
In the image below you’ll see the degree of granularity that can be achieved with notifications in CounSol. These settings can be made at the global level and at the client level. Be aware, though, that the settings at the global level only affect how each new client’s communication preferences are set. Changing the global notification settings will not change or override any existing client’s settings.
CounSol Notification Settings
Remember that when using conventional email or text messaging, you need to determine if simple opt-out is sufficient for your ethical and legal needs. Read our article on unsecured communications here for some guidance to help you decide what you need to do to around appointment reminders to stay legal and ethical in your practice. It is also covered in Engaging in HIPAA Security and Digital Confidentiality as a Mental Health Professional, Module 4: Using Email, Text, Phone, and Video in a HIPAA-Compliant Manner.
If it turns out that unsecured email or text communications are legally-ethically workable for you, CounSol executes a Business Associate Agreement with you, which makes it legal for them to send those emails or texts on your behalf.
CounSol allows you to send the client’s diagnosis in the invoices it sends. This option is disabled by default and we recommend you leave it disabled unless there’s a reason to enable it.
9) If you use the client journal feature, be aware that it becomes part of the client’s medical record
CounSol has a feature where clients can write in a journal and then have the option of sharing it with you. If the client shares their journal with you, it becomes part of their record. Complete a risk/benefit analysis of doing so with the client, and be sure to inform them that it will become part of their record if they share it with you.