Technology and Therapy, Part II: Ethics and Security

A woman takes notes at her computer

As more and more therapists consider upgrading their practices to offer online therapy, incorporate new practice management systems or electronic health record software, and communicate with clients via text and email, myriad questions surround the efficacy and ethics in doing so. In part I of this series, Technology and Therapy, Part I: Essential Tips for Therapists, Rob Reinhardt, LPCS, MEd, NCC, and Roy Huggins, LPC, NCC, discussed some of the basic considerations for integrating technology into one’s therapy practice, but we touched only briefly on security considerations.

This week, we’re digging a bit deeper into the ethics and security concerns therapists may have as they transition into using new forms of technology. Whether therapists are considering incorporating online therapy, electronic communications with clients, or practice management systems into their practices, evaluating the risks involved and the legal and ethical requirements can be dizzying.

Reinhardt is a counselor and therapy practice consultant and the founder of Tame Your Practice, and Huggins is a counselor and technology consultant for helping professionals and the founder of Person-Centered Tech. Their upcoming continuing education web conference, 2014 American Counseling Association Code of Ethics versus HIPAA: Technology in Counseling and Mental Health, takes place at 9 a.m. on October 10, 2014, and is available for two CE credits at no additional cost to members.

How has technology changed the ability for therapists to collaborate with one another, and what considerations (ethical or otherwise) should they have when they do?


Roy Huggins (RH): The biggest change I’ve seen is support and consultation in social media fora, Facebook groups, listservs, etcetera. I think clinicians are largely aware that these fora are not private and the identities of clients need to be protected. I have seen examples where a post has gone too far and described too much, however, and the community generally takes action to intercede. A less obvious example, however, is that I often see moderators intercede when therapists start to discuss fees with each other. Discussing our fees with each other would be punishable under anti-trust laws and insurance companies will often take action if they learn it is happening.

It’s important that we help each other use these media responsibly, especially because they can add so much value for our work and for our clients.

Rob Reinhardt

Rob Reinhardt, LPCS, MEd, NCC

Rob Reinhardt (RR):  I want to emphasize Roy’s point—it should be assumed that nothing on a social media site or discussion forum is assured to be private. We often have no way to know who is a member of that group or has “liked” or “followed” a page. In particular, I’ve experienced clinicians assuming that a group or listserv is a safe place to post confidential “tidbits” because the membership is restricted and/or the group is moderated. It is far too easy to bypass these minimal security measures so I encourage people to assume that anyone might be reading their posts in such environments.

What are some of the ethical considerations for providing therapy online? Can therapists use Skype for online therapy sessions?


RR:  There are a great number of legal, ethical, and financial considerations when providing therapy online. When it comes to ethics, it’s important to examine the impact on informed consent: How will you handle confirming the identity of your client and obtaining their signed consent? It’s also important to understand the additional challenges to crisis situations: Do you have a plan for how to handle a crisis with clients who may be a great distance from you? Do you know who to contact in their area should an emergency arise?

We also have an ethical responsibility to practice within our area(s) of competency. This requires that we understand the impact on the therapeutic process when working online.  How does the lack of proximity affect communication?  How will the client be able to ensure they are in a private/confidential environment? We only begin to scratch the surface with these initial ethical questions. It’s important that any clinician going this route ensure they have the answers to these questions before proceeding.

Roy Huggins

Roy Huggins, LPC, NCC

RH: Telemental health is a different delivery medium from the traditional media we’re trained in. Other parallel examples are things like ecotherapy or “walk and talk” therapy, where therapy sessions occur “in the wild” while hiking or walking through a park. Certainly there are a host of ethical and clinical adjustments to be made to accommodate those therapy media (as opposed to the traditional medium of sitting in a private office and talking).

In the same way, there are a host of ethical and clinical adjustments to be made for telemental health practice. As the professional guidelines say, we need to have competence with the technology we use and the delivery of care via that technology. Really, this is no different from traditional face-to-face therapy ethics. If you know you possess those competencies, you’re nearly there (there’s still the due diligence issues that Rob mentions.) If you don’t, you need to acquire them.

Skype is likely not appropriate for those who are subject to HIPAA. Honestly, however, there are a lot of great alternatives. It’s about time to put Skype behind us.

What is one of the biggest myths among mental health professionals regarding security?


RR: Perhaps the most pervasive myth I hear is that a mental health professional or practice can maintain HIPAA compliance by making sure they only use HIPAA-compliant software and devices. There is no such thing as a HIPAA-compliant product or device. There is no HIPAA certification for such things. Being HIPAA compliant is a process that addresses three core areas of security: Administrative Safeguards, Technical Safeguards, and Physical Safeguards. While a company that produces a device or software can take the steps to ensure their product complies with the technical (and some of the administrative and physical) requirements laid out by HIPAA/HITECH, they can’t be in your office to ensure you are doing the rest. While it is important that Covered Entities investigate the level of compliance of any vendor/product they share Protected Health Information with, their path to compliance doesn’t end there.

RH: I agree with Rob. The “HIPAA Compliant” thing is a huge red herring that causes a lot of unnecessary and sometimes harmful confusion.

The other myth is the idea that security is something that is alien to our profession. It’s “a HIPAA thing” rather than “a professionalism thing.” We have been doing security since the beginning of our field and doing it better than most health care professions. I never cared about locking file cabinets or white noise machines before I became a counselor. It’s the recent explosion of digital technology that suddenly brings in a need to update the ways in which we think about it. There’s nothing new about mental health clinicians folding security into our standards of practice, however.

What ethical considerations still need to be established or considered for the use of technology in psychotherapy?


Roy Huggins (RH): I really think we need to take ownership of information security as a professional standard. Security risk analysis should be a group project that everyone does in their ethics class and then consultation groups do together every year or two. Discussions of confidentiality should take into account a networked digital world and include the client more closely. That is, confidentiality isn’t just about what we say or don’t say, it’s also about messages we send or the posts we make, and the client’s habits, desires, and needs are an integral part of that. Until we as a field get a handle on those issues as part of our professional standards, they are going to continue to be dictated by legislators who are thinking more about the needs of physicians and their patients than of psychotherapists and our clients. The first step to doing that is taking ownership of digital tech as a persistent professional and ethical issue, and we’re still not quite there, in my opinion.

RR: I agree with Roy and, as he suggests, this needs to start in our graduate programs. Most programs still don’t address technology, security, and the ethical considerations involved in their use. This needs to change immediately.

As for moving forward with technology in therapy, I see technology as a tool that allows us to provide therapy in the most effective manner possible. While it’s possible for new technologies to create new opportunities for the provision of services, I believe the intent and creativity of therapists will do more to shape how the technology is used, rather than the other way around. Even when technology might appear to be shaping therapy (as in avatar therapy), it’s really just a technological parallel to “analog” techniques that have been used for years before.

© Copyright 2014 All rights reserved.

The preceding article was solely written by the author named above. Any views and opinions expressed are not necessarily shared by Questions or concerns about the preceding article can be directed to the author or posted as a comment below.

  • Leave a Comment
  • Ana

    October 3rd, 2014 at 1:37 PM

    You know that there have to be some new concerns out there given all of the new technology and the modes in which people communicate, but you also have to know that most therapists are going to be very aware of the security concerns that any of this could pose and they will go the distance to keep your information safe and confidential. I would not feel right working with someone that I did not trust in the extreme and that is why I think that most professionals out there are doing everything that they can to ensure the privacy of the patient.

  • Zada

    October 3rd, 2014 at 2:38 PM

    I am sure that therapists from all around the world find technology to be a wonderful part of their practices. I would especially think that it would be so helpful to have all of these new people to consult with on cases or to bounce questions and ideas off of the you may not have known before or would not have even had the chance to meet without things like social media or the internet. I know that there can be some bad things that go along with all things tech but I think that there are too many good things for its use to be denied or ignored.

  • jon

    October 4th, 2014 at 4:50 AM

    I suppose for the new kids on the block so to speak who are just now graduating and establishing practices this is all nothing new to them, this is the kind of world that they have grown up in so they are accustomed to it all.

    But I am an old dog who has a hard time learning new tricks in my profession so I would also imagine that there are a lot of therapists like me who have had a little but of a hard time with all of the enw things that have come into play over the years.

    It is not that you do not wnat to embrace it and let this be a part of the things tat you offer but at th e same time some of it feels so unconventional that it becomes hard to wrap your headaround the fact that there will be people for whom this makes a huge differenceso you have to commit fully to the advances or otherwise they will look elsewhere for help.

  • CaLLa

    October 4th, 2014 at 10:27 AM

    I have always worried that talking to a therapist may not stay quite as confidential as I would hope. Could you please reassure me that confidentiality is a number one priority and that really there is nothing to worry about when it comes to that?

  • Josh P.

    October 6th, 2014 at 3:40 AM

    There are always going to be pros and cons to any situation where things are moving right along and all of a sudden something new and inventive comes along. There will be people who like the new ness of something and they will go with it while there are others who are kind of stuck in their ways and they will cling to the past. It is best if you can find something good in both and work to incorporate the ebst of both worlds. Unless it is seriously detrimental there is nothing wrong with holding onto the past as long as you are willing to go with the flow and actually accept when something new and a little bit better has come along. You should always at leats give it a try and then if that does not work for you then you know that the tried and true will always be there.

  • Rob Reinhardt, LPCS, NCC

    October 6th, 2014 at 8:15 AM

    Privacy and confidentiality is something that any licensed mental health professional should cover with you in your initial session. It’s part of what we call “Informed Consent”. It’s our responsibility to be sure you are aware of the rules and boundaries of therapy and to answer any questions that you have. You should ask your question of any therapist you begin work with as it is a perfectly legitimate thing to ask them.

  • richard

    October 7th, 2014 at 3:51 AM

    I am constantly traveling for my job and yet there are still some times when I miss my weekly therapy sessions that I used to go to but never can find time for anymore. That’s why I like taking a peek at this site when I can because there are always informative pieces which somehow seem to be written just with me in mind. It’s kind of like having my own little therapy session without the worries over whether I will make it home in time to make that appointment!

Leave a Comment

By commenting you acknowledge acceptance of's Terms and Conditions of Use.

* Indicates required field.

GoodTherapy uses cookies to personalize content and ads to provide better services for our users and to analyze our traffic. By continuing to use this site you consent to our cookies.