By Erin Cusick

Editor's note: Since this interview was initially published in 2014, some information may be out of date.

Therapist writes down notes while working at computer

As more and more therapists consider upgrading their practices to offer online therapy, incorporate new practice management systems or electronic health record software, and communicate with clients via text and email, myriad questions surround the efficacy and ethics in doing so. In part I of this series, Technology and Therapy, Part I: Essential Tips for Therapists, Rob Reinhardt, LPCS, MEd, NCC, and Roy Huggins, LPC, NCC, discussed some of the basic considerations for integrating technology into one’s therapy practice, but we touched only briefly on security considerations.

This week, we’re digging a bit deeper into the ethics and security concerns therapists may have as they transition into using new forms of technology. Whether therapists are considering incorporating online therapy, electronic communications with clients, or practice management systems into their practices, evaluating the risks involved and the legal and ethical requirements can be dizzying.

Reinhardt is a counselor and therapy practice consultant and the founder of Tame Your Practice, and Huggins is a counselor and technology consultant for helping professionals and the founder of Person-Centered Tech. Their upcoming continuing education web conference, 2014 American Counseling Association Code of Ethics versus HIPAA: Technology in Counseling and Mental Health, takes place at 9 a.m. on October 10, 2014, and is available for two CE credits at no additional cost to members.

How has technology changed the ability for therapists to collaborate with one another, and what considerations (ethical or otherwise) should they have when they do?

Roy Huggins (RH): The biggest change I’ve seen is support and consultation in social media fora, Facebook groups, listservs, etcetera. I think clinicians are largely aware that these forums are not private and the identities of clients need to be protected. I have seen examples where a post has gone too far and described too much, however, and the community generally takes action to intercede. A less obvious example, however, is that I often see moderators intercede when therapists start to discuss fees with each other. Discussing our fees with each other would be punishable under anti-trust laws and insurance companies will often take action if they learn it is happening.

It’s important that we help each other use these media responsibly, especially because they can add so much value for our work and for our clients.

Rob Reinhardt Rob Reinhardt (RR):  I want to emphasize Roy's point—it should be assumed that nothing on a social media site or discussion forum is assured to be private. We often have no way to know who is a member of that group or has “liked” or “followed” a page. In particular, I've experienced clinicians assuming that a group or listserv is a safe place to post confidential “tidbits” because the membership is restricted and/or the group is moderated. It is far too easy to bypass these minimal security measures so I encourage people to assume that anyone might be reading their posts in such environments.

What are some of the ethical considerations for providing therapy online? Can therapists use Skype for online therapy sessions?

RR:  There are a great number of legal, ethical, and financial considerations when providing therapy online. When it comes to ethics, it's important to examine the impact on informed consent: How will you handle confirming the identity of your client and obtaining their signed consent? It's also important to understand the additional challenges to crisis situations: Do you have a plan for how to handle a crisis with clients who may be a great distance from you? Do you know who to contact in their area should an emergency arise?

We also have an ethical responsibility to practice within our area(s) of competency. This requires that we understand the impact on the therapeutic process when working online.  How does the lack of proximity affect communication?  How will the client be able to ensure they are in a private/confidential environment? We only begin to scratch the surface with these initial ethical questions. It's important that any clinician going this route ensure they have the answers to these questions before proceeding. 

Roy Huggins RH: Telemental health is a different delivery medium from the traditional media we’re trained in. Other parallel examples are things like ecotherapy or “walk and talk” therapy, where therapy sessions occur “in the wild” while hiking or walking through a park. Certainly there are a host of ethical and clinical adjustments to be made to accommodate those therapy media (as opposed to the traditional medium of sitting in a private office and talking).

In the same way, there are a host of ethical and clinical adjustments to be made for telemental health practice. As the professional guidelines say, we need to have competence with the technology we use and the delivery of care via that technology. Really, this is no different from traditional face-to-face therapy ethics. If you know you possess those competencies, you’re nearly there (there’s still the due diligence issues that Rob mentions.) If you don’t, you need to acquire them.

Skype is likely not appropriate for those who are subject to HIPAA. Honestly, however, there are a lot of great alternatives. It’s about time to put Skype behind us.

What is one of the biggest myths among mental health professionals regarding security?

RR: Perhaps the most pervasive myth I hear is that a mental health professional or practice can maintain HIPAA compliance by making sure they only use HIPAA-compliant software and devices. There is no such thing as a HIPAA-compliant product or device. There is no HIPAA certification for such things. Being HIPAA compliant is a process that addresses three core areas of security: Administrative Safeguards, Technical Safeguards, and Physical Safeguards. While a company that produces a device or software can take the steps to ensure their product complies with the technical (and some of the administrative and physical) requirements laid out by HIPAA/HITECH, they can't be in your office to ensure you are doing the rest. While it is important that Covered Entities investigate the level of compliance of any vendor/product they share Protected Health Information with, their path to compliance doesn't end there.

RH: I agree with Rob. The “HIPAA Compliant” thing is a huge red herring that causes a lot of unnecessary and sometimes harmful confusion.

The other myth is the idea that security is something that is alien to our profession. It’s “a HIPAA thing” rather than “a professionalism thing.” We have been doing security since the beginning of our field and doing it better than most health care professions. I never cared about locking file cabinets or white noise machines before I became a counselor. It’s the recent explosion of digital technology that suddenly brings in a need to update the ways in which we think about it. There’s nothing new about mental health clinicians folding security into our standards of practice, however.

What ethical considerations still need to be established or considered for the use of technology in psychotherapy?

Roy Huggins (RH): I really think we need to take ownership of information security as a professional standard. Security risk analysis should be a group project that everyone does in their ethics class and then consultation groups do together every year or two. Discussions of confidentiality should take into account a networked digital world and include the client more closely. That is, confidentiality isn’t just about what we say or don’t say, it’s also about messages we send or the posts we make, and the client’s habits, desires, and needs are an integral part of that. Until we as a field get a handle on those issues as part of our professional standards, they are going to continue to be dictated by legislators who are thinking more about the needs of physicians and their patients than of psychotherapists and our clients. The first step to doing that is taking ownership of digital tech as a persistent professional and ethical issue, and we’re still not quite there, in my opinion.

RR: I agree with Roy and, as he suggests, this needs to start in our graduate programs. Most programs still don't address technology, security, and the ethical considerations involved in their use. This needs to change immediately.

As for moving forward with technology in therapy, I see technology as a tool that allows us to provide therapy in the most effective manner possible. While it's possible for new technologies to create new opportunities for the provision of services, I believe the intent and creativity of therapists will do more to shape how the technology is used, rather than the other way around. Even when technology might appear to be shaping therapy (as in avatar therapy), it's really just a technological parallel to “analog” techniques that have been used for years before.