Counseling in Cyberspace
Part Six
Being Diligent in the Digital Age
Chapter Eleven
The Digital Age
New technologies has ushered in a host of problems related to the maintaining and transmission of clients’ counseling records.
There may be some traditionalists inclined to confine client records to paper copies.
There may be some who keep client records on local media unconnected to the Internet.
Both of these approaches have their own special challenges.
E.g., Submitting client information to be processed for third party payment
All these approaches depend on a key element: human responsibility.
Issues and Ethics
3
The Primary Purpose of Counseling Records
ACA, 2014, A.1.B, “Counselors create, safeguard, and maintain documentation necessary for rendering professional services”.
Records are necessary for documenting and monitoring treatment plans, implementing courses of treatment, and tracking client progress.
Records keep the therapist’s memory fresh between sessions.
Records provide continuity when a client changes therapists.
Records provide legal protection for a therapist in case of legal challenges.
Records are generally required for third party reimbursement.
Issues and Ethics
4
The Primary Purpose of Counseling Records
Diligently maintaining records is a highly effective means of promoting constructive client change (i.e. client’s best interest).
Issues and Ethics
5
What Counseling Records Include
Prescribed medications
Treatment plan
Counseling session histories (dates, times, etc. of services)
Progress notes
Modalities used
Diagnoses
Current client status
Symptoms
Prognosis
Test results
Issues and Ethics
6
What Counseling Records Include: Electronic Client Records
Use of digital technologies can make the storage and transfer of client information more convenient.
Convenience has come with a price.
In times past, the main concern was whether the office file cabinet and facility was kept under lock and key.
There are a plethora of issues surrounding the use of computers to store records.
HIPPA security regulations have been created to address a number of such concerns.
Issues and Ethics
7
What Counseling Records Include: Electronic Client Records
Diligence in the handling of client counseling records has taken on new meanings.
A computer system is as strong as its weakest link.
Therapists have a responsibility to steadfastly protect their systems from unauthorized breaches.
Issues and Ethics
8
The HIPPA Security Rule
HIPAA has also been strengthened with the passage of the Health Information Technology for Economic and Clinical Health (HITECH) Act.
Health care organizations must establish policies and procedures to prevent, detect, contain, and correct security violations.
Conduct risk assessment
Issues and Ethics
9
The HIPPA Security Rule
Safeguard passwords
Include 12 to 14 characters,
special symbols,
varied capitalization,
no dictionary words,
combination of dictionary words, or
variations of dictionary words (“d0g instead of “dog”)
Two-factor authentication
Issues and Ethics
10
The HIPPA Security Rule
Encryption
Use of an algorithmic process to transform data into a form in which there is a low probability of assigning meaning without use of a confidential process or key.
Free e-mail and videoconferencing services, such as those of Gmail and Skype, are still not HIPAA compliant.
Files themselves can also be encrypted for added protection.
Implement a mechanism to encrypt and decrypt electronic protected health information.
The password or key should be stored offline
Have secure mechanism for password reset
Issues and Ethics
11
The HIPPA Security Rule
Diligence in the digital age clearly involves a defensive posture with diverse tentacles.
Consistent policy for backing up records
Up-to-date protection (e.g., virus and malware)
Training and awareness are essential for all employees.
Any therapist or member of the office staff who exposes, even unintentionally, client records to unauthorized individuals is in violation of HIPAA Security Standards.
Issues and Ethics
12
The HIPPA Security Rule
Physical safeguards for all workstations need to be implemented.
E.g., Privacy filters on all workstation monitors
Physical privacy safeguards are as useful as the individuals utilizing them
Issues and Ethics
13
Maintaining and Destroying Records
APA Record Keeping Guidelines (APA, 2007) states that psychologists may consider retaining full records for 7 years for adults or until 3 years after a minor reaches the age of majority, whichever is later.
State statutes can vary on how long they must be kept.
E.g., Florida requires that counseling records be maintained for 7 years.
E.g., Virginia requires that records of adults be maintained for a minimum of 5 years and for minors a minimum of 5 years after the child attains the age of maturity (18), or 10 years following termination, whichever comes later
Issues and Ethics
14
Maintaining and Destroying Records
The longer records are maintained, the greater the probability that privacy can be breached.
Diligent therapists are sensitive to the need to update technologies.
USB ports are an area of particular vulnerability.
USB ports should be locked by password protecting them.
Issues and Ethics
15
Maintaining and Destroying Records
Some therapists also use laptops, tablets, smart phones, or other mobile devices.
Mobile devices are easier to lose or get stolen.
Mobile devices need to be password protected and data encrypted.
Mobile devices are not to be place outside of arm’s reach.
Mobile devices should be locked away in a secure filing cabinet when not being used.
Issues and Ethics
16