Professional Law and Ethics - Page 2
Professional Law and Ethics - 1
Professional Law and Ethics - Page 2
Professional Law and Ethics - Page 3
For both counselors and supervisors, any dual relationship is problematic if it increases the potential for exploitation or impairs professional objectivity (Kitchener, 1988). There has been greater divergence of opinion about what constitutes an inappropriate dual relationship between supervisor and counselor than between counselor and client. Ryder and Hepworth (1991), for example, stated that dual relationships between supervisors and supervisees are endemic to many educational and work contexts. Most supervisors will, in fact, have more than one relationship with their supervisees (e.g., graduate assistant, co-author, co-facilitator). The key concepts remain "exploitation" and "objectivity." Supervisors must be diligent about avoiding any situation which puts a supervisee at risk for exploitation or increases the possibility that the supervisor will be less objective. It is crucial, however, that supervisors not be intimidated into hiding dual relationships because of rigid interpretations of ethical standards. The most dangerous of scenarios is the hidden relationship. Usually, a situation can be adjusted to protect all concerned parties if consultation is sought and there is an openness to making adjustments in supervisory relationships to benefit supervisee, supervisor and, most importantly, clients.
Health care professionals are committed to promoting the welfare and well-being of the patient over and above any personal consideration. Indeed, this fiduciary obligation is one of the defining characteristics of a “profession” as such. This concept of a profession gives rise to the notion of boundaries in client-professional relationships—that is, to the notion that there are limits of ethically appropriate professional behavior. A boundary violation occurs when a health care professional’s behavior goes beyond appropriate professional limits. Boundary violations generally arise when a personal interest displaces the professional’s primary commitment to the patient’s welfare in ways that harm the patient or the patient-clinician relationship. Interactions between health care professionals and patients are ethically problematic when they can reasonably be expected to affect the care the individual or other patients receive or the health care professional’s relationships with colleagues—or when they give the appearance of doing so.
Health care professionals should:
Critically examine their own actions by asking themselves the following questions:
Is this activity a normal, expected part of practice for members of my profession? Might engaging in this activity compromise my relationship with this patient? With other patients? With my colleagues? With my institution? With the public? Could this activity cause others to question my professional objectivity? Would I want my other patients, other professionals, or the public to know that I engage in such activities?
Take appropriate action if the answers to these questions indicate that an activity may violate professional ethical boundaries: Determine if there are applicable standards. Consult a trusted and objective peer for a second opinion about the activity. Seek assistance from a supervisor or ethics committee. Communicate his or her concern to the individual involved. Transfer the patient to another clinician’s care if the professional relationship has been compromised, or if avoiding the violation will damage the relationship.
Be familiar with: Relevant professional codes of ethics, standards of practice, guidelines, and position statements; Applicable policies in their facilities; and Laws pertaining to relationships between patients and health care professionals.
Boundaries define the limits of appropriate behavior by a professional toward his or her clients. By establishing boundaries, a health care professional creates a safe space for the therapeutic relationship to occur. Concerns about professional boundaries in the relationship between patients and health care providers—and the damage that results when boundaries are transgressed—captured public and professional attention following reports of inappropriate sexual relationships between health care professionals and patients. Relatively little attention has been paid to the “boundary question” outside this context, but many other interactions raise concerns about boundaries as well. Therapist’s need guidance if they are to avoid engaging in interactions with their patients that may prove ethically problematic.
The notion of boundaries in the health care setting is rooted in the concept of a “profession.” While this concept is understood in several different ways in the medical and sociological literature, there is consensus regarding one of the defining characteristics of professions and professionals: commitment to serve the profession’s clients. That is, professionals are expected to make a fiduciary commitment to place their clients’ interests ahead of their own. In exchange for faithfully applying their unique knowledge and skills on behalf of their clients, members of a profession are granted the freedom to practice and to regulate themselves.
Professionals, as such, are held to different standards of conduct from other persons. Relationships and interactions that may be ethically unproblematic among nonprofessionals may be unacceptable when one of the parties is a professional. An individual may have a personal interest that is perfectly acceptable in itself, but it conflicts with an obligation the same individual has as a health care professional. The nature of professions is such that “the human needs the professions address and the human relationships peculiar to them ... are sufficiently distinct to warrant, indeed to demand, expectations of a higher morality and a greater commitment to the good of others than in most other human activities.” The clinical relationship is one of both great intimacy and great disparity in power and knowledge, giving rise to special obligations for health care professionals.
A boundary violation occurs when a therapist’s behavior goes beyond appropriate professional limits. Boundary violations generally arise when the interaction between parties blurs their roles vis-à-vis one another, or creates a “double bind” situation in which a personal interest displaces the professional’s primary commitment to the patient’s welfare in ways that harm—or appear to harm—the patient or the patient-clinician relationship, or might reasonably be expected to do so.
A variety of standards establish the limits of appropriate professional behavior, whether those limits are explicitly enumerated in standards of conduct, codes of ethics, or law, or tacitly conveyed through professional training and widespread acceptance. Individuals who seek help must rely on the professional they consult to be trustworthy—when clinicians behave in ways that call their professional judgment and objectivity into question, the trust on which the relationship depends is compromised. And when trust is compromised, the efficacy of the therapeutic relationship is adversely affected.
It is important to note that personal and professional interests are not inherently in conflict with one another; in fact, they often coincide. A clinician’s personal desire to be compassionate is compatible with his or her professional obligations. It is natural to want to earn money through one’s professional activity. That desire becomes problematic only when the personal interest in earning a livelihood interferes with one’s commitments and obligations as a health care professional. Standards regarding professional boundaries can be found in a variety of sources. Directly or indirectly, professional codes of ethics, consensus statements, position papers, policies, and laws define the boundaries of appropriate behavior for professionals.
Thus, for example, the National Association of Social Workers’ Code of Ethics requires that social workers “not engage in dual or multiple relationships with clients or former clients in which there is a risk of exploitation or potential harm to the client” and broadly defines “dual or multiple relationships,” but does not suggest criteria by which professionals should assess the nature or level of risk a particular dual relationship would pose for a client. The message implicitly shared by all such documents, however, is that being a professional entails forgoing some interactions or relationships in which one might otherwise wish to engage in order to protect the interests and well-being of clients/patients.
Many kinds of interaction potentially interfere with the primary clinical relationship between practitioner and patient and pose concerns about acceptable conduct for clinicians. Becoming socially involved or entering into a business relationship with a patient, for example, can impair, or appear to impair, the professional’s objectivity. Accepting a gift is sometimes an appropriate way to allow a patient to express his or her gratitude, and at other times is problematic. Showing favoritism—by giving a particular patient extra attention, time, or priority in scheduling appointments, for example—can cross the boundary between action that is appropriate advocacy on behalf of a particular patient and action that is unfair to others. Such interactions or activities are ethically problematic when they can reasonably be expected to affect the care received by the individual or by other patients or the practitioner’s relationships with his or her colleagues, or when they give the appearance of doing so. Yet not all behavior that might be considered inappropriate necessarily violates professional obligations. Health care professionals should be alert to situations in which they may be likely to be motivated to behave in ways that violate accepted ethical standards. Ambiguous interactions and relationships, for example, have the potential both to impair the professional’s objectivity and compromise his or her judgment, and to give rise to conflicting expectations on the patient’s part, which can contaminate the therapeutic relationship and potentially undermine the patient’s trust. Professional Law and Ethics, LPCC, 18 credits, BBS approved, licensure, prelicensure, instant certificates.
Finally, seeming to “play favorites” by accommodating individual patients in special ways can also raise concerns about ethical professional boundaries. Health care professionals commit themselves to treating all patients fairly. Patients often need more than just clinical care, and it is not necessarily inappropriate for professionals to provide help in other ways. But their actions on behalf of a particular patient must not adversely affect the clinical relationship with that patient or compromise the care available to other patients, or appear to others to do so. Just what activities might constitute a violation of professional boundaries depends very much on the specific context in which such actions take place and their foreseeable likely consequences for others.
Recommendations Health care professionals should beware of interacting with any patient in ways that could reasonably be expected to create awkward situations for either party, compromise the professional’s primary commitment to patient welfare, or call the professional’s objectivity into question. While not every business or social interaction or relationship between a health care professional and a patient necessarily violates ethical professional boundaries, professionals should critically examine their own actions by considering the following: Is this activity a normal, expected part of practice for members of my profession? Might engaging in this activity compromise my relationship with this patient? With other patients? With my colleagues? With my institution? With the public? Could this activity cause others to question my professional objectivity? Would I want my other patients, other professionals, or the public to know that I engage in such activities? If the answers to these questions indicate that an activity may violate professional ethical boundaries, the clinician should: Determine if there are applicable standards. Consult a trusted and objective peer for a second opinion about the activity. Seek assistance from a supervisor or ethics committee. Communicate his or her concern to the individual involved. Transfer the patient to another clinician’s care if the professional relationship has been compromised, or if avoiding the violation will damage the relationship. As well, it is imperative that health care professionals be familiar with: Relevant professional codes of ethics, standards of practice, guidelines, and position statements; Applicable policies in their facilities; and Laws pertaining to relationships between patients and health care professionals. Professional Ethics and Law
Individuals who provide psychotherapy over the Internet are required by law to be licensed. If the psychotherapy is provided online to persons in California the psychotherapist is required to be licensed in California.
The licensed psychotherapist must obtain verbal and written informed consent from the consumer or the consumer’s representative. Informed consent should include the following:
Fee for Service – including acceptable forms of payment, whom the fee should be paid to and how the fee should be paid.
Confidentiality and the limits to confidentiality. Include a complete description of the methods used to insure online security of confidential information.
Inform the consumer of the risks and benefits of participating in online psychotherapy.
Describe all existing laws regarding patient access to medical information.
The patient or the patient's legal representative retains the option to withhold or withdraw consent at any time.
The signed written consent form shall remain as part of the consumer’s record.
Failure to comply with informed consent should be considered unprofessional conduct.
Definitions of Online Communications
Telemedicine means the practice of health care delivery, diagnosis, consultation, treatment, transfer of medical data, and education using interactive audio, video, or data communications. Neither a telephone conversation nor an electronic mail message between a health care practitioner and patient constitutes telemedicine.
Interactive means an audio, video, or data communication involving a real time (synchronous) or near real time (asynchronous) two-way transfer of medical data and information.
Surrogate decisionmaking means any decision made in the practice of medicine by a parent or legal representative for a minor or an incapacitated or incompetent individual.
Benefits and Limitations: Counselors inform clients of the benefits and limitations of using information technology applications in the counseling process and in business/ billing procedures. Such technologies include but are not limited to computer hardware and software, telephones, the World Wide Web, the Internet, online assessment instruments and other communication devices.
When providing technology-assisted distance counseling services, counselors determine that clients are intellectually, emotionally, and physically capable of using the application and that the application is appropriate for the needs of clients.
When technology-assisted distance counseling services are deemed inappropriate by the counselor or client, counselors consider delivering services face to face.
Counselors provide reasonable access to computer applications when providing technology-assisted distance counseling services.
Counselors ensure that the use of technology does not violate the laws of any local, state, national, or international entity and observe all relevant statutes.
Counselors seek business, legal, and technical assistance when using technology applications, particularly when the use of such applications crosses state or national boundaries.
Online Therapy and Informed Consent
As part of the process of establishing informed consent, counselors do the following:
1. Address issues related to the difficulty of maintaining the confidentiality of electronically transmitted communications.
2. Inform clients of all colleagues, supervisors, and employees, such as Informational Technology (IT) administrators, who might have authorized or unauthorized access to electronic transmissions.
3. Urge clients to be aware of all authorized or unauthorized users including family members and fellowemployees who have access to any technology clients may use in the counseling process.
4. Inform clients of pertinent legal rights and limitations governing the practice of a profession over state lines or international boundaries.
5. Use encrypted Web sites and e-mail communications to help ensure confidentiality when possible.
6. When the use of encryption is not possible, counselors notify clients of this fact and limit electronic transmissions to general communications that are not client specific.
7. Inform clients if and for how long archival storage of transaction records are maintained.
8. Discuss the possibility of technology failure and alternate methods of service delivery.
9. Inform clients of emergency procedures, such as calling 911 or a local crisis hotline, when the counselor is not available.
10. Discuss time zone differences, local customs, and cultural or language differences that might impact service delivery.
11.Inform clients when technologyassisted distance counseling services are not covered by insurance.
Sites on the Internet
Counselors maintaining sites on the World Wide Web (the Internet) do the following:
1. Regularly check that electronic links are working and professionally appropriate.
2. Establish ways clients can contact the counselor in case of technology failure.
3. Provide electronic links to relevant state licensure and professional certification boards to protect consumer rights and facilitate addressing ethical concerns.
4. Establish a method for verifying client identity.
5. Obtain the written consent of the legal guardian or other authorized legal representative prior to rendering services in the event the client is a minor child, an adult who is legally incompetent, or an adult incapable of giving informed consent.
6. Strive to provide a site that is accessible to persons with disabilities.
7. Strive to provide translation capabilities for clients who have a different primary language while also addressing the imperfect nature of such translations.
8. Assist clients in determining the validity and reliability of information found on the World Wide Web and other technology applications.
Internet counseling, is defined by NBCC as "the practice of professional counseling and information delivery that occurs when client(s) and counselor(s) are in separate or remote locations and utilize electronic means to communicate over the Internet." This definition would seem to include Web pages, email, and chat rooms but not telephones and faxes. The NBCC makes a statement that it does not advocate for or against Internet Counseling (NBCC, 1998). Some therapists who say that internet counseling is not counseling have Web sites available to people. Most of the Web sites have some kind of disclaimer stating that the information found there is only advice, e-therapy, information and education, or a supplement to therapy.
One of the counseling profession's main concerns will be of those who are unlicensed persons promoting themselves as competent Internet counselors. When a counselor is unlicensed, a state has no regulatory authority, unless there is a law in that state that will allow prosecution as a criminal act for practicing counseling without a license, or gives the board regulatory authority. Unlicensed cybercounselors are almost legally untouchable, especially when a disclaimer statement is displayed stating what they are doing is not therapy.
State Regulations and Online
Similar to telemedicine, the issues of licensure and jurisdiction arise, except that counseling boards have not begun to address the problem. A client who obtains counseling services via the Internet from a counselor licensed in the same state has recourse to that state's regulatory board for any violations against either the state code or standards of practice. However, if a client has a complaint about a counselor licensed in another state, it is unclear in which state to register the complaint. As indicated earlier, state medical boards have addressed this issue, but not in a uniform manner.
The Federation of State Medical Boards (FSMB) produced model legislation regarding telemedicine. This proposal is less than helpful as a guide, as the main responsibility for who can or cannot practice telemedicine in the state is left to each state (Orbuch, 1997). The Health On the Net Foundation has a Code of Conduct for medical and health web sites which might be a guide to those counselors who have Web pages, but counseling is not specifically mentioned in any of their eight principles (Health On the Net Foundation Code of Conduct for medical and health web sites). The International Society for Mental Health Online was formed in 1997 "to promote the understanding, use and development of online communication, information and technology for the international mental health community." The principles are broad and not of the nature of regulation. The American Telemedical Association has a policy that is a compromise between having a national medical license and restrictive state regulation. It proposes that the state should not restrict "virtual travel" of its patients to seek medical advice outside of the state. It also states that a non-face-to-face encounter by a patient with a physician in another state is regulated by the physician's home state.
Internet Counseling in one form or another is upon us (Lee, 1998). To dismiss it is unrealistic. We cannot ignore it, for to do so is to allow it to progress unregulated and open to charlatans, with the result of diminishing the profession of counseling. To change the quagmire into a quest will require risk-takers who are willing to be forward thinkers, embracing technology as having the possibility of a positive effect on the profession, and bringing wellbeing to a greater number of people.
Reports to Third Parties
Patients are generally unaware of the information provided to their insurance carrier. As a provider, you may want to inform your patients about the information you plan to release to their insurance company as well as changes in what you release if required to so for authorization of sessions from the insurance company. It is not necessary to give your patients this information, but they may appreciate your candor.
If you bill insurance, you automatically must be HIPAA-compliant. If you choose not to bill insurance and instead collect directly from each patient, there are still some circumstances that require you to become compliant. Generally, it is simply a matter of following good office procedures that are designed to protect your patient's Private Medical Information (PMI). When a patient signs the standard HCVA 1500 form for billing, it gives permission to the provider to give Private Medical Information to an insurance carrier including their name, date of birth, insurance identification number or Social Security Number, and their DSM IV-R diagnosis. The information on this form should be treated with the highest security since release of it is illegal under HIPAA to anyone but the insurance company and the staff of the clinician's office. Staff should be educated about the importance of keeping this information secure since it is ultimately the clinician's responsibility if it is accidentally released. This information must not sent via the Internet since the Internet is not considered secure. Also, downloading information on a Notebook or other computer that may leave the office is considered unsafe since Notebooks are often stolen and the information on them, regardless of the level of security, has a possibility of being used by unauthorized people.
Billing that uses PMI must be sent by FAX or the US Postal Service. Some insurance companies have Internet billing that provides a secure link but it is incumbent on the clinician to determine that the material provided cannot be shared with persons or companies who are not authorized by the patient to receive the information.
Insurance companies may ask for further information about the patient including treatment plans, case notes, and other information. They can do this legally without further consent from the patient. Although many clinicians consider it less problematic to send the information to the insurance company without informing the patient about the release of additional information, other clinicians find it more ethical to inform the patient about the information that is requested. Some patients consider their privacy to be more important than the payment the insurance company may provide and would prefer that clinicians keep more of their information private. The population with whom the clinician works may help determine whether the patient would prefer to be informed about the information that may be sent for authorization of benefits.
Insurance companies must be billed only for sessions in which the patient was seen and only for the amount of time the patient was seen. While some insurance companies pay for telephone or Internet sessions, the clinician should check with the insurance company prior to billing for these services and should not bill for them under an "office" visit without prior approval. Billing for sessions in which the patient is not seen is considered fraud and is prosecuted as a felony. If you find an error in your billing or in the EOB from the insurance company for additional sessions, notify the insurance company immediately and return the payment to them, otherwise you are breaking the law. If your patient does not come to their session, you cannot bill the insurance company. It is best to include this information in the initial contract with your patients so they are aware that they will be responsible for the entire fee when they miss sessions, regardless of cause, unless the clinician decides they will not charge for that session. It is NEVER acceptable to charge the insurance company for missed sessions.
Patients who use insurance, must always pay their co-payment, rather than accepting insurance as "payment in full." Part of the contract the clinician has with the patient and the insurance company is to collect the co-payment, thereby making the patient at least partially responsible for payment of fees. It is incumbent on the clinician, unless otherwise agreed prior to service, to determine the fee the patient is to pay each session. Because of the complexity of using the insurance as a third-party-payer, it is sometimes necessary to bill the insurance and receive payment prior to determining how much the patient's co-pay is. Psychotherapists ethically are not to allow their patients to acquire bills they are unable to pay. If there are surprises in billing the insurance, make certain that they occur early in the treatment process to avoid the awkwardness of dunning patients for bills they did not expect or discovering you have made a large contribution to charity in unpaid psychotherapy hours. (No, you cannot deduct them).
In addition to general practices that apply to clinicians who bill insurance, there are also State Laws which are unique to each State. Inquire directly with your State to determine which laws apply to you and your practice.
Some States such as California have laws that require insurance companies to reimburse clinicians who are treating psychological conditions that are considered to have a medical basis in the same manner as other medical illnesses. Generally, these diagnoses include Major Depression, Manic-Depression, Generalized Anxiety, Eating Disorders, Schizophrenia, and other psychological illnesses that have been shown to either have a hereditary basis or be treated by medication. Insurance companies will supply a list of such illnesses. Psychological problems caused by environmental, social, or relational in nature are generally not covered under the "biologically based" clause. If an illness is found to be "biologically-based" the limits on number of sessions for psychotherapy are suspended and the patient can be seen as often and for as long as is considered "medically necessary" by the therapist and the insurance company. Unfortunately, even if you are treating a severe schizophrenic who happened to purchase insurance in a State that does not recognize "biologically based" you may find yourself trying to treat your patient in the five sessions approved for psychotherapy by their insurance company.
Additionally, the insurance company can ask for treatment plans, progress notes, and other paperwork to ascertain that the treatment benefits the patient and falls within their guidelines for treatment of this type of disorder. The laws pertaining to this are Byzantine at best. Insurance companies are to have written rules about the type and amount of treatment allowed as well as provisions for determining whether the treatment is useful for the patient's improvement or recovery. Needless to say, these rules are vague and, in practice, rarely exist, but many States require that the insurance companies maintain these documents. In practice, be kind to yourself and your patient: call their insurance company to check on coverage and bill for the first session immediately so both you and your patient have a clearer idea about what their insurance will cover. As an added complication, some companies are retaining their insurance carrier but using another carrier, generally with less coverage, for psychotherapy so do not assume that an insurance carrier which is known to you automatically carries the same benefits for psychotherapy for one patient as it does with another. It is always worthwhile to check with the insurance carrier, bill in a timely manner, and keep good records about payment.
Ethical Principle: Counselors are accurate, honest, and objective in reporting their professional activities and judgments to appropriate third parties, including courts, health insurance companies, those who are the recipients of evaluation reports, and others. Counselors observe all applicable HIPAA regulations. For more information on third party reporting and reimbursements read the HIPAA section of this course.
Sex With a Client is Illegal: Psychotherapists can be held liable, civilly and criminally, for engaging in sexual relations with their clients. Civil liability can result if a therapist engages in sex with a former client prior to two years after the termination of therapy. Criminal liability can result if a therapist engages in sex with a current client or if he or she terminates a therapeutic relationship with a client for the purposes of beginning a sexual relationship with that client. In addition, under licensing laws, a clinician who has sex with a client can have his or her license revoked.
b. Your Legal Responsibilities When a Client Reveals a Sexual Relationship With a Previous Therapist: When a client reveals a previous or ongoing sexual relationship with his or her former or other therapist, the client's subsequent or other therapist has a legal obligation to give the client a brochure that explains the client's rights and responsibilities. Sex with clients is wrong and prohibited by ethical and legal standards. A psychotherapist who engages in sexual activity with a client may have his or her license revoked.
In recent years, two additional laws have been enacted with regard to psychotherapist sex with a client. Although both C.C. 43.93 and B.&P.C. 729 clearly prohibit sexual contact with a client currently in therapy, they are less consistent with regard to whether sexual contact is permitted with former clients. At this time, in accordance with C.C. 43.93, therapists are civilly liable when they engage in sexual relations with former clients prior to two years after the termination of therapy. According to B.&P.C. 729, criminal liability in such cases results only when therapists terminate therapy solely for the purpose of engaging in sexual relations with a client.
In effect as of January 1, 1988, this law creates a separate cause of action for psychotherapist sex with a patient. A client has a cause for civil action against a psychotherapist when sexual contact occurs during the course of therapy, within two years following termination of therapy and/or by means of deception. This law also requires the therapist to give a brochure that explains the client's right to any client that revealed prior sexual contact with their therapist. Failure to distribute this brochure is considered unprofessional conduct.
Potential consequences of conviction include imprisonment in the county jail for up to one year and fines (up to $1,000 for the first conviction and up to $5,000 for the second conviction). Under law, the first violation is treated as a misdemeanor and the second violation is treated as either a felony or a misdemeanor, according to the discretion of the court and district attorney. Further, the consent of the client may never be used as a defense.
It is important to note that regardless of your behavior a patient may decide to sue you for malpractice. This is a frightening prospect, since the grounds for filing a lawsuit against you are so vague that even the finest, most ethical clinicians find themselves involved in litigation which threatens to take away their license, their means of livelihood, and substantial sums of money.
It is also important to realize that despite paying for malpractice insurance, the insurer may determine they would prefer to pay the patient who is bringing the suit rather than spend the money on a lengthy trial. Your insurance carrier may encourage you to agree to settle for a sum without admitting guilt. You may or may not be told that the payment to the client is recorded and permanently kept on file at the National Data Bank where insurance companies and other parties with an interest in the ethics of your practice. Once you are in the National Data Bank, you have to report it each time you renew your membership to any insurance company as a preferred provider.
The development of an ethical practice, however, may help you to avoid some of the more important pitfalls clinicians make. An excellent resource is the on-line source: http://www.kspope.com/index.php. His wisdom regarding the lifelong pursuit of ethics in one's practice is a very valid approach. Regardless of how many times you read through the law, regardless of how many classes you take in ethics, regardless of how well you follow the rules of the profession, make no mistake, this is a path you will need to pursue consistently throughout your career.
To be sued successfully for malpractice in a civil court, the patient must prove that you have breached the standard of care (Black, 1996). There are four parts which must be seen by the court to have been met for the malpractice suit to proceed.
(1) In some way as a clinician you have established an agreement between yourself and your patient that you will work together in a therapeutic relationship. The law does not define this in terms of the length of time you have seen the patient, whether or not the patient has paid you. It is entirely the responsibility of the court to determine whether you have established a Duty of Care with the patient.
(2) The work you have done with this patient will be compared to the Standard of Care. This is also defined by the court based on what the court finds is the typical level of proficiency which would be shown by a clinician under similar circumstances. It may be defined or suggested by an ethics code, a state standard, or case law. There is no clearly defined standard of care since both you and the circumstances in which the act occurred are unique.
(3) The patient must show that there has been some Demonstrable Harm. Although some texts may imply that it is difficult to show demonstrable harm if it is psychological in nature since the patient began treatment presumably due to harmful or painful problems which they hoped to cure, again, it is entirely the duty of the court to determine if you caused harm and, if so, how much harm was caused. The amount of harm caused whether psychological, physical, or financial can only be remedied in a civil suit by money. The court also decides how much money should be given the patient (now plaintiff) for the harm you have caused.
(4)The patient must also prove the therapist was directly responsible or the Proximate Cause for the harm which was done. So, the patient must prove that the therapist had an established relationship with the patient which would prove there was a duty to care, was working below the standard of care, which caused demonstrable harm to the patient which could only have been a direct result of the therapist's actions.
Despite these levels of proof which sound difficult to attain, many therapists are sued successfully or have out-of-court settlements against them each year. Following a successful suit or settlement, one should expect an investigator from the Board to determine whether or not the actions taken by the therapist was egregious enough to sanction them by loss or suspension of their license, additional classes to educate the therapist and attempt to prevent further problems, or other measures.
Clinicians tend to develop methods which they hope will keep them from finding themselves in court. It is difficult to know which methods work because there is no measure of who has not been sued and why that has not happened. Common sense may be the best guideline.
First, it is important to take care of yourself. Therapist who are having problems within their own families, use alcohol or drugs inappropriately, are having emotional problems, or simply need a vacation are the most likely people to make minor and major errors in their treatment of patients. This may occur from the distraction caused by the therapist's own problems or from unconscious motives which are more likely to be enacted when one is not at one's best and inhibitions are lowered.
Second, stay in touch with changes in laws through professional organizations. Maintain your memberships and attend meetings on a regular basis. This will also help you make and maintain friendships with other practicing clinicians. You are likely to find it is helpful to know someone you trust for a consultation if you do find yourself feeling that a patient may cause problems for you. Your friends may also tell you in a much nicer way than the licensing board that you need to take a break from work.
Third, take frequent breaks from work. Your patients will gripe, your spouse will worry about the money, and your colleagues will be jealous. You will have a better chance of staying on top of your cases and come to work with a smile.
Fourth, see a therapist. You have the right to get some personal psychotherapy and/or/psychoanalysis without feeling like you're so crazy you would rather no one else knew. You might even start feeling better.
Fifth, look at your mail at a time when you can do some reading. Instead of stacking the journal you just got, scan through the articles and read the ones that interest you. You could impress your colleagues at professional meetings by dropping names and you could even try out some of the new techniques you read about and develop some skill with timing.
Sixth, if you have a patient walk in who describes a history of lawsuits, suicide attempts, and has a gambling problem which might cost him/her more than one can afford and you feel the acid turn in your stomach and your headache begin, check on the patient's current level of suicide risk then on your own level of expertise in managing difficult patients. Do not agree to see anyone who walks in the door. Make sure you have some experience with the presenting problem, that you know people in the field who are experts to whom you can turn if serious problems begin to arise, and realize you are free to refer the patient to someone who may be better suited to treat him or her. Do not take on more patients than you can reasonably manage. If you see a patient who is challenging for you for any reason, seek supervision or discuss the patient with colleagues, preferably in a formal manner. We all learn from the work we do with our patients and our toughest patients teach us the most, however, to provide the patient with the best care and to take care of yourself, seek information from those around you, especially experts. Reading journals and books on the topic is also very useful but it can lead to a false sense that you understand the problems you face with that particular patient when you only understand the issue in a broad sense. If you can, create a formal or informal group of colleagues who meet on a regular basis to discuss difficult patients as well as successes. While in some ways we compete for the same patient population, actually all clinicians are much better in some areas than others and it is incumbent on the practitioner to know where they stand in their ability to treat different sorts of difficult patients.
Seventh, and most importantly, do your paperwork. It gives you time to reflect on what you are doing with the patient, whether they need to be referred for medication or other care you cannot provide, and it relieves you of all the guilt you have felt for not keeping up with it. It is also illegal to fail to do it. Some people find they do this best when they complete a formal note in the 10 to 15 minutes between sessions while others find they need to lay out an hour several times weekly or a long afternoon to get it done. Do not underestimate how much time this takes. Completing HIPAA notes can become very quick and efficient if you have a system and do them regularly. On the other hand, trying to recreate the important points of a session from hastily sketched notes during an intense session at the end of the week is nearly impossible. You remember that it was an important session but often lose the crucial meaning which was derived from the work done that day. The main idea to remember is not to fail to do notes until you find yourself served a subpoena by a court or a disability claimant. The notes you create at those times are not beneficial to you or your patient because they lack credibility which comes from a case note which is written soon after the session. While all this seems self-evident, it is important to recognize that keeping notes for anything other than an aid to treatment in most cases was rare until HIPAA was imposed only a few years ago. Many of us had become quite comfortable with brief, non-HIPAA compliant notes and, although we plan to change that habit, have not yet done so. Do it now. You will sleep better.
Last, know your limitations. Refer the patient when you have no experience or training in treating the presenting problem. Refer them if they scare you and you feel you will not be able to find a colleague or supervisor who can help you sort out whether or not you should give this patient a try and if you have someone to help if you find you have trouble. Refer the patient to a physician when you have an odd feeling that the problem does not sound solely psychological. Always refer them if there is any question about whether medication would be helpful. If they refuse, note they refused and why. Refer the patient if they remind you of Mom, Dad, your children, or your spouse. Refer them immediately if you feel they sound just like you. If you smell alcohol and do not regularly treat people with substance abuse, refer them to someone who does. Refer patients who abuse other substances if that is not an area of expertise or one in which you want to develop expertise. Having a drug or alcohol problem may seem minor and secondary to the primary diagnosis but it is amazing how frequently a drug or alcohol problem becomes the main problem very quickly or the main reason why no progress is occurring in therapy. Many of us had the fortune to be trained by masters of the craft of psychotherapy either during or after graduate school. Many of us have become the new masters of the craft. Still, for each and every one of us there are people who walk through our doors as patients and walk out as potential plaintiffs. Even the grand old masters have this happen so it can certainly happen to you.
Malpractice and the Licensing Board
Try to avoid doing anything which will cause you to have problems with the Licensing Board. Get your Continuing Education Units done on time and make sure they count. Keep up on your paperwork. The State Board can require you to produce case notes in a very short time. If the Licensing Board sends you any sort of inquiry, do not take it lightly. Consult with the best attorney you possibly can even if it means traveling. Preferably find someone who teaches ethics and is both a clinician and an attorney. Make sure they have experience. Do not just dash off a letter which answers the questions asked by the board. If they have written you and asked for a response, it is a serious inquiry about your treatment practices. The Licensing Board takes your responses seriously and what may appear to be a simple misunderstanding between yourself and your patient could result in having to defend yourself and your license before a member of the Licensing Board. Make sure you have Malpractice insurance to cover the fee for an attorney to defend you. Being sanctioned by the Licensing Board is a public process and even if you do not lose your license temporarily and have to take additional classes or other tasks to bring your standard of practice up to that of other psychologists, you may lose your referral base. You will also be likely to find yourself the subject of gossip. The Licensing Board also may determine that you should lose your license to practice permanently. This does not preclude having criminal or civil charges brought against you by your patient(s). All of this is quite public also.
Malpractice and Ethics Committees
Try to avoid actions by ethics committees by following the rules and guidelines for practice. Make it a habit to check in on the the Licensing Board Web site on a regular basis so you know when laws are changing. Unfortunately, some therapists were convicted of violating ethics of their profession when they were following what had been a typical pattern but was in the process of changing. When you are uncertain about the rules, ask. Get answers in writing if possible. Know the name of the person with whom you spoke regarding how to most appropriately do tasks or render treatment. Consult with other professionals and inform them of the difficulties you face. Seek formal supervision. Seek legal consultation. The fee you spend may save your livelihood. Be wary of dual relationships. Be wary of any sort of variation in billing and collecting fees. Be aware of what you put in writing and that the information can be passed on to others even without your knowledge or consent, leaving you in a legal limbo which will certainly require an attorney.
Malpractice due to Criminal Allegations
The Attorney General is involved in these proceedings. They are the most serious offenses, usually involving fraud, collusion in criminal activities, and a variety of criminal offences. Therapists, while held to a higher legal standard, are people and become involved in illegal schemes just as other people do. In your practice, you do many things totally on your own and you are aware that within your office what occurs is privileged information. This requires that you set the standard higher for yourself because a small bit of cheating quickly spirals into greater corruption. Do not lie, cheat, steal or engage in any behavior which could appear to have involved illicit activities. Do not enter into relationships with your patients or partners which involve felonious behavior. Patients may see a therapist as someone who is above the law and would not be suspected of criminal behavior. Do not see yourself in this manner and make it clear to patients who wish to have you collude with them in illegal activities that you will not do that and you must report behavior which would cause harm to others. Although therapists are rarely involved in these activities, conviction results not only in the loss of your license, it also results in criminal prosecution and incarceration. Some of the most frequent offenses involve defrauding Medicare by claiming to have performed services which were either not performed or were not reasonable treatment for the patients involved. These have usually involved large numbers of patients.
The data on sexual misconduct has consistently shown that male therapists engage in sexual and other dual relationships with clients much more often than female therapists. In 1997, for example, the Ethics Committee received 15 complaints involving sexual misconduct and, of these, 13 involved a male therapist and female client (APA, 1998). The data also show that male therapists who engage in sexual misconduct are usually older than the female clients they become involved with, with the average therapist being between 42 and 44 and the client being between 30 and 33. No consistent relationship has been found between risk for sexual misconduct and theoretical orientation, professional experience, or education (Pope et al., 1993).
In a survey of a random sample of 596 psychology practitioners, Lamb and Catanzaro (1998) inquired about the psychologists' sexual boundary violations sexual boundaries violations and non-sexual boundary crossings. Fifty of the respondents (8%) reported having at least one SBV as a professional psychotherapist. Those reporting sexual boundaries violations were older than those reporting no sexual boundary violations (mean = 53.26 years versus 47.67 years) and most were men (41 men versus 9 women). The data revealed no consistent relationship between sexual boundary violations as a professional versus as a student, supervisee, or client (only five reported being involved in both types of relationships). However, those reporting sexual boundary violations were much more likely to report being involved in non sexual boundary crossings and to rate non sexual boundary crossings as less negative or problematic. Non sexual boundary violations reported significantly more often by those who also engaged in sexual boundary violations included "becoming social friends with a former client" and "giving a client theater, sports, or other event tickets that you learned at the last minute you could not use."
Finally, there is some evidence that the incidence of sexual relationships between therapists and their clients has declined somewhat in recent years. For example, in a survey of 368 clinical and counseling psychologists, Lamb, Catanzaro, and Moorman (2003) found that 3.5% reported being involved in sexual relationships with clients (compared to 4.4% reported by Pope in 1994). Their other findings were fairly consistent with the results of previous surveys - e.g., 84% of individuals who reported sexual involvement with clients were males, and the majority of their relationships were with female clients after therapy had been terminated.
Termination of Therapy
Counselors do not abandon clients. Counselors make appropriate arrangements for the continuation of treatment, when necessary, during interruptions such as vacations, illness, and following termination.
Inability to Assist Clients
If counselors determine an inability to be of professional assistance to clients, they avoid entering or continuing counseling relationships. Counselors are knowledgeable about culturally and clinically appropriate referral resources and suggest these alternatives. If clients decline the suggested referrals, counselors should discontinue the relationship.
Counselors terminate a counseling relationship when it becomes reasonably apparent that the client no longer needs assistance, is not likely to benefit, or is being harmed by continued counseling. Counselors may terminate counseling when in jeopardy of harm by the client, or another person with whom the client has a relationship, or when clients do not pay fees as agreed upon. Counselors provide pre-termination counseling and recommend other service providers when necessary.
Appropriate Transfer of Services
When counselors transfer or refer clients to other practitioners, they ensure that appropriate clinical and administrative processes are completed and open communication is maintained with both clients and practitioners.
Relevant California Family Law
Child Custody Disputes
The court may require parents or any other party involved in a custody or visitation dispute, and the minor child, to participate in outpatient counseling with a licensed mental health professional, or through other community programs and services that provide appropriate counseling, including, but not limited to, mental health or substance abuse services, for not more than one year, provided that the program selected has counseling available for the designated period of time, if the court finds both of the following:
(1) The dispute between the parents seeking custody or visitation rights with the child, poses a substantial danger to the best interest of the child.
(2) The counseling is in the best interest of the child.
(b) In determining whether a dispute, poses a substantial danger to the best interest of the child, the court shall consider, in addition to any other factors the court determines relevant, any history of domestic violence, within the past five years between the parents.
(c) If the court finds that the financial burden created by the order for counseling does not otherwise jeopardize a party's other financial obligations, the court shall fix the cost and shall order the entire cost of the services to be borne by the parties in the proportions the court deems reasonable.
(d) The court, in its finding, shall set forth reasons why it has found both of the following:
(1) The dispute poses a substantial danger to the best interest of the child and the counseling is in the best interest of the child.
(2) The financial burden created by the court order for counseling does not otherwise jeopardize a party's other financial obligations.
(e) The court shall not order the parties to return to court upon the completion of counseling. Any party may file a new order to show cause or motion after counseling has been completed, and the court may again order counseling.
The counseling shall be specifically designed to facilitate communication between the parties regarding their minor child's best interest, to reduce conflict regarding custody or visitation, and to improve the quality of parenting skills of each parent.
In a proceeding in which counseling is ordered, where there has been a history of abuse by either parent against the child or by one parent against the other parent and a protective order is in effect, the court may order the parties to participate in counseling separately and at separate times. Each party shall bear the cost of his or her own counseling separately, unless good cause is shown for a different apportionment.
Domestic partners are two adults who have chosen to share one another's lives in an intimate and committed relationship of mutual caring.
(b) A domestic partnership shall be established in California when both persons file a Declaration of Domestic Partnership with the Secretary of State and, at the time of filing, all of the following requirements are met:
(1) Both persons have a common residence.
(2) Neither person is married to someone else or is a member of another domestic partnership with someone else that has not been terminated, dissolved, or adjudged a nullity.
(3) The two persons are not related by blood in a way that would prevent them from being married to each other in this state.
(4) Both persons are at least 18 years of age.
(5) Either of the following:
(A) Both persons are members of the same sex.
(B) One or both of the persons meet the eligibility criteria of the Social Security Act
(a) for old-age insurance benefits or for aged individuals. Persons of opposite sexes may not constitute a domestic partnership unless one or both of the persons are over the age of 62.
(6) Both persons are capable of consenting to the domestic
(c) "Have a common residence" means that both domestic partners share the same residence. It is not necessary that the legal right to possess the common residence be in both of their names. Two people have a common residence even if one or both have additional residences. Domestic partners do not cease to have a common residence if one leaves the common residence but intends to return.
Registered domestic partners shall have the same rights, protections, and benefits, and shall be subject to the same responsibilities, obligations, and duties under law, whether they derive from statutes, administrative regulations, court rules, government policies, common law, or any other provisions or sources of law, as are granted to and imposed upon spouses.
(b) Former registered domestic partners shall have the same rights, protections, and benefits, and shall be subject to the same responsibilities, obligations, and duties under law, whether they derive from statutes, administrative regulations, court rules, government policies, common law, or any other provisions or sources of law, as are granted to and imposed upon former spouses.
(c) A surviving registered domestic partner, following the death of the other partner, shall have the same rights, protections, and benefits, and shall be subject to the same responsibilities, obligations, and duties under law, whether they derive from statutes, administrative regulations, court rules, government policies, common law, or any other provisions or sources of law, as are granted to and imposed upon a widow or a widower.
(d)The rights and obligations of registered domestic partners with respect to a child of either of them shall be the same as those of spouses. The rights and obligations of former or surviving registered domestic partners with respect to a child of either of them shall be the same as those of former or surviving spouses.
(e)Registered domestic partners shall be treated by California law as if federal law recognized a domestic partnership in the same manner as California law.
(f) Registered domestic partners shall have the same rights regarding nondiscrimination as those provided to spouses.
(g) No public agency in this state may discriminate against any person or couple on the ground that the person is a registered domestic partner rather than a spouse or that the couple are registered domestic partners rather than spouses.
Domestic Violence and Restraining Orders
An order may be issued, with or without notice, to restrain any person for the purpose of preventing a recurrence of domestic violence and ensuring a period of separation of the persons involved, if an affidavit or, if necessary, an affidavit and any additional information provided to the court, shows, to the satisfaction of the court, reasonable proof of a past act or acts of abuse.
An order under this part may be granted to any person, including a minor.
(b) The right to petition for relief shall not be denied because the petitioner has vacated the household to avoid abuse, and in the case of a marital relationship, notwithstanding that a petition for dissolution of marriage, for nullity of marriage, or for legal separation of the parties has not been filed.
"Notice to Restrained Person: If you do not appear at the court hearing specified herein, the court may grant the requested orders for a period of up to 3 years without further notice to you."
It is the function of a support person to provide moral and emotional support for a person who alleges he or she is a victim of domestic violence. The person who alleges that he or she is a victim of domestic violence may select any individual to act as a support person. No certification, training, or other special qualification is required for an individual to act as a support person. The support person shall assist the person in feeling more confident that he or she will not be injured or threatened by the other party during the proceedings where the person and the other party must be present in close proximity. The support person is not present as a legal adviser and shall not give legal advice.
(b) A support person shall be permitted to accompany either party to any proceeding to obtain a protective order. Where the party is not represented by an attorney, the support person may sit with the party at the table that is generally reserved for the party and the party's attorney.
(c) If a court has issued a protective order, a support person shall be permitted to accompany a party protected by the order during any mediation orientation or mediation session, including separate mediation sessions. The agency charged with providing family court services shall advise the party protected by the order of the right to have a support person during mediation. A mediator may exclude a support person from a mediation session if the support person participates in the mediation session, or acts as an advocate, or the presence of a particular support person is disruptive or disrupts the process of mediation. The presence of the support person does not waive the confidentiality of the mediation, and the support person is bound by the confidentiality of the mediation.
(d) A support person shall be permitted to accompany a party in court where there are allegations or threats of domestic violence and, where the party is not represented by an attorney, may sit with the party at the table that is generally reserved for the party and the party's attorney.
(e) Nothing precludes a court from exercising its discretion to remove a person from the courtroom when it would be in the interest of justice to do so, or when the court believes the person is prompting, swaying, or influencing the party protected by the order.
When making a protective order, as where both parties are present in court, the court shall inform both the petitioner and the respondent of the terms of the order, including notice that the respondent is prohibited from owning, possessing, purchasing or receiving or attempting to own, possess, purchase or receive a firearm, and including notice of the penalty for violation.
The court may not issue a mutual order enjoining the parties from specific acts of abuse (a) unless both parties personally appear and each party presents written evidence of abuse or domestic violence and (b) the court makes detailed findings of fact indicating that both parties acted primarily as aggressors and that neither party acted primarily in self-defense.
Prior to a hearing on the issuance or denial of an order, the court shall ensure that a search is or has been conducted to determine if the subject of the proposed order has any prior criminal conviction for a violent felony or a serious felon; has any misdemeanor conviction involving domestic violence, weapons, or other violence; has any outstanding warrant; is currently on parole or probation; or has any prior restraining order or any violation of a prior restraining order. The search shall be conducted of all records and data bases readily available and reasonably accessible to the court, including, but not limited to, the following:
(1) The Violent Crime Information Network (VCIN).
(2) The Supervised Release File.
(3) State summary criminal history information maintained by the Department of.
(4) The Federal Bureau of Investigation's nationwide data base.
(5) Locally maintained criminal history records or data bases.
However, a record or data base need not be searched if the information available in that record or data base can be obtained as a result of a search conducted in another record or data base.
(b) (1) Prior to deciding whether to issue an order under this part or when determining appropriate temporary custody and visitation orders, the court shall consider the following information obtained pursuant to a search conducted under subdivision (a): any conviction for a violent or a serious misdemeanor conviction involving domestic violence, weapons, or other violence; any outstanding warrant; parole or probation status; any prior restraining order; and any violation of a prior restraining order.
(2) Information obtained as a result of the search that does not involve a conviction shall not be considered by the court in making a determination regarding the issuance of an. That information shall be destroyed and shall not become part of the public file in this or any other civil proceeding.
Therapist Disclosures to Patients
AAMFT Code of Ethics (2001):
Marriage and family therapists obtain appropriate informed consent to therapy or related procedures as early as feasible in the therapeutic relationship, and use language that is reasonably understandable to clients. The content of informed consent may vary depending upon the client and treatment plan; however, informed consent generally necessitates that the client: (a) has the capacity to consent; (b) has been adequately informed of significant information concerning treatment processes and procedures; (c) has been adequately informed of potential risks and benefits of treatments for which generally recognized standards do not yet exist; (d) has freely and without undue influence expressed consent; and (e) has provided consent that is appropriately documented. When persons, due to age or mental status, are legally incapable of giving informed consent, marriage and family therapists obtain informed permission from a legally authorized person, if such substitute consent is legally permissible. Marriage and family therapists obtain written informed consent from clients before videotaping, audio recording, or permitting third-party observation.
ACA Code of Ethics Regarding Informed Consent
Clients have the freedom to choose whether to enter into or remain in a counseling relationship and need adequate information about the counseling process and the counselor. Counselors have an obligation to review in writing and verbally with clients the rights and responsibilities of both the counselor and the client. Informed consent is an ongoing part of the counseling process, and counselors appropriately document discussions of informed consent throughout the counseling relationship.
Types of Information Needed
Counselors explicitly explain to clients the nature of all services provided. They inform clients about issues such as, but not limited to, the following: the purposes, goals, techniques, procedures, limitations, potential risks, and benefits of services; the counselor’s qualifications, credentials, and relevant experience; continuation of services upon the incapacitation or death of a counselor; and other pertinent information. Counselors take steps to ensure that clients understand the implications of diagnosis, the intended use of tests and reports, fees, and billing arrangements.
Clients have the right to confidentiality and to be provided with an explanation of its limitations (including how supervisors and/or treatment team professionals are involved); to obtain clear information about their records; to participate in the ongoing counseling plans; and to refuse any services or modality change and to be advised of the consequences of such refusal.
Example of Informed Consent Contract from the APA
Informed consent is key to protecting the counselor and/or supervisor from a malpractice lawsuit (Woody, 1984). Simply, informed consent requires that the recipient of any service or intervention is sufficiently educated about what is to transpire, the potential risks, and alternative services or interventions, so that he or she can make an intelligent decision about his or her participation.
In Supervision, Supervisors must be diligent regarding three levels of informed consent (Bernard & Goodyear, 1992): (1) the supervisor must be confident that the counselor has informed the client regarding the parameters of counseling; (2) the supervisor must be sure that the client is aware of the parameters of supervision (e.g., that audiotapes will be heard by a supervision group); and (3) the supervisor must inform the supervisee about the process of supervision, evaluation criteria, and other expectations of supervision (e.g., that supervisees will be required to conduct all intake interviews for a counseling center in order to increase interview and writing skills).
Due process is a legal term that insures one's rights and liberties. While informed consent focuses on the entry into counseling supervision, due process revolves around the idea that one's rights must be protected from start to finish. Again, supervisors must protect the rights of both clients and supervisees. An abrupt termination of a client could be a due process violation. Similarly, a negative final evaluation of a supervisee, without warning and with no opportunity to improve one's functioning, is a violation of the supervisee's due process rights. Professional Ethics and Law
Confidentiality is an often-discussed concept in supervision because of some important limits of confidentiality both within the therapeutic situation and within supervision. It is imperative that the supervisee understands both the mandate of honoring information as confidential (including records kept on the client) as well as understanding when confidentiality must be broken (including the duty to warn potential victims of violence) and how this should be done. Equally important is a frank discussion about confidentiality within supervision and its limits. The supervisee should be able to trust the supervisor with personal information, yet at the same time, be informed about exceptions to the assumption of privacy. For example, supervisees should be apprised that at some future time, their supervisors may be asked to share relevant information to State licensure boards regarding their readiness for independent practice; or supervisors may include supervision information during annual reviews of students in a graduate program.
Supervisors should not shun opportunities to supervise because of fears of liability. Rather, the informed, conscientious supervisor is protected by knowledge of ethical standards and a process that allows standards to be met consistently. There are three safeguards for the supervisor regarding liability: (1) continuing education, especially in terms of current professional opinion regarding ethical and legal dilemmas; (2) consultation with trusted and credentialed colleagues when questions arise; and (3) documentation of both counseling and supervision, remembering that courts often follow the principle "What has not been written has not been done" (Harrar, Vandecreek, & Knapp, 1990).
As gatekeepers of the profession, supervisors must be diligent about their own and their supervisees' ethics. Ethical practice includes both knowledge of codes and legal statutes, and practice that is both respectful and competent. "In this case, perhaps more than in any other, supervisors' primary responsibility is to model what they hope to teach" (Bernard & Goodyear, 1992, p. 150).
Requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA)
The rules within states for compliance with HIPAA may or may not conflict. To this end, a state by state study is currently in effect to provide that the state rules conform to HIPAA.
This is a guide only to complying with HIPAA regulations for mental health professionals operating either a solo or small group practice. HIPAA is a lengthy, complex, and at times, contradictory document. The language used is hazy and often open to interpretation in specific cases. Additionally, the laws governing the privacy of patients are changing and will continue to change. This should be used only as a guide. If you have specific questions which are not addressed by this guide or if you are not sure whether certain parts apply to your specific situation, contact your professional association for clarification.
Although HIPAA set a deadline of April 14, 2003 for compliance with the new federal regulations for virtually all MFT’s, psychologists, MSW’s, counselors, psychiatrists and other types of psychotherapists, many have not yet done so, partially in the belief that this legislation does not apply to them. While it was possible to apply for an extension for meeting the HIPAA regulations until October 2002, all relevant deadlines have now passed and practitioners are expected to be in compliance.
If you are practicing psychotherapy in a private practice, either as an individual or with a group, it is important, if not vital to your practice to bring your patient notes, billing, and forms such as those which provide for informed consent for treatment, authorization for release of notes, rules for disclosures of patient records, and rules for patient’s access to their records. Many of you will find that you have already met the HIPAA regulations.
All health professionals who send information via electronic transmission are considered “Covered Entities” and all HIPAA rules apply to them. What one must do as a Covered Entity to become compliant with HIPAA will be covered in this course. However, this course should not be seen as covering all aspects of compliance.
Individual practitioners may have practices which differ in important ways from the majority of other practitioners and may require additional changes in their operating procedures to become compliant. Also, as the task force continues its work on integrating laws governing the health professions with HIPAA regulations, new laws may become an additional part of what one must do to become or remain compliant. Continue to check with your professional organizations and licensing boards for updates.
Exempt Mental Health Professionals:
If you are a health care provider who never transmits electronic data regarding patients you are not required, at this time, to comply with the HIPAA regulations and are not considered a “Covered Entity.” However, HIPAA is very quickly becoming the standard of care by which health care providers’ office practices are regulated. In other words, you may be found to be negligent with your patient’s records and confidentiality if you do not move your office practices into compliance.
Additionally, even though you do not submit bills electronically, a patient, an attorney, or other party to whom you submit bills or information may subsequently forward the information electronically, making you responsible for being a Covered Entity under the HIPAA regulations. For example, a patient may submit a claim electronically or it may be stored by the insurance company electronically which would require that the mental health professional be compliant with HIPAA regulations.
Using a FAX machine is not considered to be the same as using electronic transmission. Therefore, a mental health professional can send sensitive materials over a FAX machine without concern about being considered a Covered Entity. However, if the Faxed materials are subsequently sent via electronic transmission, the mental health professional with whom the material originated can also be considered a Covered Entity and thus required to follow HIPAA regulations. As yet, there is no requirement that the mental health professional who sent the FAX be notified that the information will be sent to others by electronic transmission. Protect yourself. It is not that difficult.
A business associate is a person or entity other than the therapist’s immediate workforce which receives confidential or PHI information from the therapist and provides services to the therapist. Among others, these may include a bookkeeper, lawyer, accountant, collection agency, answering service, computer service, or answering service. Business associates are not considered Covered Entities by HIPAA. The PHI may be given to a business associate only after the therapist has obtained a written contract with that person who notifies them that they must safeguard confidential information and how to do so appropriately. Samples of business associate contracts may be obtained online:
It is ultimately the therapist’s responsibility to be certain that the business associate follows the contract. Any subcontractors hired by the business associate must also sign a written contract agreeing to safeguard the PHI. If a business associate is found to have violated the contract, the therapist will need to make certain that steps are taken to repair the problem. If the problem is irreparable or if additional problems occur, the therapist may have to terminate the business associate and/or report the problem to HHS.
Another therapist to whom patients are referred during one’s absence is not considered a business associate. Additionally, janitorial, plumbing, electrical, or other repairmen are not considered business associates. Any postal service is not a business associate either under HIPAA. Business associate relationships are also not created by federal or state oversight committees such as the Medicare Peer Review. A therapist should not consider other therapists within one’s own practice or a consultant who is used for treatment purposes as a business associate. None of these are considered Covered Entities by HIPAA.
History of HIPAA:
HIPAA stands for the Health Insurance Portability and Accountability Act. When this act was initially proposed by Senators Kassenbaum and Kennedy, it was seen as a means to protect individuals who were changing jobs or using a private insurance plan while self-employed from being denied insurance because of previous illness. During the Act’s passage through Congress, it has become quite different than the authors of the initial proposal envisioned.
At this time, HIPAA provides standards for protecting the records and privacy of individuals by making the transmission of electronic claims (billing) secure, by providing rules for the secure storage of patient records, streamlining the insurance billing process, and actually protecting some records for both the therapist and the patient. It is no longer a means for protecting patient records from being denied insurance due to a previous diagnosis or prescription which would be seen by an insurance company as “risky.” People who have had previous illnesses continue to have their insurance applications denied because insurance companies have access to vital data such as the diagnosis, treatment administered, and prognosis. In short, the information provided in the patient’s Protected Health Information is more than adequate for an insurance company to determine whether the patient in question will be covered by an insurance company. Most large group policies are required by law to admit all individuals working within the company to be provided with health insurance, regardless of previous illness. (Senator Nancy Kassenbaum)
The main problem lies with those individuals who must obtain private health insurance. They generally must supply the insurance company to which they apply with information about their previous medical and psychological care and provide permission for the insurance company to access those care records. Obtaining private insurance, such as one would do when self-employed or working for a small company which is not required to cover its employees by law, requires that an individual have a health record which is virtually clean of all major illnesses. It has been my experience that psychotherapy for those conditions covered under the “parity law” which have such diagnoses as varieties of major depressions, schizophrenia, and other such illnesses will cause major insurance carriers to decline coverage to an individual. Within my practice, patients have also been denied coverage for being proscribed Prozac within the last year, having a “sleeping disorder” which the patient reported his wife thought he had but was neither evaluated nor treated. Providing a prospective insurance company with the Private Health Information no longer protects the patient in any way from being denied coverage. In fact, it seems to simplify the records so insurance companies can quickly decide whether or not to cover an applicant.
HIPPA provides standards for the storage of all health care information including the transmission of electronic claims to protect the individuals’ records from others who may have improper access to unprotected electronic transmission. Thus, anyone who is using electronic transmission, including Medicare providers, and providers for insurance which require electronic transmission, must use protected electronic transmission only. The Privacy Rule is the aspect of HIPAA which most concerns psychotherapists now. HIPAA also was designed to streamline the insurance claims process by standardizing both claims and records.
Becoming Compliant with HIPAA:
Luckily, for a solo or small group of health professionals, the process of achieving HIPAA compliance is a fairly easy task, particularly if you have already been following the laws for privacy within your field. HIPAA has required many more administrative responsibilities for large corporations such as hospitals and large clinics. They are likely to need a full-time Privacy Officer while within a smaller private practice, you can designate yourself as the Privacy officer and take care of the necessary changes without a great deal of difficulty.
There are, however, several important changes which should be made as soon as possible. It is likely you will need to take and keep two sets of notes, learn new rules about patient’s access to their clinical records, learn the rules about the rights patients now have to amend their records, and develop new forms for Consent for services and Authorization by the patient to have others see their records or otherwise consult with you about your patient. Additionally, there are new rules about how one must secure records in computers. Unfortunately, if you somehow trigger a HIPAA audit, the likelihood of a lawsuit or fines is high. Additionally, you must be in full compliance immediately since there is no grace period.
Because HIPAA may become the general law which is followed by all states, it is likely that if you are not in compliance you will be open to a lawsuit under a state law you may have overlooked or which may have become law since your last law and ethics class.
Steps to HIPAA Compliance:
These steps apply only to solo practices or those of small groups and should not be taken to apply to hospitals or large clinics. The rules for these entities are different in important ways.
1. Designate a Privacy Officer: This person is responsible for meeting HIPAA requirements by developing the necessary new documents, computer storage of patient records, training staff to comply with regulations, and review the changes. The privacy officer should post or provide each patient, whether new or continuing with a Notice of Privacy Practices. Additionally, an announcement should be placed in a public area which includes the following:
Our Privacy Officer is (name of person). The Privacy Officer:
(a) Can answer your questions about our privacy practices;
(b) Can accept any complaints you have about our privacy practices;
(c) Can give you information on how to file a complaint.
You can call the Privacy Officer at (enter your office number.)
2. Comply with the Privacy Rule: The Privacy Rule applies to all Protected Health Information (PHI will be explained in 3.)Therapists are required to inform all patients of office privacy policies and how they are implemented. The patient’s records must be secured. Release of patient records for any reason either by the therapist, business associates, or staff cannot be done without informing the patient and obtaining the patient’s consent. These will be explained more thoroughly and suggestions for appropriate forms are available. A list of government sponsored and association sponsored websites will be provided at the end of this course.
3. PHI is Protected Health Information: Information which you have about your patient which identifies them as an individual when it is transmitted is PHI. All such material must be treated with utmost caution and respect for the rights of your patient. When the patient is identified by name, Social Security Number, or other means which make the patient identifiable by others requires that the material be classified as PHI. If the information contains PHI, all past, present, and future physical or mental health diagnoses, treatment of any sort, and billing or payment become confidential material.
It is crucial that all material containing PHI or information which identifies a patient be protected within the office. It is advisable to personally chart the flow of this information through your office. For example:
- Is incoming mail secure and protected from unauthorized disclosure?
- Is the information created within the office stored and protected?
- Is the information recorded in other areas, such as on or off-site billing personnel have storage which is protected from unauthorized disclosure?
- Is all incoming and outgoing electronic transmission secure?
HIPAA also requires that PHI material be available to be legitimately shared, sent out, or given to those who are authorized. If you personally see where the information comes in, is stored, used, created, and released, you will feel more confident that there is protection for these documents all along the line of transfer. It is helpful to some therapists to pretend these are their own personal records when deciding whether or not the records of their patients are securely protected throughout the process.
HIPAA requires that PHI be available within five days to an authorized agency under law.
Patients’ Rights to Their Protected Health Information (PHI):
Under the HIPAA regulations, patients have a right to receive a notice about the therapist’s privacy practices. This information should be contained in the paperwork which is done in the first session when the patient is to sign a form in which they “consent” to treatment.
Patients can also restrict the use or disclosure of their PHI. However, there are serious limitations on this. The patient’s consent is no longer required for use or disclosure of treatment, payment, or health care operations or TPO. When the consent requirement was deleted in the published regulations of August 14, 2002, there was a huge protest from those who had fought for patients to have privacy. Essentially, the entire process of treatment, payment and operations of health care is not required to be given to the patient.
While many patients are unaware of the tremendous amount of information revealed about their personal medical and psychological treatment, most clinicians, particularly those who regularly deal with managed care and HMO’s are very aware of the type of information required both about the patient and about the qualifications of the practitioner. While a patient can submit a written revocation of their TPO at any time, the therapist may still use the now revoked consent to obtain payment for the treatment if the therapist has already acted in reliance on their initial consent for treatment. More simply stated, the therapist may bill the insurance company and receive payment for services rendered.
Treatment may refer to the type of psychotherapy received, consultation with other health care providers, and/or referral of a patient from one provider to another. The therapist may act without consultation with their patient in areas such as billing, determining eligibility, managing claims, collection of fees, providing information for the review of medical necessity for treatment, and giving information to insurance companies for the purpose of utilization review. Health Care Operations may include quality assessment, medical review, legal services, having an insurance underwriter review the competence or qualifications for health care professionals, and other matters pertaining to managing the business. The patient has no legal right under HIPAA to this information. Nevertheless, a practitioner may, out of a personal sense of ethical responsibility, provide their patients with information about their own policies and what is required of them by the patient’s insurance company.
Patients essentially lost the right which was the original point of the HIPAA legislation. The National Coalition of Mental Health Professionals and Consumers reported that, “The Bush Administration’s Rule changes in August 2002, ended the right of each American to consent to the release of personal health information , PHI, and gave ‘regulatory permission’ for disclosure of any identifiable health information for treatment, payment, and health care operations (TPO), stipulating that the treating professional should determine the minimum necessary information to be disclosed to meet TPO requirements, and that the patient must be advised of that professional’s privacy policies.”
The patient must authorize any use of PHI or Psychotherapy notes other than TPO or those situations which require disclosure with or without the patient’s permission. This usually occurs when a patient is applying for a new insurance policy or is changing physicians or health groups. It has been my experience that when information is released to a large provider of health care, such as the Veteran’s Administration system for continuation of a patient’s care, the PHI is passed throughout the care system; including not only the treating physician but also hospitals and other health care units have access to this information. A patient may see this release of health care information as useful in providing their current health care providers with a complete record of their previous treatment. Other patients may feel threatened by having information dispersed so widely.
Patient’s Access to Their PHI:
Patients have access to their health information contained in their PHI and may request amendments to their records. They are to be told that they have these rights. The therapist must act within 30 days of receipt of a request to provide access.
Therapists may charge a reasonable fee for copying and mailing the PHI if it is requested that the PHI be mailed, but not for the time required to find the documents. If the patient requests a summary of the records, a fee may be charged for the time to do this service.
However, a therapist may deny a patient access to their PHI if the patient is given the right to have their denial reviewed. There are several reasons why access to the PHI may be denied:
- If the therapist has reason to assume that the life or physical safety of others will be endangered by access to the records.
- If the records make reference to other persons (unless that other person is a healthcare provider) or if access to the information would cause harm to the other person. This may occur if another person has made contact with the therapist and notes of that interaction are in the PHI.
- If access is denied, the therapist must provide a timely, written denial including the basis for the denial, a statement of the patient’s review rights, a description of how the patient may exercise such review rights, a description of how the patient may complain to the provider including the name and number of the contact person or office designated to receive his complaints, and a description of how the patient may complain to the HHS Secretary.
Patients have the right to appeal the denial of access to their health information to another licensed health care professional who was not involved in the original decision to deny access. This reviewer must be designated by the psychotherapist, and the therapist must comply with the decision of the reviewer.
Disclosure of PHI notes without Permission of the Patient
- When required by law
- To a coroner or medical examiner when required by law
- To show compliance with the Privacy Rule
- To avert serious threat to the health and safety of a person or the public
- For a public health authority
- For a health oversight agency
- For the military or other national security agency
- To comply with Worker’s compensation laws
- When there are victims of abuse, neglect, and domestic violence
- When there is suspicion or evidence of child abuse.
There are other exceptions to the rule of privacy; however, it is best to consult with one’s professional association such as CAPS or CAMFT prior to disclosing information about a patient.
Case Notes or Non-PHI Notes:
Information which does not identify the patient and could not reasonably be used to identify the patient is not considered PHI and is not protected by HIPAA. This implies, and is readily translated to mean that a mental health professional’s private case notes are not open to scrutiny by anyone other than the therapist.
This encourages the therapist to keep two sets of records, one which duly provides the information required by HIPAA and a second set of notes which are kept separately from the HIPAA records. They must be kept in a separate file and perhaps in a separate filing cabinet from PHI notes and other medical records. In this way, a therapist can keep track of private, personal notes which are used for therapy purposes from such diverse information as what their patient has been eating lately to what the therapist thinks about a dream but decides it is too soon to interpret to the patient. They can contain other sensitive information such as drug abuse, HIV-AIDS information, and other sensitive information about the patient. There is no requirement that two separate sets of notes be kept but they can certainly be useful to the therapist in the treatment of the patient.
Psychotherapy Notes or “process notes” are excluded from HIPAA regulations since they do not have information such as full names, Social Security Numbers and other information which could reasonably be used to identify a patient. They are the often sketchy notes one makes to oneself while listening to a patient. The therapist’s guesses and hypotheses can be included also in these notes and excluded from those notes controlled by HIPAA.
Psychotherapy notes also cannot be used by Insurance companies to determine the patient’s eligibility for treatment or payment. While no records are completely immune from disclosure, these records are far more protected under the HIPAA regulations than they have been previously. When a patient releases information for reimbursement or other purposes, the Psychotherapy Notes are not released. This legislation supports the previous Supreme Court’s 1996 Jaffee v. Redmond decision which affirmed the importance of confidentiality and privacy to develop trust and other aspects of a therapeutic relationship.
Psychotherapy Notes specifically may not include medication prescription and monitoring. They may also not include starting and stopping times of the sessions and modality and frequency of the treatment. They must also not include a diagnosis, functional status, treatment plan, results of clinical tests, symptoms, prognosis, or progress in treatment since those parts of the record are to be a part of the general record or the PHI controlled by HIPAA. Thus the distinction between the very private Psychotherapy Notes and the ironically much more public notes which identify the patient, the diagnosis, and the prognosis is maintained.
To clarify this distinction further, a psychoanalytically based treatment to document an intervention in a PHI, HIPAA regulated file, which does not contain Psychotherapy Notes may read:
Interpretations were made regarding the onset of the patient’s current symptoms and were accepted and used by the patient with some success to further his understanding.
Psychotherapy Notes, in contrast may read:
Some success today. Discussed his attachment to his mom and feelings that she needed him to talk with while father went to sleep early. Discussed details of his plans to seduce her--I was feeling like his mother in the countertrans. \ he slipped and called me the first part of his M.s name then corrected it. New Girl he likes sounds nice.
The patient’s insurance company, managed-care, or Medicare may need information similar to the first example to document that the patient is making progress in treatment and why. They do not need the private information which occurs in the consulting room. HIPAA protects this information if the therapist is willing to make separate folders for their patients. The patient is able to talk about shameful thoughts, acts, and memories while the therapist can take private Psychotherapy Notes on these which remain private but would cause damage or harm to the patient if revealed. Additionally, the patient must authorize the therapist to share the Psychotherapy Notes with other clinicians. If several therapists or others such as physicians are involved in a case, the general notes or medical records can be shared. Only the patient, the subject of the notes, can authorize sharing of the Psychotherapy Notes. Professional Ethics and Law
Disclosure of Psychotherapy Notes:
The Psychotherapy Notes can only be disclosed without the patient’s authorization under certain circumstances:
- When mandated by law.
- To defend the therapist against charges brought by the patient.
- For training or supervision
- For oversight of the therapist
- Under the Tarasoff Law and under HIPAA to avert a serious and imminent treat to the health or safety of a person or the public, The disclosure may be made to only the person or persons who can reasonably be expected to prevent or reduce the threat. The person who is threatened must also be notified in this disclosure.
Therapists cannot disclose Psychotherapy Notes they receive from another therapist to any other therapist without authorization from the patient. This is not the case with general Protected Health Information or PHI which may be re-disclosed or sent as part of the record and is routine treatment.
If a patient authorizes the release of their Psychotherapy Notes to a NON-COVERED person or entity with whom the therapist does not have a business contract, that person or entity may release them to whomever they please without any need for the patient’s authorization. For example, if a patient releases their Psychotherapy Notes to someone who has convinced the patient that they will write their biography, but they are not a health provider, or other Covered Entity, the “biographer” may release the Psychotherapy Notes to whomever he or she pleases.
Patients have NO right to review their Psychotherapy Notes. Under the HIPAA rules, they have many rights regarding their general record or PHI including reviewing it. However, a patient can request to have an entire record transferred to another therapist or someone else and then may see the Psychotherapy Notes. Again, keep the Psychotherapy Notes separate from other notes and psychotherapists are not required to keep Psychotherapy Notes at all so they may be destroyed after they cease to be useful to the psychotherapist.
Patient’s Rights to Amend Their Private Health Information:
Under the HIPAA regulations, patients can review their PHI and amend statements in the PHI which they consider to be incorrect. However, the therapist can refuse to amend the PHI if it is not part of the designated PHI record set; if it is not available for inspection; if the therapist thinks the record is accurate and complete; or if the record was not created by the therapist and the creator is no longer available. If the patient provides a reasonable basis to believe that the creator of the PHI is no longer available to act on the request, the therapist must address the request as if he or she created the information.
If the therapist refuses to do the requested amendment, he or she must provide the patient with a timely, written denial which explains the patient’s right to submit a written statement of disagreement, the patient’s right to have the denial notice sent out with subsequent disclosures of the PHI, and how the patient may make a complaint to DHHS. Although the patient has the right to disagree, the therapist has the right to provide the patient with a written rebuttal both to the patient and to be entered in the PHI. All subsequent disclosures of the PHI would contain the rebuttal.
The therapist must develop a procedure for granting and denying requests to amend the PHI. Under HIPAA regulations, the therapist must respond within 60 days after receiving the patient’s request to amend the record but may request an additional 30 days if the patient is given notice.
If the therapist determines that the record should be changed according to the requested amendment, he or she must make the amendment; notify the patient; ask the patient who else should be notified of the amendment; and provide the amended information to those identified by the patient. However, all information and communication relating to granting or denying requests by the patient to amend the PHI must be included as part of the record. Changes resulting from a patient’s request to amend the record do not exclude any prior information or part of the record it is simply added to it.
Records of Minors:
HIPAA generally intends not to interfere with state laws regarding parental control and access to their children’s mental health treatment. The parents in general are the representatives of their children and thus have access to the PHI concerning their children. The parent may release the PHI to whomever they deem suitable with or without the permission of their children.
The only exceptions to this rule are if a court makes the determination that the parent does not have the right to access their child’s PHI; if someone other than the parent is legally authorized to make decisions for the minor; when the parent, or other person legally acting as the parent, consents to an agreement of confidentiality between the minor and the health care provider. Also, if a state law allows a minor access to mental health services without the consent of the parent, the minor has the same rights as an adult patient regarding their PHI. State laws which recognize this right supercedes the HIPAA regulations and the specific situations to which this may apply are beyond the scope of this class.
It is important to recognize that a HIPAA compliance audit can be conducted at any time without any cause. No one needs to file a complaint or does there need to be any apparent problem. The department of Health and Human Services HHS is the body which will eventually have enforcement power. Any person who believes their rights have been violated by having a therapist who is not compliant with HIPAA can contact HHS and file a complaint which immediately is to trigger an investigation. Once this investigation has begun, the HIPAA rules apply not only to the particular difficulty which was found initially but to the therapist’s entire practice.
The most likely causes for an audit are when a therapist electronically transmits Protected Health Information (PHI) through filing a health care claim; inquiring about the status of a claim; inquiring about eligibility of enrollment; obtaining advice about a health care payment or remittance; attempting to coordinate payments; confirming a referral; or creating the first report of an injury. Clearly, some of these are done more frequently by the therapist while others are more frequently initiated by an insurance company or a patient. Therapists who use billing and collection services may also trigger application of the Privacy rule. The therapist is responsible, in other words, for the actions of everyone with whom they contract to be certain that the electronic transmissions they create are secure.
The consequences of failing to be in compliance with HIPAA can be severe. Fines of up to $250,000 and imprisonment for up to ten years or both can be levied against an individual who knowingly perpetrates “wrongful disclosure of individual, identifiable, health information. Additionally the Office of Civil Rights at the US Department of Health and Human Services can initiate administrative action against non-compliant therapists. Patients can also file lawsuits if a therapist is non-compliant because their private health information is endangered. There may also be civil penalties but these cannot exceed $25,000 in one year.
Because any or all of these things would make a normal therapist pack his or her bags and head for a country without an extradition treaty, it is important to become compliant with the HIPAA regulations as soon as possible. Also, it is likely that the HHS will enforce HIPAA in a way which is educational rather than punitive unless there is evidence that the clinician profited in some manner by unlawfully transmitting Protected Health Information.
Problems within HIPAA:
This is a new set of laws which are designed by the US Congress to regulate the healthcare industry. Because of this, states, which have regulated healthcare previously, have a variety of laws which are usually similar to those of HIPAA, but different enough that there is an ongoing task force to determine which laws should be changed so that Federal and State law governing the privacy of healthcare are more closely the same. When state laws are more restrictive the HIPAA rules do not preempt state laws. Additionally, all states will continue to investigate and regulate therapists with regard to confidentiality, ethics, and integrity.
Although HIPAA went into effect in April 2003, and was to become the law of the land by October 16, 2003, it is clear at this time (November 2003) that this has not yet occurred. Those healthcare providers who have small practices and have used electronic transmission of billing provided by Medicare have been told that the new software is not yet complete to replace the system which has been offered for free to practitioners with a small number of Medicare patients. The pre-HIPAA software continues to be adequate to submit billing for now.
Additionally, HIPAA does not give clear black and white rules about when therapists may and may not disclose information. Perhaps some of these rules will eventually be decided through case law. Your issue, as an individual clinician is to make certain that you are not the one whose name appears in the case law which will eventually be cited.
HIPAA, at this time, does not create a national data bank for offenders. However, if you are successfully sued by a patient for failing to follow HIPAA and failing to protect the confidentiality of records, you will find yourself in the National Data Bank anyway.
Psychotherapists who work on a fee-for-service, out-of-pocket, cash only basis 100% of the time and who never bill insurance either directly or by providing their patients with the means to bill their own insurance carrier can, so far remain free of the HIPAA regulations.
HIPAA is a long, rambling, complex set of laws. In many places it is unclear and difficult to interpret. If one looks at the law with a particular question in mind, the problems become very difficult indeed. HIPAA will continue to change. It is necessary to stay in touch with one’s professional organizations to stay current with the law.
Additional HIPAA information
Permitted Uses and Disclosures. A covered entity is permitted, but not required, to use and disclose protected health information, without an individual’s authorization, for the following purposes or situations: (1) To the Individual (unless required for access or accounting of disclosures); (2) Treatment, Payment, and Health Care Operations; (3) Opportunity to Agree or Object; (4) Incident to an otherwise permitted use and disclosure; (5) Public Interest and Benefit Activities; and (6) Limited Data Set for the purposes of research, public health or health care operations.Covered entities may rely on professional ethics and best judgments in deciding which of these permissive uses and disclosures to make.
(1) To the Individual. A covered entity may disclose protected health information to the individual who is the subject of the information.
(2) Treatment, Payment, Health Care Operations. A covered entity may use and disclose protected health information for its own treatment, payment, and health care operations activities.A covered entity also may disclose protected health information for the treatment activities of any health care provider, the payment activities of another covered entity and of any health care provider, or the health care operations of another covered entity involving either quality or competency assurance activities or fraud and abuse detection and compliance activities, if both covered entities have or had a relationship with the individual and the protected health information pertains to the relationship.
Treatment is the provision, coordination, or management of health care and related services for an individual by one or more health care providers, including consultation between providers regarding a patient and referral of a patient by one provider to another.
Payment encompasses activities of a health plan to obtain premiums, determine or fulfill responsibilities for coverage and provision of benefits, and furnish or obtain reimbursement for health care delivered to an individualand activities of a health care provider to obtain payment or be reimbursed for the provision of health care to an individual.
Health care operations are any of the following activities: (a) quality assessment and improvement activities, including case management and care coordination; (b) competency assurance activities, including provider or health plan performance evaluation, credentialing, and accreditation; (c) conducting or arranging for medical reviews, audits, or legal services, including fraud and abuse detection and compliance programs; (d) specified insurance functions, such as underwriting, risk rating, and reinsuring risk; (e) business planning, development, management, and administration; and (f) business management and general administrative activities of the entity, including but not limited to: de-identifying protected health information, creating a limited data set, and certain fundraising for the benefit of the covered entity.
Most uses and disclosures of psychotherapy notes for treatment, payment, and health care operations purposes require an authorization as described below.Obtaining “consent” (written permission from individuals to use and disclose their protected health information for treatment, payment, and health care operations) is optional under the Privacy Rule for all covered entities.24 The content of a consent form, and the process for obtaining consent, are at the discretion of the covered entity electing to seek consent.
(3) Uses and Disclosures with Opportunity to Agree or Object. Informal permission may be obtained by asking the individual outright, or by circumstances that clearly give the individual the opportunity to agree, acquiesce, or object. Where the individual is incapacitated, in an emergency situation, or not available, covered entities generally may make such uses and disclosures, if in the exercise of their professional judgment, the use or disclosure is determined to be in the best interests of the individual.
Facility Directories. It is a common practice in many health care facilities, such as hospitals, to maintain a directory of patient contact information. A covered health care provider may rely on an individual’s informal permission to list in its facility directory the individual’s name, general condition, religious affiliation, and location in the provider’s facility.25 The provider may then disclose the individual’s condition and location in the facility to anyone asking for the individual by name, and also may disclose religious affiliation to clergy. Members of the clergy are not required to ask for the individual by name when inquiring about patient religious affiliation.
For Notification and Other Purposes. A covered entity also may rely on an individual’s informal permission to disclose to the individual’s family, relatives, or friends, or to other persons whom the individual identifies, protected health information directly relevant to that person’s involvement in the individual’s care or payment for care. 26 This provision, for example, allows a pharmacist to dispense filled prescriptions to a person acting on behalf of the patient. Similarly, a covered entity may rely on an individual’s informal permission to use or disclose protected health information for the purpose of notifying (including identifying or locating) family members, personal representatives, or others responsible for the individual’s care of the individual’s location, general condition, or death. In addition, protected health information may be disclosed for notification purposes to public or private entities authorized by law or charter to assist in disaster relief efforts.
(4) Incidental Use and Disclosure. The Privacy Rule does not require that every risk of an incidental use or disclosure of protected health information be eliminated. A use or disclosure of this information that occurs as a result of, or as “incident to,” an otherwise permitted use or disclosure is permitted as long as the covered entity has adopted reasonable safeguards as required by the Privacy Rule, and the information being shared was limited to the “minimum necessary,” as required by the Privacy Rule.(5)
Public Interest and Benefit Activities. The Privacy Rule permits use and disclosure of protected health information, without an individual’s authorization or permission, for 12 national priority purposes.These disclosures are permitted, although not required, by the Rule in recognition of the important uses made of health information outside of the health care context. Specific conditions or limitations apply to each public interest purpose, striking the balance between the individual privacy interest and the public interest need for this information.
Required by Law. Covered entities may use and disclose protected health information without individual authorization as required by law (including by statute, regulation, or court orders).
Public Health Activities. Covered entities may disclose protected health information to: (1) public health authorities authorized by law to collect or receive such information for preventing or controlling disease, injury, or disability and to public health or other government authorities authorized to receive reports of child abuse and neglect; (2) entities subject to FDA regulation regarding FDA regulated products or activities for purposes such as adverse event reporting, tracking of products, product recalls, and post-marketing surveillance; (3) individuals who may have contracted or been exposed to a communicable disease when notification is authorized by law; and (4) employers, regarding employees, when requested by employers, for information concerning a work-related illness or injury or workplace related medical surveillance, because such information is needed by the employer to comply with the Occupational Safety and Health Administration (OHSA), the Mine Safety and Health Administration (MHSA), or similar state law.Victims of Abuse, Neglect or Domestic Violence. In certain circumstances, covered entities may disclose protected health information to appropriate government authorities regarding victims of abuse, neglect, or domestic violence.
Health Oversight Activities. Covered entities may disclose protected health information to health oversight agencies (as defined in the Rule) for purposes of legally authorized health oversight activities, such as audits and investigations necessary for oversight of the health care system and government benefit programs.
Judicial and Administrative Proceedings. Covered entities may disclose protected health information in a judicial or administrative proceeding if the request for the information is through an order from a court or administrative tribunal. Such information may also be disclosed in response to a subpoena or other lawful process if certain assurances regarding notice to the individual or a protective order are provided.
Law Enforcement Purposes. Covered entities may disclose protected health information to law enforcement officials for law enforcement purposes under the following six circumstances, and subject to specified conditions: (1) as required by law (including court orders, court-ordered warrants, subpoenas) and administrative requests; (2) to identify or locate a suspect, fugitive, material witness, or missing person; (3) in response to a law enforcement official’s request for information about a victim or suspected victim of a crime; (4) to alert law enforcement of a person’s death, if the covered entity suspects that criminal activity caused the death; (5) when a covered entity believes that protected health information is evidence of a crime that occurred on its premises; and (6) by a covered health care provider in a medical emergency not occurring on its premises, when necessary to inform law enforcement about the commission and nature of a crime, the location of the crime or crime victims, and the perpetrator of the crime.
Decedents. Covered entities may disclose protected health information to funeral directors as needed, and to coroners or medical examiners to identify a deceased person, determine the cause of death, and perform other functions authorized by law.35
Cadaveric Organ, Eye, or Tissue Donation. Covered entities may use or disclose protected health information to facilitate the donation and transplantation of cadaveric organs, eyes, and tissue.36
Research. “Research” is any systematic investigation designed to develop or contribute to generalizable knowledge.The Privacy Rule permits a covered entity to use and disclose protected health information for research purposes, without an individual’s authorization, provided the covered entity obtains either: (1) documentation that an alteration or waiver of individuals’ authorization for the use or disclosure of protected health information about them for research purposes has been approved by an Institutional Review Board or Privacy Board; (2) representations from the researcher that the use or disclosure of the protected health information is solely to prepare a research protocol or for similar purpose preparatory to research, that the researcher will not remove any protected health information from the covered entity, and that protected health information for which access is sought is necessary for the research; or (3) representations from the researcher that the use or disclosure sought is solely for research on the protected health information of decedents, that the protected health information sought is necessary for the research, and, at the request of the covered entity, documentation of the death of the individuals about whom information is sought.A covered entity also may use or disclose, without an individuals’ authorization, a limited data set of protected health information for research purposes (see discussion below).
Serious Threat to Health or Safety. Covered entities may disclose protected health information that they believe is necessary to prevent or lessen a serious and imminent threat to a person or the public, when such disclosure is made to someone they believe can prevent or lessen the threat (including the target of the threat). Covered entities may also disclose to law enforcement if the information is needed to identify or apprehend an escapee or violent criminal.40
Essential Government Functions. An authorization is not required to use or disclose protected health information for certain essential government functions. Such functions include: assuring proper execution of a military mission, conducting intelligence and national security activities that are authorized by law, providing protective services to the President, making medical suitability determinations for U.S. State Department employees, protecting the health and safety of inmates or employees in a correctional institution, and determining eligibility for or conducting enrollment in certain government benefit programs1
Workers’ Compensation. Covered entities may disclose protected health information as authorized by, and to comply with, workers’ compensation laws and other similar programs providing benefits for work-related injuries or illnesses.
(6) Limited Data Set. A limited data set is protected health information from which certain specified direct identifiers of individuals and their relatives, household members, and employers have been removed. A limited data set may be used and disclosed for research, health care operations, and public health purposes, provided the recipient enters into a data use agreement promising specified safeguards for the protected health information within the limited data set.
Limiting Uses and Disclosures to the Minimum Necessary
Minimum Necessary. A central aspect of the Privacy Rule is the principle of “minimum necessary” use and disclosure. A covered entity must make reasonable efforts to use, disclose, and request only the minimum amount of protected health information needed to accomplish the intended purpose of the use, disclosure, or request.50 A covered entity must develop and implement policies and procedures to reasonably limit uses and disclosures to the minimum necessary. When the minimum necessary standard applies to a use or disclosure, a covered entity may not use, disclose, or request the entire medical record for a particular purpose, unless it can specifically justify the whole record as the amount reasonably needed for the purpose. See additional guidance on Minimum Necessary.
The minimum necessary requirement is not imposed in any of the following circumstances: (a) disclosure to or a request by a health care provider for treatment; (b) disclosure to an individual who is the subject of the information, or the individual’s personal representative; (c) use or disclosure made pursuant to an authorization; (d) disclosure to HHS for complaint investigation, compliance review or enforcement; (e) use or disclosure that is required by law; or (f) use or disclosure required for compliance with the HIPAA Transactions Rule or other HIPAA Administrative Simplification Rules.
Access and Uses. For internal uses, a covered entity must develop and implement policies and procedures that restrict access and uses of protected health information based on the specific roles of the members of their workforce. These policies and procedures must identify the persons, or classes of persons, in the workforce who need access to protected health information to carry out their duties, the categories of protected health information to which access is needed, and any conditions under which they need the information to do their jobs.
Disclosures and Requests for Disclosures. Covered entities must establish and implement policies and procedures (which may be standard protocols) for routine, recurring disclosures, or requests for disclosures, that limits the protected health information disclosed to that which is the minimum amount reasonably necessary to achieve the purpose of the disclosure. Individual review of each disclosure is not required. For non-routine, non-recurring disclosures, or requests for disclosures that it makes, covered entities must develop criteria designed to limit disclosures to the information reasonably necessary to accomplish the purpose of the disclosure and review each of these requests individually in accordance with the established criteria. Professional Law and Ethics, LPCC, 18 credits, BBS approved, licensure, prelicensure, instant certificates.
Reasonable Reliance. If another covered entity makes a request for protected health information, a covered entity may rely, if reasonable under the circumstances, on the request as complying with this minimum necessary standard. Similarly, a covered entity may rely upon requests as being the minimum necessary protected health information from: (a) a public official, (b) a professional (such as an attorney or accountant) who is the covered entity’s business associate, seeking the information to provide services to or for the covered entity.
Professional Law and Ethics - Page 3