Therapy Toronto Free Directory


 Ethical hazards when therapists use technology

Written for Prospect, the journal of the Ontario Society of Psychotherapists, by Beth Mares and Liz White, with assistance from Silvana Bazet and IT professional Mike Mares of Toronto.
 

OOPS!
Avoiding breaches of professional ethics in the digital age
 

Because the ubiquity of new technology has made psychotherapists vulnerable to inadvertent ethical breaches, our 2010 AGM passed some updates to our Standards of Practice to help us minimize our exposure to these hazards. Here are some ideas to help you with compliance.


Know the Hazards

Telephones: If you or your psychotherapy client or supervisee uses a cordless phone, the signal can be picked up by a third party. If you lose your cell phone, any client phone numbers or text messages on it can be accessed by someone else.

Email: Unless you, the client, and anyone to whom an email may be forwarded all use encryption, an email can be read at various points in its journey from sender to recipient.

Data storage: Unless special measures are taken, any stored emails (including your replies in the Sent Mail file), client lists, typed reports, session notes, etc. can be read by someone left alone with your computer (e.g., the computer repairman), stolen by a virus that infects your computer, or read by Google and who knows who else. Deleted data can potentially be recovered from an old computer that has been "wiped clean".

Instant messaging: It's not secure unless it is encrypted.

Social networking sites: Boundaries could be crossed.

Legal issues in distance counselling: Therapists may unwittingly practice without insurance or break the laws of another province or jurisdiction.


How to stay out of the quicksand?

Here are some suggestions:

Encrypted email can be obtained from www.hushmail.com and several other websites that you will find if you do a search for "free encrypted email". Most potential clients don't have it at this point, but if you have it you could recommend that people who plan to do cybercounselling by email with you get it. Also, don't add "psychotherapist", your website address, etc. to the automatic signature on your emails. Be careful what you say in an email, especially a work email, even if the client says it's totally private. It isn't.

Encrypt your psychotherapy practice data, and keep it separate from personal data (or encrypt both). Information about how to encrypt can be obtained from http://www.truecrypt.org/.  You will need to have an operating system that supports encryption--which usually means the professional versions of Windows XP and Windows 7. If you have the home version you would need a re-installation, which is a big production and not practical if you don't have someone you can trust with confidential information to do it. Some people keep client data on a USB (flash drive) instead of on their hard drive, but the data is easily destroyed by static electricity, and a USB is tiny and easily lost.

Maintain control of all client data through an efficient filing system and delete records (e.g., emails), when you no longer need them. Do not retain client material for your own purposes (e.g., teaching, writing a book) without the client's written permission. You may wish to re-read our Standards of Practice document's recommendations about what records to keep for seven years.

Don't discard or give away your computer without physically destroying any hard drive that has ever had unencrypted confidential material on it.

If you have to take your computer in for service by the nice young man who might be your client's son-in-law, therapy client or warring neighbour, you can delete the confidential data off it first--so long as you have carefully backed it up in two different places.

Have top of the line, up-to-date virus protection--McAfee, Symantec and Kaspersky have good reputations; and be careful about opening attachments, as they could contain malware if they come from an infected computer.

If you have a personal page on Facebook or another social networking site, make sure that it is thoroughly privatized and not available to search engines. Then remember that nothing on the internet is totally secure, and don't put up the pictures of your stag or stagette, unless it was an unusually sedate affair. Do not "friend" clients or ex-clients from your personal site. It's fine to have a professional site and accept "friend" requests from clients on that. (This advice comes from the American Medical Association, who kindly allowed us to read their as yet unpublished guideline.)

Encryption for instant messaging is available. To work, it needs to be used by both therapist and client. It is our understanding that Skype is automatically encrypted.

Professional insurance for distance counselling varies. Some plans do not cover it at all. Our OSP plan covers psychotherapy and counselling by phone, email and instant messaging when the client is located in Canada, or if located elsewhere, is a permanent resident of Canada, under the same conditions that apply when the client comes to the office. Virtually all states in the U.S., and Quebec and B.C. in Canada, require that therapists practicing there be licensed in the state or province. Last we heard, there has been no court case establishing whether the therapy takes place where the therapist is or where the client is, but as the legislation is intended for the protection of the locals, you probably don't want to be the test case.



Some limitations to privacy will remain despite our impeccable vigilance. We need to make the clients aware of them. Some therapists discuss them in the first session, or when arranging the first appointment. Putting it in writing may give added protection. You can add information about the limits to confidentiality to your intake form/ informed consent, and/or you can put it with your contact information on your website. For an example, see the contact page of Beth's website,  www.psychotherapists.ca. Beth gives basic information about email [in]security, with a link to an article giving more detailed information geared to potential clients. You are welcome to link to the article. It's also good to let clients know that they are welcome to ask how you handle record-keeping and other matters that affect privacy.

Good luck!
 

Therapy Toronto home page

  Copyright © 2010 Beth Mares and Liz White

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

This website belongs to Beth Mares and Mike Mares of Toronto. Beth Mares is a psychotherapist, and Mike Mares is an information technologist at the University of Toronto, currently working on virtual servers, among other things, at the Faculty of Medicine, Toronto campus.