What are the ethical and legal implications of transmitting client information electronically via computer or FAX; storing client information on computers, laptops, external drives, or disks; communicating with clients via email, twitter, or other electronic formats; using mobile phones or other portable communications devices; interacting with clients on facebook or other social network online sites? What are the necessary safeguards and where should we draw the line? What are the distinctions between our profession’s ethical requirements and HIPAA’s legal requirements? What are the implications for training our clinical and/or non-clinical staff, supervisees, or students?
I. Does My Ethics Code Say Anything About This?
Using Electronic Equipment
Blackberries & Other Communications Devices
Communicating With Clients Electronically
E-Mail, Texting, Tweeting, Facebook, etc.
Providing Clinical Services Electronically
Storing Client Data Electronically
Transmitting Client Data to Others Electronically
Submitting Third Party Reimbursement Claims
Disclosing Client Information & Records to Others
II. Does My Profession Have Recommendations About This?
III. Does My Electronic Technology Have Legal Implications?
Federal Law – HIPAA
Virginia Statutory Law & Regulations
IV. What Technology Safeguards Do I Have In Place?
V. Are My Clients Informed About the Risks?
VI. What Training Do I Provide About This in My Setting?
Non-Clinical Staff – Clerical Staff, Receptionist, Cleaning Staff
Business Associates – Billing Service, Answering Service, Others Supervisees, Interns
Family or Friends With Access to My Electronics
VII. Are My Safeguards and Training Adequate?
(a) Describe your ethical standards or professional recommendations about electronic technology.
(b)Explain the distinction between these ethical mandates and HIPAA’s legal mandates.
(c) Describe types of risks with electronic technology and indicate appropriate safeguards.
(d) Describe your decision-making process about which technologies to use and which to avoid.
(e) Describe what you will say to clients about your own use of electronic technology.
(f) List the training necessary if client information is to be protected in your setting.