1. I am trying to put together a professional will and want to know how long I would need to ask my executor to be able to provide records to clients. Would it be for 7 years?
Check your state’s laws to be sure, but most states require providers to keep records for 7 years from the last contact. The underlined portion is the most important part.
2. I work with deaf people using American Sign Language. I’m considering using telehealth, as I live in a very large, rural state. Many individuals have asked for this service but I’m not sure which training I need to take and how to start. I’m fluent in ASL.
If you are fluent in ASL, then you have half the battle won. Use a secure internet provider so that your conversations will be private, and then you could use FaceTime or Skype or any of the video chatting programs.
3. Hospitals are not allowed to store any patient records in the cloud. How are social workers and private practices getting around this or are they not under the same confidentiality standards?
There have been problems with that type of storage because the providers sometimes go out of business and leave the provider with no access to their records. An external hard drive would be easier and safer.
4. What are the recommendations for how to erase/dispose of old electronic devices like laptops, desktops?
Take the machine to a company that specializes in wiping those drives.
5. Are social work clinicians required to keep electronic records as opposed to paper?
If a clinician is part of an agency that uses an EMR or EHR, then they must use the electronic record. Consult a local attorney if you have any specific questions.
6. Aren't all telephone calls through a cell phone at risk for interception? Or a voicemail overheard? Should we require people to use landlines? So maybe I need to write in the informed consent that I can't take responsibility for info they allow someone else to read, hear or read.
Unless you are using a secure phone line, any call is susceptible to hacking. You can try to require a landline, but in this age of cell phones, more people have cell phones than landlines. It could be an impossible requirement.
7. There is an app you can buy that allows for a separate phone number that rings on your personal phone. Is that adequate separation per the standard?
8. Does the use of technology create challenges to obtain fees?
9. So the standard confidentiality notice on the e-mail isn't good enough?
If there is a question, consult an attorney.
10. What about those of us in private practice who still keep paper records? Any guidance related to this in this new landscape?
Keep your paper records secure as you always do, continue to document as you always have. Understand that at some point you may have to switch to electronic records.
11. It would be good to define technology services. People think if they are not doing distance therapy they are not using technology, yet they are doing email, texting, electronic record storage, billing, etc.
Very good point! Anything involving electronics is technology.
12. Can you reinforce to attendees that even if the client is ok, we as the social workers need to do everything possible to protect confidentiality.
13. I assist a psychotherapist with her billing. What kinds of safeguards do I the assistant and the psychotherapist need to have in place? Business Associates Agreement?
At a minimum, a Business Associate Agreement is a must. Discussions with the psychotherapist about how to transmit information for billing purposes in a secure manner are also a must. Security of the information should be the most important thing. If you can, you should also get an Errors & Omissions liability insurance policy.
14. What if you get info about a client that is not yours from a health care provider?
Inform the health care provider about the error and then forget the information, exactly as you would expect if you gave another provider information they should not have.
15. You mentioned that a client may not be able to see a therapist due to inability to physically attend a session. What if the client can physically see a therapist face to face and has done so in the past, but due to a request they would like to use technology for future sessions?
Circumstances might require that a therapist offer technology for sessions – for example, if the therapist has an office on the second floor of an older building and the client is disabled and unable to use the stairs, technology might be the only way they can work together. If you have concerns about providing services to this client through technology, you could have a conversation with the client to set parameters around the therapy and the expectations for both sides.
16. If I inform my client that Facetime is not secure and they still desire to talk over Facetime, can I provide the service?
Have the client sign a consent acknowledging that they are aware that a Facetime connection is not secure and the information shared in sessions could be accessible.
17. Is telehealth covered by Medicare and other major health insurance companies?
You would need to consult with each carrier to find out if they cover telehealth services.
18. Is it appropriate to see a client privately if they were a previous online client?
19. I received a deposition notice from a previous client and my former school system. Does the school have to give me access to my electronic records stored on their record-keeping systems?
The school’s attorney should be willing to work with you to access the records to allow your review prior to your deposition.
20. What do you do if you work for an organization and have very limited control over maintaining many standards discussed? An example would be not being able to control who has access to information within the agency.
If there are policies or standards in the agency that you believe are compromising either your ethics or license, you should discuss the concerns with the management of the agency. If not, you need to find a new agency.
21. What were the names of the Acts (laws)?
- Health Insurance Portability and Accountability Act of 1996 (P.L. 104-19)
- Protection of Alcohol and Drug Abuse Patient Records (42 CFR Part 2)
- Family Educational Rights and Privacy Act of 1974 (P.L. 93-380, S513)
- Section 215 of the USA Patriot Act of 2001 (P.L. 107-156)
22. Does NASW offer cyber liability insurance?
Yes, we offer six of the best and most affordable plans in the industry for individual practitioners.
23. I password protect my phone, is that enough separation of personal and professional?
The best separation would be separate phones.
24. A college mental health counselor's professional e-mail is a Gmail account. This therapist has other personal Gmail accounts. On her cell phone the Gmail icon can be clicked and there is access to all of her Gmail accounts without the need to first put in a password. Should this therapist put her e-mail on "vacation/away" mode at the end of each work day and also include a message that states that work e-mail is Gmail and there are risks with e-mailing?
First, clicking one icon to get to all e-mail accounts without a password is very risky. Anyone who picks up the phone could get to confidential e-mails. That is a higher concern. An out of office message at the end of the day is not necessary.
25. Can a therapist e-mail links to helpful resources to clients? Like links to online guided relaxation app. if the client has already said it is okay to communicate about resources and appointments via e-mail?
If a therapist is going to e-mail anything to a client, there should be consent in the file authorizing that type of communication. After that, there is no problem e-mailing links to resources.
26. What advice or comments would you have about the organizations that are out there that do "text" therapy?
Make sure you know who the person is on the other end. If you only communicate by text message, how do you know who you are talking to?
27. To clarify: if a personal cellphone is used with a line dedicated for patients' ability to text provider, it is ok to use and only should be used for appointments questions?
28. What happens when you send info about a breach to Health & Human Services?
The breach is investigated by HHS. We don’t know the specifics of their investigation.
29. Where can one learn about how to be sure that one is using technology for client communication through email, text messaging, and appointment setting software that is HIPAA compliant?
Speak to internet providers and software providers. You’ll need to do homework and ask a lot of questions.
30. If an emergency do you need releases of information?
It is better to have them in advance, but in a matter of life and death, you can move without one. If you have a good faith reason for your actions, you should be okay.
31. Is there a specific video technology platform that you would recommend to utilize for telehealth services?
The wireless connection is more important than the platform. Both should be secure, but the connection being secure is more important.
32. Since you can't send emails without encryption, is direct phone contact the only HIPAA compliant way to communicate with clients? How does one begin to encrypt emails?
The only sure HIPAA compliant way to communicate with clients is by face to face communication. You need to have encryption software. Check with your e-mail provider.
33. If you have a specific landline number for your private practice that doesn't allow texts, how do you forward that number to a private personal cell that allows texts?
Check with your phone provider.
34. Can you have phone sessions on a regular office line?
If it is a secure line, yes.
35. If client is a child and parents are in middle of custody dispute (unhealthy dynamics with father are ever present and child does not want father to have her records), can the father have copies of records?
State laws vary. You should check with an attorney in your state.
36. Are all insurance panels accepting sessions billed via technology? Does that need to be documented other than on billing?
It is individual to each insurance panel. Check with the panel to be sure.
37. When is it appropriate to use texts with clients?
Never, unless you have an encrypted texting service.
39. Are phone sessions considered confidential?
Only if the phone line is confidential.
40. How do you secure a folder on your computer with client information?
Check with an IT expert on that.
41. What's your sense of how health insurance is covering teletherapy? With BCBSIL is seems that they will now only cover treatment provided by MDLive providers.
Each provider is different. You need to check with the provider to be sure what they will or will not cover.
42. When doing a video conference meeting with someone who may not be local and is homebound; how do we do informed consent?
You could send the form by mail and have it returned prior to your meeting.
43. What if the agreed upon phone session begins and the provider realizes the client is driving?
Set expectations prior to the session – that the client is not driving and is in a safe location. Try to re-schedule if you realize the client is driving.
44. Are there simplified versions of complicated documents, like HIPAA or informed consent forms? It should be possible to give clients documents they actually understand, especially if they have cognitive challenges or developmental disabilities.
Consent forms and all initial documentation should be at around a 5th-grade reading level, in the language the client can understand. You can re-write the forms to make sure they are understandable.
45. How do we deal with liability & damage control, when the web host fails to protect the client's confidentiality?
Do your homework in advance. Before you sign up with a web hosting service, find out what to do if there is a confidentiality breach. If a breach occurs, follow your process by disclosing to the client(s) affected and report the breach through the HHS website.
46. If the wrong person accesses the client's email, they can follow instructions to open the encrypted message. Are we liable, if the client gives their secret password to someone else?