Initial Client Contact by Email: The 2014 ACA Code of Ethics vs. HIPAA (1st in a series)

by | Apr 2, 2014 | Clinician Resources, Communication Tech for Clinicians (Email, Texting, etc.), Ethics in Tech, HIPAA and Security for Clinicians | 9 comments

The American Counseling Association approved its 2014 Code of Ethics at the ACA Annual Conference and Expo on Tuesday, March 25th, 2014. The ACA has historically been a trendsetter on inclusion of technology-related items in its Code. This article is the first in a series on the impact of the 2014 Code on the use of technology in counseling – and potentially other psychotherapeutic – practice.

Envelope with ACA 2014 Written Over It

Have you ever had a prospective client contact you by email asking for consultation or an appointment, leaving no phone number or other methods of contacting them besides simply replying to their email? Of course you have. We all know that email is not a secure means of communication, and many of us worry about emailing prospective clients with no previous opportunity to discuss risks of email with them or to obtain written consent to send them emails. I call this “The Initial Contact Problem.” The 2014 ACA ethics code has added a new wrinkle to this sometimes gnarly issue: a requirement for the “respect for privacy” and “respect for confidentiality” with both current and prospective clients.

To wit, from the shiny new 2014 ACA Code of Ethics:

B.1.b. Respect for Privacy
Counselors respect the privacy of prospective and current clients. Counselors request private information from clients only when it is beneficial to the counseling process.

B.1.c. Respect for Confidentiality
Counselors protect the confidential information of prospective and current clients. Counselors disclose information only with appropriate consent or with sound legal or ethical justification.

(American Counseling Association, 2014) emphasis mine

As of the 2014 Code’s approval, counselors now have a mandate to extend the principals of protecting confidentiality to prospective clients in the same manner as we would with current clients. The Code is also clear that the principles described in it apply to all mediums, including electronic communications such as email. It is safe to say that counselors now have an ethical responsibility to apply security principles to initial contact with prospective clients.

Doesn’t HIPAA Require This Already Anyways?

Not necessarily. The health information of a prospective client with whom you do not yet possess a clinician-client relationship is not, technically speaking, your “protected health information,” or “PHI.” This is a rather loophole-ish way of looking at the issue, and loopholes don’t always work out in professional ethics and law, but it’s important to remember these things:

  1. When a prospective client emails you out of the blue, they a) want you to respond and b) have given you no opportunity to discuss the risks of email with them before responding.
  2. HIPAA has a relatively low threshold for informing clients of confidentiality risks and determining if a client wants you to send them sensitive information by email. The ACA 2014 Ethics Code task force made it clear that they intended for the new code to set a much higher bar for counselors to make sure clients fully understand the ramifications of decisions they make about confidentiality risks.

How Do I Respond to Clients Who Email Me, Then?

There are two parts to dealing with the Initial Contact problem:

  1. Set up your initial contact system to avoid the problem
  2. If that fails, try to funnel prospective clients into more acceptable methods of communication

On my practice website, I make visitors have to click through a couple of different pages to find my email address. However, they can get to my secure contact form in one click. The secure contact form is a simple page on my website that requires clients to enter a name and phone number and then write a message to me. What’s more, the message is sent directly to my Hushmail encrypted email account via a secure connection. The message is secured and I can reply by phone.

That doesn’t always work, however. Maybe someone gets my email address from elsewhere or enters a false phone number but supplies me with a genuine email address (this does happen.) What’s more, some therapists choose not to use this scheme for fear that they may lose prospective clients who are looking for an ordinary email address.

If a prospective client sends an email, it is neither sensible nor (in my opinion) ethical to ignore the message simply because there is no secure way to respond. I believe this is in the spirit of the ACA 2014 Code, even though it is not the wording of the code (more on that in a later article.) I suggest the following steps when you find yourself in this situation. Other workable methods may exist, but this is what I know to do:

  1. Reply to the email.
  2. Delete the prospective client’s original message from your reply. This way you’re minimizing the amount of sensitive information being exposed through a second email transmission.
  3. Apply the “minimum necessary” rule to your message while welcoming the prospective client and guiding them towards a phone conversation (or other more “acceptable” means of communication than email.) Where possible, I would avoid explicit mention of anything else from their original email.
  4. If the client refuses or avoids moving to other communication methods, keep applying the “minimum necessary” rule to your conversation and keep deleting their messages from your replies. Work to get them in your office, on the phone, or on your secure distance therapy system with a minimum of sensitive information getting out. This step of the process has highly varying success rates, but do your best. I would be careful of invalidating the potential client through excessive attention to security concerns, however. If you feel it’s clinically relevant to document your efforts, do so.

What Is The Purpose of the New Rule in the ACA Code?

The ethics code task force explained that this rule is part of an overall spirit of the code wherein counselors take on an affirmative responsibility for the confidentiality and privacy of the people with whom we come in professional contact. This concept of affirmative responsibility for safeguarding client welfare will come up again and again as we examine the code further.

The task force’s non-technical example of this rule in action was to state that when a prospective client makes an appointment with us, we cannot confirm or refute that an appointment was made when asked about it by third parties, even if that third party is an authority such as a school principal.

We will continue our analysis of the new code and keep our readers updated. We also post many updates to our newsletter, and place small-yet-important updates in our LinkedIn group and on our Facebook page.

In the coming weeks, we will also update the clinical and HIPAA compliance forms that we make available for free to our newsletter subscribers so that they better match the new ACA Code of Ethics.

References

  • American Counseling Association. (2014). ACA Code of Ethics. Alexandria, VA: Author.


9 Comments

  1. John Burik
    John Burik on April 3, 2014 at 7:42 AM

    Thanks, Roy, hadn’t seen that. Still wrangling with their new Glossary entry for unacceptable business practices. Let me back up. “A.10.b. Unacceptable Business Practices

    Counselors do not participate in fee splitting, nor do they give or receive commissions, rebates, or any other form of remuneration when referring clients for professional services. (Code of Ethics, 2014, p. 6)”

    OK, no problem. But the new Glossary entry adds even a “percentage of fee paid for rent” (p. 20). So are we to assume to any arrangement that includes a percentage of fees is inappropriate. Can’t help but think of the standard practice of billing services, collection agencies and attorneys we might no longer be able to work with.

    Now directly on topic, thanks for the article. I’ve routinely for many months deleted the client’s info from my response. Of course I can’t delete their name and email address if I’m to send it. I’ve also removed my email address from public listings (e.g. Psych Today directory). I know it’s decreased my contacts but keeps me more HIPAA happy.

  2. Carol Walnum
    Carol Walnum on April 3, 2014 at 8:24 AM

    Dear Roy and Team,

    Thank you for this article on changing ACA code and its meaning for email contact by potential clients. I have shared it with a listserv and they find it helpful too. In this age, it is hard to keep up with all of the changes coming at us. Your newsletter helps!

    Carol

  3. Tracy Deagan
    Tracy Deagan on April 7, 2014 at 8:23 AM

    My practice works with folks that are considering a transgender change or have social anxiety or some other area, kink lifestyle, DID, OCD etc, that has gotten them hurt before to reveal. Even to other therapists! Often they need to work through email because it is the only way to feel “safer.”
    We inform clients on our website that email is not secure and that if they then go ahead and email they are accepting that risk. We then, of course, inform them further of the risks once we make contact.
    I am very concerned with ethical care of clients but I do want to speak for the folks that – often literally – cant speak for themselves on this issue.

  6. Linda Lochridge Hoenigsberg
    Linda Lochridge Hoenigsberg on June 24, 2014 at 5:51 AM

    Roy…I had not thought of linking a form on my practice site to my encrypted email account. My referrals usually come through Psychology Today’s website, but they will usually have the clients personal email address attached and with no phone number i have had to respond and ask them to call me. Would you recommend alerting the prospective client in this first email about HIPAA compliance and technology?

  7. Roy Huggins, LPC NCC
    Roy Huggins, LPC NCC on June 24, 2014 at 8:54 AM

    You could do that. It may or may not be helpful to do so, however. Initially, I would simply invite them to call you at your phone number.

  8. Mae
    Mae on January 17, 2016 at 7:36 AM

    I teach at a university full time and I get unsolicited emails from former students all the time about their mental health needs. The fact is, this generation of young adults was raised with indirect, technology-mediated communication. This is how they make initial contacts and establish connections with people. I have no control what-so-ever over who emails me and about what. I can only warn them of the lack of privacy via email and encourage them to contact me via phone. Any thoughts on how ACA or HIPAA regs would apply here?

  9. Roy Huggins, LPC NCC
    Roy Huggins, LPC NCC on January 17, 2016 at 9:15 AM

    Well, it depends on a lot of factors. If these students are just asking for advice from a prof and are not seeking your therapy services, there is probably no clinician-client relationship. The issue covered by this article is mostly about when people contact counselors about becoming the counselor’s client.

    This is also a fantastic question for our Office Hours service, btw! https://dev-personcenteredtech.com/person-centered-tech-support/

Trackbacks/Pingbacks

  1. Privacy Policy :: Gold in them Hills - […] communication is getting more attention and more rules (section H) than ever before. The profession has spoken, and it said anything […]
v2.1.09-beta

Continuing Education National Approvals

Person Centered Tech Incorporated has been approved by NBCC as an Approved Continuing Education Provider, ACEP No. 6582. Programs that do not qualify for NBCC credit are clearly identified. Person Centered Tech Incorporated is solely responsible for all aspects of the programs.

Person Centered Tech Incorporated is approved by the American Psychological Association to sponsor continuing education for psychologists. Person Centered Tech Incorporated maintains responsibility for this program and its content.

Continuing Education State Approvals

  • Person Centered Tech is an approved provider continuing education provider with the Florida Board of Clinical Social Work, Marriage and Family Therapy and Mental Health Counseling. CE Broker Provider #50-23706.
  • Ohio Counselor, Social Worker, and Marriage and Family Therapist Board accepts continuing education credits from providers approved by the Florida Board of Clinical Social Work, Marriage and Family Therapy and Mental Health.
  • Person-Centered Tech Incorporated is recognized by the New York State Education Department's State Board for Social Work as an approved provider of continuing education for licensed social workers #SW-0540 and the State Board for Mental Health Practitioners as an approved provider of continuing education for licensed marriage and family therapists #MFT-0092, licensed mental health counselors #MHC-0210 and licensed psychoanalysts #P-0050 and the State Board for Psychology as an approved provider of continuing education for licensed psychologists #PSY-0068.

Policies and Terms

Training Resources

About Us

Email: [email protected]

Customer Service Hours: M-F 9AM-3PM PST

Address:
Person Centered Tech Incorporated
PO Box 42494
Portland, OR 97242

Where's our phone number?

Scheduled Maintenance

We will be temporarily taking the website offline at 10:00 PM Pacific (1:00 AM Eastern) tonight, July 6, in order to make some improvements. We plan to be back online by midnight Pacific (3:00 AM Eastern). We apologize for any inconvenience this may cause. Dismiss