Features

Home/Features

What Every Therapist Should Know about Email and Texting

Behavioral health therapists have both legal and ethical guidelines pertaining to email. Some programs do an adequate job of one, but not the other. Even worse, some do neither and yet still claim to be HIPAA compliant. While that's probably a truthful statement, the part they're not telling you is that their programs aren't 100% end-to-end encrypted. In other words, they're not safe ALL the time. If you use those programs, your email and texts can be hacked.

The Convoluted Maze of HIPAA-Compliant Email and How to Navigate It

Email could arguably be one of THE most misunderstood aspects of HIPAA. Part of the confusion stems from the fact that there is no ONE place in HIPAA that says "Do email like this." However, email is referenced - directly or indirectly - in a variety of places throughout the vast HIPAA documentation. What causes some of the misunderstanding is that people will find a guideline that pertains to email from ONE place in HIPAA and assume if they do that one thing, they're good. Unfortunately, that conclusion is not unlike what you get when several people with visual impairments are put in front of an elephant and asked to describe it. We may get a beautiful description of an elephant's trunk but to assume that's ALL an elephant is would be incorrect.

Good Faith Estimates and the “No Surprises Act”

Were you surprised when you first heard about the "No Surprises Act"? We were. I'd like to be able to tell you that we had been actively tracking and planning for this legislation since it was first issued on October 7, 2021. Unfortunately, that's not the case. However, we got lucky because we were already working on a new tool called Custom Forms which, when it launches (est. Feb 2022), will work beautifully in helping you comply with this bill in ways that are easy, HIPAA compliant, and give you a significant amount of automatic documentation and tracking.

Why Get an Integrated Product?

As a therapist, you can amass your digital tools one at a time or you can invest in a well-integrated bundled product. For example, let's say right now you're mostly looking for a video platform so you can do telehealth. There are companies that ONLY offer subscriptions to video platforms. But is that the best choice?

Depends.

For example, what happens if, after you sign up for your standalone video product, you realize that you also need a way to collect your fees from your telehealth clients. And maybe you need encrypted email so you can contact people in a way that's secure. Or maybe now you need HIPAA-compliant file storage, as your clients begin to send you documents via their new encrypted email. Or perhaps a way to schedule clients online. Or maybe a way to efile and also to send statements and receipts digitally. That's a LOT of tools and we're just getting started!

What Will Happen to Your Clients?

Most of us have documents like a will, power of attorney and other estate planning instruments either already in place or at least on our “I’ll get to that eventually” list. Far fewer have given much thought to how we would want our clients to be taken care of in the case of our demise or anything else that would cause a sudden interruption in our ability to provide services.

Encrypted Email:
Your Role in Keeping it Safe

Some people like to point out that encrypted email isn’t all it’s cracked up to be. “After all,” they warn, “as soon as someone has access to your username and password, it no longer matters whether your email is encrypted or not.” Well . . . yes. That’s an accurate statement. However, to use that line of reasoning would be like telling us not to bother locking our homes or cars. After all, as soon as someone gets access to your keys, those locks become useless.

Encrypted Email – Just How Safe Is It?

PSYBooks’ email not only meets but actually surpasses the HIPAA specifications for encrypted email. HIPAA’s rules for email encryption are broad, giving developers the maximum amount of freedom. This is as it should be. Those who are responsible for writing and maintaining HIPAA/HITECH laws cannot also be expected to keep up with rapid changes in the world of technology the way developers do. Therefore, although HIPAA wisely states that email containing client PHI (Protected Health Information) should be encrypted, it doesn’t specify exactly how that should be done.

Are Digital Records Better Than Paper?

At it’s simplest, digital record-keeping could simply mean a Word doc, Excel sheet or PDF that you’ve saved on your computer, tablet, phone, thumb drive or other type of digital storage device. There are advantages to digital record-keeping even at this elementary level. For example, with digital records, you no longer have to contend with bulging filing cabinets, finding adequate long-term storage, or shredding – all of which are factors with paper health records. Additionally, it’s relatively easy to make backup copies of digital files to guard against some type of disaster, whereas making copies of paper records is costly, both in terms of time and money and also, effectively doubles the number of filing cabinets or other physical storage space you need.

Types of EHRs: The Shared Chart Model

At it’s simplest, digital record-keeping could simply mean a Word doc, Excel sheet or PDF that you’ve saved on your computer, tablet, phone, thumb drive or other type of digital storage device. There are advantages to digital record-keeping even at this elementary level. For example, with digital records, you no longer have to contend with bulging filing cabinets, finding adequate long-term storage, or shredding – all of which are factors with paper health records. Additionally, it’s relatively easy to make backup copies of digital files to guard against some type of disaster, whereas making copies of paper records is costly, both in terms of time and money and also, effectively doubles the number of filing cabinets or other physical storage space you need.

Are Web-Based EHRs Safe?

The most common reason people give for being reluctant to switch to a web-based EHR is safety. When we’re charged with protecting something – in this case, our clients’ records – most of us intuitively feel safer with something we can see and touch; something physical within our own office where we can maintain control of security ourselves. However, despite this subjective sense of safety, Hurricane Katrina taught us all a valuable lesson about the danger of keeping client records on paper. Floods, tornadoes, fires and other types of disasters can destroy paper records in a heartbeat. If you do maintain paper records, at the very least, you should have backup copies of everything – and those copies should be stored at a completely different location – preferably far away from where your paper records are stored.