Telehealth for the Mental Health Professions
Telehealth: Much More Than Video
A New “How To” Book With CEUs
When the COVID pandemic hit, many of us switched to video sessions – often very quickly. For some of us, this change was almost overnight.
In my own practice, one week we were discussing what we were hearing about the Coronavirus and I was doing my standard, “I’ll see you next week” as each client left my office. By Sunday night, after listening to news reports that were increasingly sobering, I was emailing each of my patients, telling them I would only be doing video sessions for the near future.
Except from Telehealth for the Mental Health Professions
As a whole, mental health therapists have proven to be extremely creative and resilient in finding ways to continue to serve their patients. However, given that many of them were using few if any digital methodologies in their practices before COVID, it was not uncommon for things to be put together in a somewhat hurried and piecemeal fashion.
This book was written for those therapists – as well as all other therapists who want to make sure they’re doing things “right.” A glance at the Table of Contents below will give you an idea of the breadth of topics discussed as well as excerpts from the book itself. Telehealth for the Mental Health Professions is packed with concrete “how to” examples. This isn’t a “scare you to death and overwhelm you” kind of book that tells you what you need to do but not how to do it. Written in a conversational style, the goal of the book is to help you practice safely, legally and ethically, whether you’re going all-out digital or just using a few tools here or there.
Reviews
Stop worrying! Susan has done your homework for you! If you feel overwhelmed by HIPAA and rules and regulations and software and hardware – relax. Help is here. Susan has figured these things out for you. Don’t worry. Be happy. Keep it simple. Just do what Susan recommends.
I use PSYBooks, SecureVideo, [the] email portal, and online credit card processing. And I don’t worry about these things because of Susan. What a relief!
— David Woodsfellow, PhD
The Woodsfellow Institute for Couples Therapy, Atlanta, GA
With a foundation of training and experience in clinical psychology and information technology, Dr. Litton provides a concise and comprehensible guide to the complex technical and regulatory requirements related to telehealth. Written in a refreshingly readable style, this innovative resource is a telehealth instructional manual that is densely packed with practical solutions.
— William F. Doverspike, PhD, ABPP,
Adjunct Professor, Clinical Psychology Doctoral Training Program,
Emory University
While you can learn the basics of using telehealth . . . there is also a well-recognized way to expertise. What are often called ‘tips’ are expertise in tiny bundles. Susan Litton’s new book is just such a collection . . . [Her] book is a solid introduction to telehealth and reading it will reduce any anxiety and guide any clinician to enter and explore using telehealth in their practice.
— Edward L. Zuckerman, PhD
co-author of The Paper Office for the Digital Age: Forms, Guidelines, and Resources to Make Your Practice Work Ethically, Legally, and Profitably (5th ed.)
Table of Contents
Some topics in the Table of Contents have “Read” links beside them. Clicking those links allows you to read snippets from the book. However, the real meat is in the book itself. For example, the excerpts for both “The HIPAA Privacy Rule” and “The HIPAA Security Rule” show you to-do lists. Although the lists themselves may be helpful, the book goes through each item on each of the lists, giving you concrete suggestions for how to implement them.
Telehealth for the Mental Health Professions
-
I consider myself a bit of an odd duck. I’ve been a practicing clinical psychologist since 1985 and still love and am humbled by being allowed to witness and participate in the healing process of another human being. I also like technology. A lot. Enough that I went back to school several years ago and got a degree in it. Enough that I run a healthcare software company in addition to continuing to see patients. Being a therapist feeds my soul. Playing around with technology is fun for my inner child.I find that many therapists are, at best, lukewarm about technology. Some are almost phobic about it, especially when it comes to thinking about using it with their patients. Technology is often viewed as unsafe, impersonal, and/or a pain to use. Not so long ago, that was fine. Mental health practitioners could continue using the paper/pencil methods they were taught in graduate school and had little incentive to change. COVID-19 changed all of that. If we wanted to maintain our practices, we were thrown into technology headlong, whether we liked it or not.The goal of this book is to help teach you some of what I know about using technology in mental health. Hopefully, I’ll be able to convince you that it’s not quite as difficult or unsafe as you might have thought. On the other hand, I’ll show you those things that can truly be problematic and teach you how to avoid them. When you finish this book, you should be able to display competence in the standards and care of telehealth as it applies to your profession, including, but not limited to, topics such as:
- Security and transmission of digital data and information
- Telehealth standards of care
- Informed consent requirements for telehealth
- Interjurisdictional practice issues (primarily within the U.S. but touching on issues in other countries)
- Confidentiality as it applies to telehealth
- Issues around disposal of data and information
- Performing assessments with telehealth
- Diversity issues in telehealth
Since technology changes rapidly, chances are that some of what I say in this book may be outdated by the time you read it. However, mostly I’ll be teaching concepts. Once you understand the concepts, you’ll be able to make wise choices for using technology in your practice with whatever new thing comes along. Also, we’ll focus on solutions, not just abstract concepts. I want you to come away with action-oriented plans you can begin to implement right away.
Last but not least, since combining technology and mental health is fun for me, I’ll do what I can to make it fun for you, too. It may not work, but I’ll try. Ready? Let’s go!
-
Pre-COVID, we tended to define telehealth quite broadly—saying that it included any kind of technology or digital method that allowed us to provide behavioral health services at a distance. Technically, “distance” could be you and your patient sitting across from each other in your office using your phones or tablets to share documents. The key component was the fact that digital methods were being used either directly with or in communication about our patients. However, since COVID, the term telehealth is popularly used to mean conducting sessions (therapy, assessments, consultations, etc.) via video as opposed to in an office setting. Although that’s certainly a big part of what telehealth includes, it’s not all. Given that the laws and ethics that guide our professions apply to all aspects of telehealth as opposed to just video, this book will use the broader definition.
- HIPAA Compliance
- Business Associate Agreements (BAA)
- What is a Business Associate?
- You Might Want to Read Your BAAs
- Telehealth: Video
-
Do I Really Need HIPAA-Compliant Video?
Some healthcare video platforms claim their products fall within HIPAA’s “conduit exception” which applies to entities that transmit Protected Health Information (PHI) but do not have access to these data.
(…)
[However, when] a company has given you a BAA, since they are on the hook if something should fail, they are much more likely to go the extra mile to make sure topnotch, end-to-end encryption in motion is used, as well as encryption at rest when feasible. Without a BAA, the company may not be as conscientious. Inferior encryption in a video platform can mean that unauthorized people may be able to view the video sessions you have with your patients. Using a product that’s not secure is a bit like conducting your session in a restaurant. Maybe no one else will see the two of you together, overhear the conversation and realize it’s a therapy session . . . but what if they do? Is that a risk you’re willing to take?
- Types of Video Software
- WebRTC
- Native Apps
- Best Practices for Achieving Good Quality Video Sessions
- User-Friendly vs. Safe
- Other Considerations When Choosing a Video Product
- Video Software Summary
-
- Your Virtual Presence
- Lighting, Lighting, Lighting!
- Background
- Virtual Backgrounds
- Practice Management Software
- Online vs. Desktop
- What is Cloud/Online Computing?
- Advantages of Online Applications
- Advantages of Desktop Applications
-
[Data] pulled in 2014 from the HHS Breach database indicated that 75% [of the breaches were] caused by either theft or loss. Only 7% listed the cause of the breach as an incident caused by Hacking/IT.
In contrast, data pulled from the same database on Aug 6, 2020, indicated that the Hacking/IT category had risen dramatically to almost 87%. (…) 82% of email breaches were reported by healthcare providers.
- Setting Up a Telehealth Office
- Your Equipment
- Presession Considerations
- How Do You Want Your Patients to Contact You?
- Phones and Telehealth
- Encrypted Email
-
Are We Shooting Ourselves in the Foot by Not Using Portals?
When therapists first began getting portals 5 or 6 years ago, some clients were onboard right away, but others complained—they didn’t want to bother remembering a password and having to log in. Many therapists felt the same way. They preferred to just use regular email. However, since then, almost all physical healthcare professionals are using portals. People are getting used to portal communications as being the way to communicate with their doctors. In fact, a recent study of 433 American adults found that 93% of respondents said they prefer doctors who will respond to email (Wike, 2014). Anecdotally, I’ve known of cases where patients shopping for a therapist have chosen a therapist who has a portal over one who doesn’t—citing the fact that since their medical practitioners all use portals, they felt more comfortable if their mental health practitioners did, also. One client even extrapolated that since therapists not using portals didn’t seem to be keeping up with the latest technology, perhaps they also weren’t up to date in the latest treatment practices. Of course, this line of reasoning is certainly flawed. I personally know a lot of therapists who still prefer paper/pencil methods whom I feel are excellent clinicians. However, it does behoove us to consider the impression we’re making on our patients and prospective new patients and the conclusions they may draw. Personally, I would not feel comfortable if one of my physicians emailed me through regular email. Holding ourselves to a different standard than we hold our physical health colleagues may not be wise. - Online Scheduling/Calendars
- Appointment Reminders
- Your Office Forms
- Presession Crisis Preparation
- The Session
- Postsession Tasks
- Writing Notes
-
Even if you’re strictly a private pay therapist, there may still be times when you want to file out-of-network claims for your clients. Although some insurance companies still allow providers to mail or fax paper claims, doing so means that you must print out your claims. This can be costly, time-consuming, is not environmentally friendly, and, over time, can present storage problems. For these reasons, many therapists have switched to efiling for both in-office and telehealth visits.
- Efiling at the Insurance Company’s Website or Portal
- Efiling at a Clearinghouse
- Efiling with an EHR
-
When considering payment processing, it is important to think about how to best streamline your workflow. For example, some therapists have one app for processing payments, something different to keep track of their clients’ balances, and maybe even a third app to gather the financial information they need at tax time. Although there’s nothing technically wrong with this, it means that you’ll have to enter the same data several times—once in each application or other system you use. This not only costs you in terms of time, but it also makes it more likely that you’ll make errors. Each time you enter the data in another place, whether it’s another software program or something you enter by hand, the probability of errors increases.
- Client Payment Processing
- Insurance Payment Processing
- Taxes and Other Financial Accounting
- Sending Digital Statements and Receipts
-
Online file storage is a great addition to any healthcare practice, whether you are doing in-person appointments or telehealth. In most cases, online file storage can allow you to go completely or almost completely paperless, which means you can ditch your filing cabinets. With telehealth, online file storage becomes almost a must, in that most materials you get from your patients will be digital. It doesn’t make sense to print them to add them to the patient’s paper chart and destroy the digital version. That takes more time and money. It’s much better to have some kind of digital chart or folder for the patient that can hold all of their records in secure, online storage.However, it’s extremely important to get a file storage company that is HIPAA compliant and also that encrypts your files both in transit and at rest. This will make your patient files virtually unhackable and is generally considered to be safer than either paper records or any type of personal storage devices or drives you might use.
- Notes and Dictation
- Efax
- EHRs and Portals
- A Backward Look: Meaningful Use
- ONC Health IT Certified EHRs vs. Non-ONC Certified EHRs
- So . . . What is an EHR Really?
- The ONC’s Cures Act Rule, aka “OpenNotes”
- Some Hopeful New Directions
-
A Deeper Dive into Non-ONC Certified Behavioral Health EHRs
There are tons of advantages to bundling as much of your software as you can in one product, as is possible with EHRs:
- All tools are encrypted and HIPAA compliant, plus you have one BAA for the whole thing.
- There is less data entry because of dropdown interfaces, plus previous entries being “remembered”
for the next time you do the same task. - Tools are synced (i.e., if your patient moves or gets a new phone number, you enter it once and all
tools update). - Getting bundled tools in an EHR is typically less expensive than procuring each tool separately.
- With an EHR, you only have one program to learn.
- There is better risk management since everything’s in one place.
- For similar reasons, writing up your HIPAA Security Policy is easier (we’ll discuss this later in the HIPAA Security Rule section).
- The State HIE Cooperative Agreement Program
- Online vs. Desktop
- Insurance and Billing
- Legal and Ethical Issues
- Risk Management
- Telehealth Informed Consent
- Originating Sites and Interjurisdictional Practice Issues
- Performing Assessments With Telehealth
- Diversity Issues in Telehealth
- General Ethical Issues
- Resolving/Reporting Ethical Violations
- Competence
- Retention of Records
- Recording Video (or Phone) Sessions
- Interruption of Services
- Security and Transmission of Data
- Implementing HIPAA
-
A common misperception is that if your client says they don’t care whether you use HIPAA-compliant video/email/texting/file storage, and so on, then it’s ok not to. This is not true. Only the governing body that made the law in question can suspend it. (…) An analogy would be if you’re driving your car and your passenger says you don’t have to stop for red lights. You would know that’s not true. Following the rules of HIPAA is the same. Your patient might not care, but the federal government does.
(…)
[T]o help you get into compliance, start by developing your story (i.e., if you get audited, what would you say? What’s your story?). If there are holes—places where you are not yet compliant—include that in your story with an explanation (i.e., “I haven’t yet instituted x because of y, but here is my plan for how to do so and I anticipate having it finished by x date”). That story—though admittedly not 100% compliant—is a lot better than things like:
“Oh. I didn’t know I was required to do that.”
or
“I knew I was supposed to do that but I just haven’t.”
Either of the last two answers above will risk getting you fined for noncompliance. It’s important to realize that not knowing HIPAA is not an excuse. Part of what HIPAA requires is for us to know and understand the HIPAA law as it applies to us.
- State and Local Laws
-
The list below will serve as our “Privacy Rule To-Do List.” We will consider each of these separately.
• Create a Compliance Repository
• Implement Privacy Policies and Procedures
• Appoint a Privacy Officer
• Provide a Notice of Privacy Practices
• Train Your Workforce
• Implement a Compliant Process
• Document Compliance Procedures
• Possess and Apply Sanctions -
The purpose of the Security Rule is for us to think through and document exactly how we intend to secure each item of PHI with which we come in contact. Just as we did for the Privacy Rule, we’ll create a “Security Rule To-Do List:”
• Perform a Risk Assessment
• Create a PHI map for your office
• Inventory Your Equipment
• Develop a Plan to Secure Each Piece of Equipment
• Develop a Plan to Secure any Paper Records You May Have
• Implement Your Plans
• Make Sure You Have Backups
• Develop a Contingency Plan for Emergencies
• Create a Security Policy for Your Practice
-
- Risk Management
- Summary
- References