Online Therapist Avoids Censure Over Breach of Client Confidentiality
Original article removed 28 July 2006: At the request of the British Association for Counselling and Psychotherapy (BACP), the article originally appearing at this URL has been removed. The BACP request allows that the article may be republished at a later time provided that identifying features of people and professional bodies involved in the matter being reported have been removed. The URL for the appropriately edited article is available below.
As indicated, the original version of this article has been removed at the request of the BACP.
Thank you for your understanding.
Update 19 October 2006: The relevant ruling has now been made public by the BACP, and you can read the decision and commentary (“BACP Asks That Names Be Removed from Published Account of Confidentiality Violation by Online Therapists”) on this site. The suitably edited original article (“When Online Therapists Violate Client Confidentiality”) is now also available.
Rate this post?
(1 votes, average: 1 out of 5)
Loading ...Related Posts
- Suggested Principles for the Reform of ISMHO: Ethical and Competent Management
- Online Mental Health Group Expels Whistleblower
- When Mental Health Professionals Cover for Each Other
- Practitioner Tools: Encryption Software in Mental Health Practice
- The Ethics of Boosting Brainpower
Other articles by Dr Greg Mulhauser, Managing Editor
This article was last reviewed by on Thursday, 17th November 2005. You can leave a response below.
The URL of this page is:
http://counsellingresource.com/features/2005/11/17/ismho-ethics/
19th November 2005
Regards the article “Online Therapist Avoids APA Censure Over Breach of Client Confidentiality”
It was extremely well written and seemed well researched. I, tragically, am a HIPAA junkie, which I assume you are aware of as the US law that is decimating patient privacy. But I noticed in your discussion of the controversy you didn’t use the words “personally identifiable” patient information. To violate the ethic of confidentiality you need two things: who it is, and what it is (e.g.sxs). I could not tell from your paper if there was any “who it is” part identifying the client in the material posted on Yahoo. So, I could tell you that I’m seeing an engineer with erectile dysfunction in Los Angeles and I’ve told you basically nothing but sxs and no i.d.
Additionally, on another topic, as one who values and teaches privacy in psychotherapy I would much rather see your admirable energy and eloquence directed toward the Grand Canyon of privacy leaks; the Medical Information Bureau, or http://www.mib.com . I’m sure there’s a British version of this giant privately run U.S. database where medical and psychotherapy claims ultimately reside and that fewer than 2% of psychotherapists even know exists.
Hope to hear from you, and again, great paper.
Michael Freeny
20th November 2005
I am an inactive member of ISMHO and the online case study group, who has never participated in the online case study group. I am very interested in this discussion, although I have been out of contact with the group for months, having recently moved and started a new position.
I do believe, along with the comment posted that unless there has been a disclosure of identity, there has been no breach of confidentiality — however, I don’t know if that is actually true, despite what I believe, and would appreciate guidance from someone more knowledgable than I.
Due to my own concerns about confidentiality, I provide email counseling only in an encrypted environment, an option which I believe has been mentioned. Such services are available for group discussions also, for a minimal fee.
We can’t be too careful about the privacy of our clients communications to us. If a breach did occur that involved material that could lead to the identity of the client, that is most unfortunate. I believe the therapeutically appropriate, however difficult, thing to do would be to disclose the fact of the breach, the extent of the material that may have been viewed by others, and the corrective actions taken, to any clients possibly affected. ANY material disclosed should rightfully be backed up by a release from the client, whether or not any identifying information was included, so presumably this would not be too difficult for the therapists involved.
If in my ignorance, I have made errors in this comment, please forgive me. I’m ready to develop my online counseling business more fully now, and want to be sure I proceed in the correct manner. I have valued the discussions in IMHSO that I have read, and look forward to this matter being resolved.
Thank you,
Melissa Miller
melissa@mc-miller.com
20th November 2005
Many thanks to you both for your comments.
Taking Michael’s first, there are two things to mention about personally identifiable information. One is that yes, evidence suggested that some information was personally identifiable — this appeared to be a simple mistake, much like the security lapse itself, rather than a deliberate act. The other is that with regard to the actual ethics of the situation (which may differ from the letter of HIPPAA law), I believe the more salient question is whether clients gave informed consent to have particular information disclosed. The APA Ethics Code even makes specific reference to whether clients can identify their own information and whether harm could be caused were that to happen. So the question there is whether a client would identify themselves being discussed, rather than whether a third party could figure out their name.
With regard to the MIB, in addition to the privacy risks you highlight, I also wonder about the actual database integrity: computer scientists can tell you all about the near-impossibility of maintaining ‘clean data’ across a large database. And that means the possiblity of mistakes.
And Melissa, on the point about disclosing identity, I hope my comment to Michael has clarified this a little. It sounds like you personally avoid the risk of inappropriate disclosures specifically by making sure you’re always using encryption. At least that way, if emails were to go astray, they would be extremely well protected.
I think you’ve hit the nail right on the head about simply being honest with affected clients about any real or suspected breaches of their confidentiality. (And that, of course, was all I was ever after in my contact with the ISMHO clinical case study group, apart from closing that gaping security hole in the first place.)
All the best,
Greg
2nd November 2007
Hi,
I’m trying to find the original article involving DeeAnna. Is it possible to have it e-mailed to me?
Thanks,
Suzanne Parrish