logo
Telehealth and Confidentiality: Legal and Ethical Considerations for Therapists

Telehealth and Confidentiality: Legal and Ethical Considerations for Therapists

Oct 29·Telehealth

The pervasive and rapid acceptance of telehealth has revolutionized mental health care. Driven by worldwide need and welcomed due to its ease and reach, VBT (video-based therapy) is not only the future but also the present of our profession. Though this transition presents our profession with unparalleled opportunities to connect and serve clients, it also poses significant new threats to one of our most sacred professional duties: preserving the confidentiality of client communications.

It’s more complicated now to guarantee client privacy in a digital world than just making sure the walls of your office are now soundproof. It is necessary to have both technological, legal, and clinical insight.

This blog post will review the salient legal and ethical issues in protecting confidentiality in telehealth, with reference to current research for guidelines on best practice.

The New Dimensions of Confidentiality

The physical space of the office to great extent in traditional, face-to-face therapy defines what is and what is not confidential. In telehealth, this principle is stretched beyond recognition. This is perhaps best captured in the PACJA review which emphasises that two therapeutic rooms, those belonging to both the therapist and the client, must be kept in mind. There is, in fact, a third, invisible ‘room’ – the digital room through which all communication moves. Privacy should be protected in all three of these spaces.

Key Focus Areas for Ethical Telehealth Practice

From the evidence, we can distill four main areas of focus on the challenge to telehealth confidentiality.

Technology and Data Security: The Digital Filing Cabinet

The greatest new threat to confidentiality is the vulnerability of technology. The process of transmitting and storing confidential client information electronically adds a level of exposure not present in the traditional setting.

  • Platform Security: Unencrypted, consumer-focused platforms such as regular video calls used for therapy is a substantial ethical and legal risk. The biggest issue here is unsecure websites or unencrypted communication tools. Therapists are ethically bound to use a service that is HIPAA compliant (or their countries equivalent of privacy for personal health information).
  • Data Storage: The PACJA review highlights ‘safe storage of digitized data’. This includes any and all electronic health records, session notes, or tapes. All data should be kept on password protected and encrypted devices and in the cloud. Therapists need to know if their data is being stored and who has access to it.
  • Network Security: A secure network is fundamental to running a safe service. It is also not safe to conduct sessions using public or open Wi-Fi networks due to the fact that the data stream can be intercepted. Therapists as well as clients should use password-protected networks.

The Therapeutic Environment: The Virtual Room

  • Confidentiality does not only extend toward the data; it also pertains to the physical space in which the session is held. The therapist no longer has access to control over the client’s environment, shifting the privacy responsibility from individual to mutual.
  • The Therapist’s Space: The therapist is 100% responsible to make sure that their own space is private and professional. That might entail sitting in a room with a closed door, wearing headphones so no one can hear the client or making sure content on a screen isn’t visible to family members or colleagues.
  • The Client’s Space: The client needs to be informed of the need to procure a private location in which to complete their sessions. This is an integral part of the informed consent procedure. What if the client is in their car, at a coffee shop, or a room with other people (even though they may not be on camera)? The PACJA review cites the ‘unpredictability of client conditions’ as a complicating factor. Therapists should discuss this, ensure that the client understands what is at stake and record their understanding of the risk to their own privacy by decision on a non-private setting.

Informed Consent: The Foundation of Ethical Practice

Here’s what to know about the informed consent process in telehealth, which should be clearer and more detailed than a face-to-face therapeutic interaction. According to the PACJA review, ‘further consent procedures are called for by the unique nature of VPT’.

An informed consent form for telehealth should specifically include:

  • The technology platform and its mechanisms that will be employed, including security measures.
  • Processes for tech failure, like how to handle if a call crashes.
  • Crisis management (how the therapist will handle a crisis when a client is off-site). This necessitates the physical location of the client for every session.
  • Client environmental expectations for privacy.
  • Recording sessions policies (if any), who has access to recordings and how they are stored, destroyed, etc.

Legal and Jurisdictional Complexities

Telehealth crosses geographical borders, but laws and licensing rules have not kept up. The Frontiers review lists ‘practicing across borders’ and ‘unresolved jurisdiction’ as major legal ethical problems. When a client is in another state, therapists should know the laws around practicing telehealth for both where their licence was issued and where the client resides (or is residing at the time of therapy).

Practicing across state or national boundaries without proper licensure can result in major legal and ethical violations, as well as breaches of confidentiality applicable to that jurisdiction.

A Proactive Stance on Privacy

Ensuring privacy in an age of telehealth is a challenging task, but it can be done. It needs to turn from a passive to an active attitude. We can’t just take for granted being protected by the four walls of our office. On the contrary, we must deliberately construct an environment of security in our choices of technology and how we manage the physical space, communicate with families (informed consent) all while engaging in a constant pursuit to understand law and ethics.

Addressing the latter factors not only manages risk. We demonstrate ethical responsibility by fulfilling our central obligation to safeguard our clients, establish a foundation of trust in their relationship with us and maintain the capacity for telehealth to be utilized as safe, effective, and accessible.


To enhance your skills in this essential area, check out Zur Institute‘s courses on Telehealth.

Related Articles

Providing Effective Clinical Supervision in Telehealth: Best Practices and Strategies
TelehealthProviding Effective Clinical Supervision in Telehealth: Best Practices and Strategies

Telehealth has reshaped how mental health services are delivered—bringing new opportunities and unique challenges, especially in the realm of clinical supervision. This new shift in healthcare services brings both opportunities and unique difficulties that mainly affect clinical supervision practice. The delivery of effective telehealth supervision plays an essential role in maintaining ethical practice standards while […] Read More…

Jul 24