Ethics Codes and Professional Associations on
Security and Privacy of Electronic-Digital Clinical Records
Table Of Contents
- American Association of Marriage and Family Therapy
- American Counselors Association
- American Mental Health Counselors Association (AMHCA) Code of Ethics 2020
- American Psychological Association
- California Association of Marriage and Family Therapists
- National Association of Social Workers
- National Board of Certified Counselors
American Association of Marriage and Family Therapy
Prior to commencing therapy services through electronic means (including but not limited to phone and Internet), marriage and family therapists ensure that they are compliant with all relevant laws for the delivery of such services. Additionally, marriage and family therapists must: (a) determine that electronic therapy is appropriate for clients, taking into account the clients’ intellectual, emotional, and physical needs; (b) inform clients of the potential risks and benefits associated with electronic therapy; (c) ensure the security of their communication medium; and (d) only commence electronic therapy after appropriate education, training, or supervised experience using the relevant technology.
AAMFT Code of Ethics, 2012, 1.14
American Counselors Association
Counselors take precautions to ensure the confidentiality of information transmitted through the use of computers, electronic mail, facsimile machines, telephones, voicemail, answering machines, and other electronic or computer technology.
ACA Code of Ethics, 2005, B.3.e
American Mental Health Counselors Association (AMHCA) Code of Ethics 2020
E. Record-Keeping, Fee Arrangements, and Bartering
CMHCs create and maintain accurate and adequate clinical and financial records.
- a. CMHCs create, maintain, store, transfer, and dispose of client records in ways that protect confidentiality and are in accordance with applicable regulations or laws.
- b. CMHCs establish a plan for the transfer, storage, and disposal of client records in the event of withdrawal from practice or death of the counselor in a manner that maintains confidentiality and protects the welfare of the client.
- c. When CMHCs choose to exceed state minimum requirements for maintaining records, they must notify clients in their informed consent.
- d. All communication regarding mental health treatment, including emails and texts, should be kept.
A. Counselor-Client Relationship
CMHCs have an obligation to safeguard information about individuals obtained in the course of practice, teaching, and research. Personal information is communicated to others only with the client’s consent, preferably written, or in circumstances dictated by state and federal laws. Disclosure of counseling information is restricted to what is necessary and relevant.
- i. Counseling reports and records are maintained under conditions of security, and provisions are made for their destruction as specified by state regulations. CMHCs ensure that all persons in their employ, as well as volunteers, supervisees and interns, maintain the confidentiality of client information.
- j. Sessions with clients may be taped or otherwise recorded only with written permission of the client or guardian. Even with a guardian’s written consent, CMHCs should not record a session against the expressed wishes of a client. Such tapes should be destroyed after the timeframe specified by state regulations.
- m. When using a computer to store confidential information, CMHCs control access to such information. As specified by state regulations, the information may be deleted from the system.
- n. CMHCs take necessary precautions to ensure client confidentiality of information transmitted electronically through the use of a computer, e-mail, fax, telephone, voice mail, answering machines, or any other electronic means as described in the Telehealth section of this document.
B. Counseling Process
6. The Use of Technology Supported Counseling and Communications (TSCC)
CMHCs recognize that technology has become culturally normative worldwide and may employ modern technology communications judiciously, attentive to both the benefits and risks to clients and to the therapeutic process of using technologies to arrange, deliver, or support counseling.
- a. CMHCs understand that the uses of TSCC in counseling may be considered to fall under the following categories:
- iii. The use of online “cloud-based” services for the storage of counseling records
- g. In states where there is a legal requirement that CMHCs must include in the client record client communications through TSCC, CMHCs inform the client of that fact.
D. Assessment and Diagnosis
2. Interpretation and Reporting
- g. CMHCs are responsible for ensuring the confidentiality and security of assessment reports, test data, and test materials regardless of how the material is maintained or transmitted.
American Psychological Association
Psychologists who provide telepsychology services take reasonable steps to ensure that security measures are in place to protect data and information related to their clients/patients from unintended access or disclosure.
APA 2013 Guidelines for the Practice of Telepsychology
California Association of Marriage and Family Therapists
Marriage and family therapists are aware of the possible adverse effects of technological changes with respect to the dissemination of client/patient information, and take care when disclosing such information. Marriage and family therapists are also aware of the limitations regarding confidential transmission by Internet or electronic media and take care when transmitting or receiving such information via these mediums.
CAMFT Code of Ethics for Marriage and Family Therapists Part I, 2019, 6.4
Marriage and family therapists store, transfer, transmit, and/or dispose of client/patient records in ways that protect confidentiality.
CAMFT Code of Ethics, 2019, Part I, 2.3
National Association of Social Workers
Social workers should adhere to the privacy and security standards of applicable laws such as the Health Insurance Portability and Accountability Act (HIPAA) and other jurisdictional laws when performing services electronically. These laws address electronic transactions, patient rights, and allowable disclosure and include requirements regarding data protection, firewalls, password protection, and audit trails.
NASW and ASWB Standards for Technology and Social Work Practice, 2005, Standard 7 Interpretation
National Board of Certified Counselors
NCCs shall use encryption security for all digital technology communications of a therapeutic type. Information regarding security should be communicated to individuals who receive distance services.
NBCC Policy Regarding The Provision of Distance Professional Services, 2012, Standard 5
Additional information: Professional Association Codes of Ethics and Guidelines On TeleHealth or E-Therapy