In examining the phenomena of therapists using the Internet to have patient discussions I found myself thinking of the pool/fence analogy. There are many similarities it seems to me. What is the balance between protecting patients and the advantages of utilizing this new medium of communicating?
Now, if the reader infers that I am a worrywart and fearful of risks they might be mistaken. I actually take all kinds of calculated risks that some other people might think foolhardy. For example, that’s yours truly with a full-grown Bengal Tiger in Thailand.
However, I am much more cautious when the risk is to others and I am even more cautious still when the risks involve consumers especially if there are less risky alternatives readily available.
Since our patients or consumers entrust themselves to us and have an expectation being better off or at least not worse off when we treat them, when I read professional codes of ethics it is clear to me that online discussions in open non secured listservs are simply not worth the risks. Is it specifically prohibited like engaging in sexual relations with patients or engaging in fraud or illegal activity? No. But is it worth the risk?
To me it’s foolhardy since it seems clear to me that any benefit that may be obtained can be obtained in ways with far less risk to the patient having their privacy compromised and find themselves or their families unnecessarily embarrassed or have their reputations damaged. I believe if we take steps to reduce such risks to the consumer we also reduce the risk to therapists of malpractice suits or ethics complaints.
However, I must concede that others can read the same ethical codes and come to different conclusions. It doesn’t matter which code of ethics one reads. It could be the NASW Code of Ethics, the APA Code or some other. If one looked hard enough one could find something that would support your point of view in most cases.[1] This is not a criticism of the codes, as they are not intended to be absolute rules but guidelines from which professionals are to deduce the proper course of action or at least the cost of action that will do the least harm.
In struggling with this question I am indebted to many contributors. Most recently I heard from Dr. Stephen Behnke, also a JD, and Director, APA (American Psychological Association) Ethics Office. He was kind enough to take the time to select for me the relevant sections of the APA Code.
When reading the APA Code in particular, what struck me was that it was possible for professionals to come to very different conclusions depending on the interpretation of one word, The word “reasonable” as in reasonable steps to disguise the person. What is reasonable? Whose definition of reasonable do we use?
In summary the APA Code states that confidentially is primary. A psychologist must not disclose in their writings, lectures, or other public media, confidential, personally identifiable information concerning their clients/patients, students, research participants, organizational clients, or other recipients of their services that they obtained during the course of their work, unless (1) they take reasonable steps to disguise the person or organization, (2) the person or organization has consented in writing, or (3) there is legal authorization for doing so.
There is little dispute when the consumer has consented in writing or if there is legal authorization, but the question becomes what is a reasonable definition of informed consent and what are reasonable steps to disguise the person or organization? It’s like the pool/fence question. What’s reasonable? What does it mean to be informed and how disguised is enough of a disguise to be reasonable? "Reasonable" isn't defined! Unfortunately unless professionals can explore what is reasonable and come to some consensual agreement about what’s flexible enough to account for evolving technology we will remain stuck with the unpleasant prospect of waiting for test cases; licensing board rulings decisions etc. where the word "reasonable" will be defined. The problem with that prospect is we need to wait for a consumer to be harmed or believed that they were harmed enough to file a lawsuit, licensing or ethics grievance. That is bad for all of us. As clinicians even if we win we lost time and money. The consumer must be harmed and prove it in order to get satisfaction or damages. Is there a proactive approach that can offer guidance to professionals before it gets litigious?
In order to develop a proactive approach to these complicated issues Psychjourney and Your Advocate Online through their guest contributors are asking the difficult questions that may help define the term “reasonable” in this context. Among these questions are a) questions related to informed consent and b) questions related to reasonably disguise.
Informed consent:
Additionally the concept of reasonable is important in terms of informed consent. What is reasonable informed consent? Or. How much information should a consumer be given about the circumstances of a situation in order that their consent is truly informed? For example, one Yahoo list owner recently argued that they developed a method to address such concerns which involved inserting a paragraph their HIPAA Notice of Privacy Practices that informs clients about their participation in “various sorts” of professional dialogues that employ case material. And they do offer the client the option to refuse. They’re covered or so they announced.
However they do not specify that it may be on open internet groups which might leave the patient/client with the impression that such consultation may be in more traditional person to person protected setting. Is this kind of consent truly informed? Should it have been left up to the consumer to ask more specific questions? Or is this simply a loophole that allows a provider to appear to conform to the letter of the ethical standard but avoid the spirit? Would that fly in a court or ethics board or a courtroom?
Reasonably disguised information:
Ethical codes including APA, NASW apply when engaged in professional activities of any kind, and so would apply when communicating in any medium for professional purposes, whether in writing, in person, on the telephone, or on a listserve, However this raises several questions including:
Are the risks the same in all situations and if not should the precautions vary according to the situation?
Are the risks of a confidentiality breach the same if the professionals were communicating in a small private in person group, large audience, elevator, lunchroom or Internet of hundreds of people? If the risks are not the same in magnitude should the precautions vary to match the risk? Or to go back to the swimming pool/ fence analogy do we need the same size fence for a 12-inch deep kiddy pool as for an Olympic size pool 12 feet deep with a 10-meter diving board?
What would be a reasonable effort to obtain consent from patients for these discussions and what is a reasonable definition of informed?
Would describing a patient in specific detail but omitting the name be sufficient to meet the “reasonable disguise” guideline?
If not, what other pieces of information would need to be disguised to be reasonable on a non-secured Internet forum group?
Lastly, do practitioners have a responsibility to assess the risks to patient/consumers of divulging information and take only such risks that are necessary and exploring with the patient alternatives that are perhaps less risky?
This series will not provide definitive answers for these questions. However through the contributors we hope to provide questions for discussion between professionals among themselves with their professional organizations and educational intuitions and perhaps most importantly between professional and the consumers they serve.
We are indebted to Stephen Behnke, JD, PhD Director, APA Ethics Office for his contribution to this series. His remarks are below:
"As we are all aware, listserves offer a helpful and efficient way to communicate with colleagues. It is therefore natural that psychologists, as well as all mental health professionals, would use the internet for professional purposes. The APA Ethics Code applies to psychologists when they are engaged in professional activities, and so would apply when psychologists are communicating in any medium for professional purposes, whether in writing, in person, on the telephone, or on a listserve. There are several ethical standards from the Ethics Code that are directly relevant to your question. Ethical standard 4.01 characterizes psychologists' obligation to protect confidentiality as "primary":
4.01 Maintaining Confidentiality
Psychologists have a primary obligation and take reasonable precautions to protect confidential information obtained through or stored in any medium, recognizing that the extent and limits of confidentiality may be regulated by law or established by institutional rules or professional or scientific relationship. (See also Standard 2.05, Delegation of Work to Others.)
Note how standard 4.01 states that confidentiality extends to information "in any medium."
Ethical standard 4.07, Use of Confidential Information for Didactic or Other Purposes, states that when disclosing confidential information, psychologists either disguise the information or obtain the client's consent.
4.07 Use of Confidential Information for Didactic or Other Purposes
Psychologists do not disclose in their writings, lectures, or other public media, confidential, personally identifiable information concerning their clients/patients, students, research participants, organizational clients, or other recipients of their services that they obtained during the course of their work, unless (1) they take reasonable steps to disguise the person or organization, (2) the person or organization has consented in writing, or (3) there is legal authorization for doing so.
Thus, according to Ethical Standard 4.07, personally identifiable information must be disguised or the client must have consented to the disclosure.
Ethical standard 4.06, Consultations, states:
4.06 Consultations
When consulting with colleagues, (1) psychologists do not disclose confidential information that reasonably could lead to the identification of a client/patient, research participant, or other person or organization with whom they have a confidential relationship unless they have obtained the prior consent of the person or organization or the disclosure cannot be avoided, and (2) they disclose information only to the extent necessary to achieve the purposes of the consultation. (See also Standard 4.01, Maintaining Confidentiality.)
Ethical standard 4.06 once again emphasizes the centrality of the client's consent.
I believe each of these three standards, with their emphasis upon psychologists' obligation to protect confidentiality, and their admonition to disclose confidential information only under the appropriate conditions and with great thoughtfulness and care, speak to your question.
The APA Ethics Code can be found at www.apa.org/ethics
[1] There are some absolute prohibitions such as not having sexual relations with patients or fraud etc.
Return to Confidentiality Site Map