With the increase in the use of technology to provide mental health services, so too have there been increases in the risks that come with providing a virtual care practice. One risk that merits discussion is the use of text-based communications. Depending on your carrier settings and mobile device properties, the text messages stored on and sent from your device may possibly be unencrypted and vulnerable to security threats. Any text-based communications you have with a child or adolescent pose other unique risks in that parents typically have a legal right to view their children’s medical records. Remember that text messages are a literal transcript of communication between you and your clients. When texting is used therapeutically, it is considered protected health information (PHI), and you must take steps to protect it.
I remember when I first started using text messages. At that time, there were no laws, rules, or codes written about the use of texting for clinical purposes. The need to encrypt messages had not been discussed because, as clinicians, we were not using this method to communicate with clients yet. During this time, one of my first clients asked me if she could use texts to schedule an extra appointment, and I agreed that she could. A few weeks later, I received a text from her saying she was feeling emotional and needed a session that day. I was teaching all day, so on my break, I let her know that I did not have an appointment open and that I would see her in two days at her scheduled session.
About an hour later, she sent a text back asking me to cancel her appointment. I knew right away that she was upset because she never canceled appointments. During my next break, I immediately texted her back and said, “As requested, I canceled your appointment. I hope you call and reschedule soon, and I hope you are okay.” She then texted back a paragraph on how she was upset at my “coldness” and how I stopped caring about her. This communication was not cold and uncaring to me, but it was to her, and her experience is what mattered to me. I called her and scheduled a new appointment in two weeks to talk about this.
In this situation, there are several questions to consider:
- Who bears the burden of the harm caused here?
- What issues do you see with using text messaging?
- What could have been done differently?
To answer the first question of who was at fault: It was me. Using text messaging with this client caused harm. Although it was not intentional, it did happen, and I could have avoided it. It is easy for clients to feel misunderstood when using text messaging and emails because they are unable to hear the clinician’s caring tone or see the warm expressions and body language that show interest. This happens so much with text messaging and emails that the code of ethics now addresses it. The code of ethics clearly states that we must discuss miscommunications before using these types of asynchronous communications with our clients.
This dear client returned in two weeks and flopped down in the chair while asking me why I did not want to see her anymore. She also wanted to know why I thought she would not get any better. I definitely used this as a therapeutic moment to help her understand how this thinking pattern was part of her other important relationships. But I first apologized for the harm and the hurt she experienced, and I explained that we needed to have an important discussion about the possibility of misunderstandings and miscommunications going forward. She left feeling healed from the pain she experienced and with new ways of looking at her thinking. She also left with a refreshed understanding of my care and concern for her.
However, it is not just text messages that can pose risks, as harm can also occur with emails. Specific areas of concern include data leakage, platform-specific issues, and back-end servers. Like text messages, email messages are also unsecured and can be accessed by third parties. Even deleted emails may be preserved by other third parties, such as internet service providers. When a professional sends an email from an encrypted email service, there is also no guarantee that the message is safe where it has been sent.
Although a complete and thorough discussion of the broad set of security issues related to the use of mobile devices in the healthcare environment is beyond the scope of this post, you can find information regarding how to minimize these risks in my new book, Telemental Health: The Essential Guide to Providing Successful Online Therapy.
*This is an excerpt from Telemental Health
by Joni Gilbertson. Copyright © 2020, Joni Gilbertson. PESI Publishing & Media
Virtual care is the new normal. Are you prepared?