DIVISION MATTERS

Some of what psychologists need to know about telepsychology

Managing telepsychology in your practice depends on competency in its use, staying on top of ever-evolving regulation, and maintenance of data security.

By Anthony S. Ragusea

Some people don’t realize that media psychology includes telepsychology, a branch of telehealth that also includes telemedicine. Telepsychology is a broad term that encompasses terms like e-therapy, online therapy, online counseling, e-counseling, and telemental health. These terms are generally considered interchangeable. All describe the use of digital technology in the practice of psychology. Specific examples of telepsychology include assessment, treatment, public education, and professional development. Telehealth technologies include (but are not exclusive to) telephone, email, instant messaging, videoconferencing, and virtual reality (VR). Software that provides mental health education or self-help programs is an example of a telehealth technology that does not involve human interaction. Note that if an insurance company covers telepsychology services, it generally applies only to videoconferencing. Most psychologists have incorporated some form of telepsychology into their practices, often without fully understanding the implications. There are three broad areas in which psychologists need to be knowledgeable: competency, regulation, and security.

Competency is difficult to operationalize. Some aspects of competency in telepsychology relate to the depth of one’s understanding of a given technology. Email is easy and convenient to use, but do you know how many copies of an email are created and distributed every time you send one? A copy is likely stored in the “Sent” box of your email program, a copy is on the recipient’s hard drive and possibly on other devices the recipient owns such as a smartphone or tablet, copies could be found on any connected backup drives, and copies will be located on multiple servers en route between the sender and the recipient. Understanding where sensitive data is stored and the many ways in which it can be lost or stolen is an aspect of competency. Is your data encrypted? If the technology you are using malfunctions, can you troubleshoot? Or do you have an agreement with someone else who can reliably help you? Does that person need to have authorization and signed a HIPAA business associate agreement to view confidential data in the process of fixing your technology? How do you handle dropped calls? Understanding the strengths and weaknesses of any technology you use is critical both to providing quality care and obtaining informed consent, the same as when you are learning a new psychological test.

Understanding how technology changes the way people relate to each other is another aspect of competency. Text-based communication can be disinhibiting, for example. And people will use different communications technologies differently depending on what they want to communicate implicitly. For example, people sometimes try to avoid direct confrontation through text. There are also cultural differences to be aware of; there can be different customs and norms depending on the technology. For example, emails tend to be less formal than written letters, and text messages tend to rely on abbreviations and conciseness. There are more aspects of competency than can be discussed here.

If you are practicing telepsychology with clients in distant places, be aware that the regulation of telepsychology is a still evolving area of law. The main issue in dispute is where the practice of telepsychology takes place: Is it where the client is located, where the psychologist is located, or somewhere in cyberspace? Several states have argued that the location of the client is most important. Thus, if you practice psychology with a client who is not located (temporarily or permanently) in the state you are licensed in, you risk being accused of practicing without a license. Many states have provisions for the temporary practice of psychology across state lines, but the exact restrictions and requirements vary from state to state. It is the psychologist’s responsibility to know the laws and regulations when providing interstate services.

Finally, keeping digital confidential information secure is an unwinnable war, but one you must nevertheless make a reasonable effort to win. Digital information, like paper files, can never be fully secure. There are many ways digital information can accidentally or maliciously find its way into unintended hands, and there are many, many tools and procedures that can help to minimize the chances of that happening. If you use tools like email or videoconferencing to communicate with clients, you are obligated to take reasonable steps to ensure that data is secure in transmission as well as where data is stored on your computer. You don’t need a degree in information technology to be reasonably safe: Doing things like using passwords and encrypting all patient information is cheap and relatively easy to do, though you may need someone to help you get set up. Hushmail. com is a service that helps encrypt email, but there are other methods available. Mac users can easily encrypt folders using tools built into Apple’s operating system, or even an entire hard drive. Many videoconference software packages automatically encrypt the video between users, but not all. The American Psychological Association Insurance Trust recommends for its customers, but does not require, use of teleconferencing companies that claim HIPAA compliance. VIA3 is one example of such a company. Use of companies that do not claim HIPAA compliance is not automatically unethical or illegal, but the psychologist assumes an increased level of risk by doing so and at the very least should become knowledgeable about the security features the company provides. If client data is stolen in encrypted form (for example, if you lose an encrypted flash drive or laptop), you do not have to notify affected patients. But, if you accidentally email or fax the wrong person, you must notify your patient of the breach and take reasonable steps to try and prevent harm to your patient. If more than 500 patients are affected by a breach, by law you must also alert the media!

Needless to say, there is a great deal more to learn about telepsychology than can fit here. Fortunately, there are also resources available for more in-depth learning. Guidelines for the Practice of Telepsychology have been developed by a joint Task Force composed of members representing the American Psychological Association, the Association of State and Provincial Psychological Boards, and members representing the APA Insurance Trust. The Task Force is seeking comments through October 26, 2012.

Link to the draft Guidelines for the Practice of Telepsychology: http://apacustomout.apa.org/commentcentral/commentcentralPDF/Site26_Telepsychology%20Guidelines%20Draft_July2012_posted. pdf

Link to Comment: http://apacustomout.apa.org/commentCentral/ default.aspx?site=26