Mindful Musings

My Mindful Musings about mental health issues and other therapy-related things. If there is something you’d like me to blog about, send me an email and let me know. And I very much enjoy receiving comments on my posts.

Articles For Clients is a compilation of my posts for consumers of psychotherapy services.

Articles For Clinicians Using Social Media is a compilation of my posts for mental health professions on the Internet.

Subscribe to Mindful Musings by Dr. Keely Kolmes by Email

 Subscribe to this blog

What’s So Bad About Facebook Editing Our Feeds?

The internet has been ablaze the past few days with commentary on Facebook’s non-consensual “mood manipulation” research. You can read the paper based upon the study here.

It has been critiqued by many, including Violet Blue, who writes in Facebook: Unethical, Untrustworthy, and now Downright Harmful, about the choice to tamper with 689,003 people’s emotional well-being, but also questions the tools used to interfere with users.  Jaron Lanier had written an earlier piece in a New York Times Op-Ed called Should Facebook Manipulate Users? He noted that:

“The manipulation of emotion is no small thing. An estimated 60 percent of suicides are preceded by a mood disorder. Even mild depression has been shown to increase the risk of heart failure by 5 percent; moderate to severe depression increases it by 40 percent.”

He goes on to argue for full consent for research of this nature.

Kate Crawford, posted a lovely piece at The Atlantic, giving a nod to sociological research that has preceded this and offering a challenge for Facebook to actually experiment with consent in a new way, in The Test We Can — and Should — Run on Facebook.

“Perhaps we could nudge that process with Silicon Valley’s preferred tool: an experiment. But this time, we request an experiment to run on Facebook and similar platforms. Rather than assuming Terms of Service are equivalent to informed consent, platforms should offer opt-in settings where users can choose to join experimental panels. If they don’t opt in, they aren’t forced to participate.”

And here I stand.

I am a psychologist with a strong interest in researching digital culture and social media, but I am also an ethicist. My Ethics Code, which the lead researcher of this paper, Dr. Adam Kramer, would also be expected to follow, makes it clear to me what rules I’m supposed to follow when it comes to Informed Consent and doing research with human subjects. That said, sometimes there are grey areas.

The APA Ethics Code does allow for people to dispense with Informed Consent, under the following criteria (areas bolded by me, for emphasis):

8.05 Dispensing with Informed Consent for Research

Psychologists may dispense with informed consent only (1) where research would not reasonably be assumed to create distress or harm and involves (a) the study of normal educational practices, curricula, or classroom management methods conducted in educational settings; (b) only anonymous questionnaires, naturalistic observations or archival research for which disclosure of responses would not place participants at risk of criminal or civil liability or damage their financial standing, employability or reputation, and confidentiality is protected; or (c) the study of factors related to job or organization effectiveness conducted in organizational settings for which there is no risk to participants’ employability, and confidentiality is protected or (2) where otherwise permitted by law or federal or institutional regulations.

It is hard for me to categorize the manipulation of what shows up on a person’s news feed as “naturalistic” data collection. And I still think the salient issue is whether this research would reasonably (or not) create distress or harm. This can be a complex question for some people.

How harmful is a depressed mood? It depends. Perhaps it is not that big of a deal to a person who logs off of Facebook and goes to a party, and doesn’t check in regularly. But I’d guess there are 689,003 answers to this question for each person who was unwittingly a part of this study.

I also think there are other less obvious consequences to modifying the news feeds of users.

For example, some segment of the Facebook population was already aware of and managing “mood contagion.” For quite awhile, it hasn’t been uncommon for me or those in my social circle to unfollow people who seemed to continuously complain, rant, post annoying messages, or just post things that left us feeling less happy. In 2008, I first read Tantek Çelik’s wiki post on communication protocols, including reasons he might not follow you back on social media. While his rules may have seemed excessive, some of them made good sense, including not following users who produced a high proportion of “negative reinforcement.”

On some Twitter apps, you can temporarily “mute” someone, but on Facebook, it’s easier to just unsubscribe from someone’s feed and then no longer keep up with them. The result is that these people drop off of your radar, unless you make a point of visiting their profile. In my friend networks and in the psychotherapy sessions with my clients, it has not been uncommon to hear someone say, “I stopped following ‘x” because her/his news feed was just too much of a downer.”

We have become a generation used to curating our content.

Therefore, if Facebook suppressed positive postings even for a week it’s not a stretch to imagine some users spending part of that week tuning out  people whose posts were showing up on their Walls because they were just not contributing to a positive outlook.

These likely would have been “looser tie” connections than close friends. A looser tie connection would likely be easier to ignore or drop. Whereas if this was a close friend, many of us might call or text and say, “What is going on with all your sad posts on FB this week?”). This may seem less likely to happen in just a week, but for a heavy Facebook user, a lot happens in one day on Facebook. A week can feel like a long time.

For those who were already on the fence about a particular poster, maybe this week clinched it: “This is a person whose postings don’t contribute to my overall sense of happiness.” Maybe others felt this way. And this may have had a deeper impact on the development of these relationships both on and offline in some cases. It may have led to some people losing friends, support, or a sense that people they cared about were still interested in their lives.

Most of us who participate in various online communities know that oftentimes friendships and online connections grow (or wither) based upon the online material posted. People filter email from certain senders to group email lists. People tune-out those who post things that are less rewarding to read.

Thus, I believe that there are potentially farther reaching ripple effects of this type of personal manipulation than those that have just been addressed by the focus on “mood manipulation.” This experiment may have also resulted in relationship manipulation that has yet to be analyzed. If the Facebook study led any user to detach from a friendship or lose a friend in their own circle because that friend found this person’s postings overwhelmingly sad or negative, then we could revisit the concept of “minimal harm” in a deeper and more comprehensive way.

This is another reason why formal debriefing would have also been useful in this study, even if Informed Consent was waived. People could have revisited decisions they made two years ago just a week after the suppression of Wall postings, rather than trying to remember what happened in that time period two years later and trying to track which relationships were affected.

APA Ethics Code on Debriefing:

8.08 Debriefing
(a) Psychologists provide a prompt opportunity for participants to obtain appropriate information about the nature, results, and conclusions of the research, and they take reasonable steps to correct any misconceptions that participants may have of which the psychologists are aware.
(b) If scientific or humane values justify delaying or withholding this information, psychologists take reasonable measures to reduce the risk of harm.
(c) When psychologists become aware that research procedures have harmed a participant, they take reasonable steps to minimize the harm.

In summary, Facebook’s unwitting deliberate manipulation of user data and large scale data collection without consent poses a number of important ethical issues. Assessing harm can also be a tricky exercise. I would like to support Kate Crawford’s call for more clear language that allows those users who want to participate in research to opt-in, rather than being oblivious guinea pigs.

Comments are open. Please feel free to share your thoughts on this post. 

July 3, 2014: Minor revisions were made to language, a link was added to the Facebook paper, and additional quotes from Crawford’s piece were added. Additional reading added. Link to Tantek Çelik’s wiki page added.

For more reading, check the following links:

Everything We Know About Facebook’s Secret Mood Manipulation Experiment

How an IRB Could have Legitimately Approved the Facebook Experiment — And Why That May Be a Good Thing

Facebook Flunks its Apology  – A data scientist looks at the language of the Facebook apology, (touché!).

The journal that published Facebook’s psychological study is raising a red flag about it

APA Ethics Code Addresses When Informed Consent From Research Participants Is Necessary

Privacy Group Complains to FTC About Facebook Emotion Study

Wickr: HIPAA-Compliant SMS App Tested by Two Psychologists

By Keely Kolmes, Psy.D. and Kristina Monroe, Psy.D.

Dr. Monroe is a licensed psychologist who has private practice offices in Beverly Hills and South Pasadena, CA. She maintains a general psychotherapy practice but also specializes in serious mental illness as well as psychological assessment.

We know one another from APA Division 42′s listserv, and we decided to test out the Wickr App together.

KK: I don’t engage in text messaging with clients for a number of reasons, including concerns about the assumed immediacy of messaging, client confidentiality, and the documentation of these messages. But Dr. Monroe and I were both very curious about Wickr’s promises of military grade encryption, privacy, and the ability to set messages to self-destruct within a designated period of time (from seconds after it is viewed and up to six days). We agreed to give it a test run.

Click on images to view them in large size. 

wickrlogin wickrabout











KM: I was excited to try out Wickr as a licensed psychologist who strives to adhere to the highest level of client confidentiality. This isn’t always simple in the era of ever-growing technology, particularly when many of my clients prefer text messaging over a telephone call. I was intrigued when reading that Wickr is a text messaging service that is HIPAA-compliant.

KK: Wickr allows you to fine-tune its shredder settings as seen below. You can also modify how notifications are received and set default message destruction times, but this can also be set for each message, as we’ll show you later on.

secureshredder wickrsettings

KK: One of the first things I appreciated was that Wickr can be set to let you know you have a text message without identifying who has sent it. The app also has the ability to require you to login to receive your text messages so someone picking up your phone doesn’t automatically have access. It seems that Dr. Monroe also liked these features. We both would recommend disabling the auto-login feature for enhanced security.

KM: In testing it out with Dr. Kolmes I found several features that I liked. First, I liked that a user can choose any user name and it is not displayed when push notifications are on (as shown below). Furthermore, one has to log in with a password to access the message (also seen below). This feature can be adjusted as to how long the app is closed before a password is required.

KK: I’d add here that it might make sense to encourage clients to use a nickname or other pseudonym with their Wickr account, for enhanced privacy. Clinicians may opt for the same.

lockscreen photo

KM: It is also nice that each message can be sent with a different time to destruction (i.e. the time it takes before a message is permanently deleted from both the sender’s and receiver’s device). We experimented with different time settings.

KK: You can see the red text, below, indicating the time until a message self-destructs. I also like that there is a padlock you have to click on in order to unlock each message. This is just one extra step to ensure nobody is looking over your shoulder. I also like that from the texting screen, you can click on various red round buttons to change the self-destruct time for each message (from seconds to six days), to activate the camera to take and attach a photo, to access your photo album and choose a photo, to activate your microphone to record and send sound file, or to attach and send other attachment from dropbox or Google Drive.



KM: On the contrary, one noticeable weakness is the ability to take a screen shot of both text and photos. Therefore, it is possible for one to retain a copy of messages exchanged before they destruct.

KK: Yes, obviously, as our photo essay demonstrates, these messages can be saved via screen shot, which in some ways entirely defeats the whole purpose of the app. Although it would allow a clinician to save and print a message later, if necessary.

KM: I would, nevertheless, only use the app to communicate about appointment times and changes, not clinical information. Lastly, the client does need a smartphone with the app as a Wickr user cannot text a general cellphone number. Overall, Wickr appears to be a nice upgrade from the average text service that can be used at the clinician and client’s discretion following informed consent.

KK: I am still not likely to use text messaging with my patients. However, many clinicians do like to offer this mode of communication for various reasons and it makes sense for the populations they serve. Wickr is definitely a step above the typical text messaging done on a cellphone. I will likely mention it in my upcoming courses on digital ethics. I only wish the app disabled the ability to take screen shots so that it could truly be SMS “without a trace,” as advertised*.

*Note added February 24th: Of course we realize that encryption refers to how messages are protected during transmission and delivery. There are other encrypted means of message delivery, including email, which also allow for printing or taking screen shots. What people do with phone messages, emails, and even text messages once delivered is beyond the control of the service that attempts to create higher security and beyond the control of the practitioner. This again speaks to the need to be judicious in what we send to people whose confidentiality we have a primary duty to protect.

What You Need to Know About Telemental Health Technology: A Guest Post by Roy Huggins

The following is a guest post by Roy Huggins, MS NCC.

Roy Huggins, MS NCC is a counselor in private practice and former professional Web developer who also operates Person-Centered Tech, his tech-consulting firm that serves the mental health community. You can find him online at www.personcenteredtech.com.

With the growing popularity of telemental health (sometimes called “Skype therapy”), it’s a wonder that it isn’t easier to identify which software we should use to perform these services. Here I will try to provide some clarity on that subject.

Types and Mediums of Telehealth

The classic telemedicine model is what I call a “clinic-clinic” model, wherein the client would be in a clinical setting, surrounded by health care professionals, using a special setup of cameras and software that are designed specifically for telehealth. Many of us are more interested in what I call a “clinic-home” model, wherein the client is in their home, handling their own local technical needs and, potentially, clinical needs that can be provided remotely. This article will focus on that model.

There are several mediums for telehealth in use. The two most popular I know of are email and videoconferencing. When we speak of “Skype Therapy,” we are referring to telehealth service by videoconferencing software. Since most of us are interested in video, that is what I will focus on.

Some mediums may be restricted for some clinicians. For example, social workers in Louisiana are not permitted to perform email therapy or to use any therapy medium that is “conducted through the exchange of typed or printed data, E-mails or instant messages” (Louisiana State Board of Social Work Examiners, 2009). I suggest you investigate your applicable laws and rules before settling on a medium.

Professional guidelines covering telehealth ask us to develop, as the American Psychological Association’s (APA) telepsychology guidelines put it, our “professional and technical competence” regarding both our chosen telehealth medium and the process of telehealth therapy itself (American Psychological Association, 2013). The NBCC guidelines and NASW/ASWB guidelines also ask us to do this (NASW, 2005; ASWB, 2005; National Board for Certified Counselors [NBCC], 2012).

What Video Software Should I Use?

When choosing software, we need to consider if it is secure enough to meet ethical and legal standards, if it plays well with the HIPAA Business Associate rule, and if it has the features we need.

This may be a little more complicated than it seems. Skype and Facetime have fallen out of favor, especially due to recent changes in the HIPAA Business Associate rule. Luckily, easy replacements are available. Also, your specific software needs can change depending on the population you serve.

“HIPAA Nothin’!”: Our Ethics Codes Have Plenty To Say About Electronic Security

When we think about mandates around “digital confidentiality,” as I like to call it, we tend to think of HIPAA. However, this is as much an ethical issue as a legal one. All the major professional ethics codes ask us to use security measures when dealing with electronic client data. National ethics codes that call for protection specifically of electronic info include the AAMFT, ACA, APA, NASW and NBCC codes.

The HIPAA Security Rule also contains a basic mandate that we must secure our “electronic protected health information.” Specifically, The HIPAA Security Rule defines a standard called the Transmission Security standard:

[Covered entities must] Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.
(US Dept. of Health and Human Services, 2006) Emphasis mine

I emphasized the word “technical.” “Technical” security measures would be stuff you do with software or hardware to protect sensitive information. In the case of videoconferencing software, we’re looking at needing software that encrypts the calls and that requires that everyone involved in the call authenticate themselves – “authenticate” is a fancy way of saying that they have to prove they are who they claim to be. Generally, we do this by entering a username and password. The other advantage of video software is that we can additionally authenticate clients simply by seeing their faces on the screen.

When HIPAA Does and Doesn’t Matter

Alert readers may have noticed in the above HIPAA quote the words, “covered entity.” That is a piece of HIPAA jargon that refers to any person or group that is legally required to comply with HIPAA. Many of us are starting to learn that simply being a health care professional does not automatically make one a HIPAA covered entity. For more information, see my article on HIPAA covered entity status.

HIPAA doesn’t always rule the roost, however. For example, the 2013 HIPAA Omnibus Rule clarified that if clients wish to receive emails that contain their protected health information, are subsequently informed of the risks of email, and still wish to receive them despite the risks, they may consent to the use of unsecured email to send them protected health information. (Huggins, 2013). However, all the professional guidelines regarding telehealth ask us to use secure communications for therapeutic exchanges regardless of client consent (APA, 2013; NASW & ASWB, 2005; NBCC, 2012). Licensing boards often have something to say on the issue, as well. For example, my licensing board specifically requires encryption for therapeutic exchanges in their rules regarding Distance Counseling. (Oregon Board of Licensed Professional Counselors and Therapists, 2011)

This means that even though HIPAA’s love of client autonomy may imply that non-secure video software could be used if the client consents to it (assuming there is no Business Associate relationship – more below), ethics codes, professional guidelines, and in many cases state laws and licensing boards would disagree that non-secure software is appropriate for us to use when performing telehealth services.

HIPAA Business Associates: Where Things Get Rigid

When we apply HIPAA’s standards to our security planning, we get a rather flexible paradigm of reducing risks to reasonable levels. That is, except for when the Business Associate rule gets involved.

In short, HIPAA Business Associates are persons or companies who provide services for your practice wherein they handle your protected health information. HIPAA requires us to get a Business Associate contract with such folks in order to be in compliance. For details, see What is a HIPAA Business Associate Agreement?. The 2013 HIPAA Omnibus Final Rule made the Business Associate rule tighter and gave Business Associates greater responsibilities. As a result, we have fewer options around which “cloud”-based services we can use and still remain HIPAA compliant. This is a deep issue, and if you wish to know more, see Online Data Backups and HIPAA Compliant Practice: A Government-Produced Monkey Wrench.

An important part of the BA rule is the “conduit” exception. This allows companies that only move your protected health information from one place to another to perform this service without taking on a BA relationship with you. The classic examples are the USPS and other courier services as well as Internet Service Providers – the companies that provide your Internet connection. Because of the conduit exception, none of these groups are HIPAA Business Associates.

The 2013 Omnibus Rule tightened the conduit exception. The Office of Civil Rights (the federal government’s “HIPAA people”) made it clear that just moving info from one place to another is not enough to make a service qualify as a conduit (and thus not qualify as a BA.) They have to also be unable to look at the data as they move it. In other words, the info has to be encrypted and the company has to be unable to unlock the encryption. (Reinhardt, 2013) This is why Skype and Facetime are no longer viable for telehealth under HIPAA.

Wait, Skype and Facetime Aren’t HIPAA Compliant?

It’s important to remember that products cannot be HIPAA compliant or non-compliant. Only people can be HIPAA compliant (or non-compliant.) The proper question is, “Can we use Skype or Facetime and stay HIPAA compliant?”

Skype’s security has been roundly criticized by some as insufficient for our compliance needs, (Maheu & Mcmenamin, 2013) but others have argued that steps can be taken to reduce the security risks of Skype to acceptable levels (Sleeman, 2011). Facetime is similar to Skype but only works on Apple products. Apple is notoriously tight-lipped about the security schemes their products use, but it is certain that Facetime uses encryption to protect calls.

However, both of these pieces of software allow their owner companies (Microsoft for Skype and Apple for Facetime) to unlock the encryption and see and hear the calls they transmit. We know this is true with Skype because law enforcement officials have stated that they can get access to Skype calls when they need to. For Facetime, the underlying architecture of it makes it extremely likely that Apple could monitor calls if they chose to. These simple facts cause these services to not be “conduits” and thus they become BAs. Because neither company will supply us with a Business Associate contract when we use their products for telehealth, we would be in violation of HIPAA to use them for telehealth services.

Remember that Business Associate relationships are between clinicians and the companies that qualify as our BAs. The client is not a part of this equation. Thus, client consent has no bearing on whether or not we’re required to get a Business Associate contract with a given company. This is why I say that the Business Associate rule is highly rigid.

Do I Have to Use Expensive Software to Do Telehealth, Then?


I often recommend, as an alternative to Skype and Facetime, VSee (www.vsee.com). VSee is simple, free (or cheap) and easily downloaded and installed, just like Skype and Facetime. However, it is friendly not only with HIPAA but also with the American Telemedicine Association’s guidelines for video software in telemental health. For further info, see my article on both VSee and the problems with Skype and Business Associate rules.

VSee is not the only option, however. There are many platforms for doing telehealth that are as inexpensive as $40/mo. You often also get extra features such as secure billing, secure messaging with clients, and – very importantly – Business Associate contracts. These platforms can be a good investment in creating a solid telehealth practice. For browsing available platforms, I generally recommend Jay Ostrowski’s Telemental Health Comparisons website.

What Features Do I Need In Video Software?

The American Telemedicine Association has published guidelines on what video software should be able to do, where possible, when used for telemental health. Several of the features they describe require that there be special hardware on the client’s side of things. Generally, we would need to be doing clinic-clinic telehealth for that to be possible. Many of the ATA’s other recommendations can be met by software for clinic-home sessions, however, and thus we can look for those features in our software. Here is a sampling of the more important features to look for according to American Telemedicine Association, 2009). Comments in red are mine:

  1. View and share a computer desktop or applications. This means the software can allow call participants to selectively show each other what is currently on their computers. I often use this to collaboratively make notes or do exercises with clients. A lot of programs, including Skype, can do this.
  2. Record meetings when clinically appropriate and with patient permission. Depending on your needs as a clinician, this can be a deal-breaker. Most clinicians under supervision, for example, need to be able to record sessions.
  3. Share information on a common white board or via computer files. Once again, many programs accomplish this through interactive screen sharing (item 1.)
  4. Ease of use with minimum operator training. This is a must not just for clinicians, but also for clients. Even if your technical proficiency is high, delivery to the home means the client must handle many of their own technical needs. For this reason, quite a few clinicians only use video software services that offer live, 24-hour tech support. All the online group therapists I know of see technical support as a must-have. Note that only non-free services will offer technical support. In other words, you won’t get it from Skype, Facetime, or VSee.
  5. On screen messages to notify the user of such conditions as loss of far end video, incomplete or dropped connections, mute/unmute etc. This feature allows both clinician and client to know the current conditions of the call, especially if the Internet connection is going bad. Bad connections can mean choppy video or audio or even a dropped call. I am careful to avoid delicate clinical interventions when my software’s indicator is telling me that the call connection is going through a rough patch.
  6. Ability to operate at a bandwidth of 384 Kbps or higher.This means the software should be able to work on a somewhat slow Internet connection. It’s worth noting that Skype does not do this well, and VSee’s most noted feature is that it does this very well.

I’ve never seen low-cost software that includes all these features, but most telehealth-oriented video software includes most of these features.

What Else Do I Need to Do or Know?

The topic of this article — Security and features of videoconferencing software – is only the tip of the iceberg. Also vital is informed consent; culturally, linguistically, and regionally relevant emergency plans; cross-state practice issues; getting paid, and more. These things do not have to be daunting at all, and may be more or less difficult to accomplish depending on the skills and resources already at your disposal.

How Do I Learn More About Telehealth?

All the professional guidelines on telehealth practice make reference to a need to develop “professional and technical competence” in both the process of telehealth and the use of the relevant technology. There are some places where you can get formal training on this, listed in alphabetical order:

The DCC (Distance Credentialed Counselor)
The Online Therapy Institute
The Telemental Health Institute
The Zur Institute

Disclosure: I have courses with the Zur Institute that may be included with telehealth education packages, and from which I will receive royalties.

I also have courses you can take online. Issues of telehealth technology are generally included with other technology-related topics including HIPAA compliance and practice management:

Digital Confidentiality According to Professional Ethics and HIPAA: A Heart-Centered Approach. My live webinar program.
My self-study CE courses at the Zur Institute.

I also use my newsletter to keep readers abreast of the fast-changing landscape of digital confidentiality. You can subscribe to it at www.personcenteredtech.com.


American Association of Marriage and Family Therapists. (2012). Code of Ethics . Alexandria, VA: Author.

American Counseling Association. (2005). Code of Ethics . Alexandria, VA: Author.

American Psychological Association. (2010). American Psychological Association Ethical Principles of Psychologists and Code of Conduct . Washington, DC: Author.

American Psychological Association. (2013, July). Guidelines for the Practice of Telepsychology. Author.

American Telemedicine Association. (2009). Practice Guidelines for Videoconferencing-Based Telemental Health. Author.

Huggins, R. (2013, October). Clients Have the Right to Receive Unencrypted Emails Under HIPAA. Retrieved October 17, 2013, from Person-Centered Tech.

Louisiana State Board of Social Work Examiners. (2009). Consumer Information Regarding Distance Therapy. Retrieved October 17, 2013, from Louisiana State Board of Social Work Examiners: http://www.labswe.org/distherapy.html

Maheu, M., & Mcmenamin, J. (2013, March). Telepsychiatry: The Perils of Using Skype. Retrieved October 17, 2013, from Psychiatric Times: http://www.psychiatrictimes.com/blog/telepsychiatry-perils-using-skype

NASW and ASWB. (2005). Standards for Technology and Social Work Practice . Author.

National Association of Social Workers. (2008). Code of Ethics . Washington, DC: Author.

National Board for Certified Counselors. (2012). Code of Ethics . Greensboro, NC: Author.

National Board for Certified Counselors. (2012, July). Policy Regarding the Provision of Distance Professional Services. Author.

Oregon Board of Licensed Professional Counselors and Therapists. (2011). Distance Counseling. Oregon State Archives . Salem, OR: Author.

Reinhardt, R. (2013, February). HIPAA FInal Rule and the Conduit Exception. Retrieved October 17, 2013, from Tame Your Practice: http://www.tameyourpractice.com/blog/hipaa-final-rule-and-conduit-exception

Sleeman, J. (2011, December). Skype Security and HIPAA Compliance. Retrieved October 17, 2013, from HIPAA Compliance IT: http://www.hipaacomplianceit.com/skype-security-and-hipaa-compliance/

US Dept. of Health and Human Services. (2006). HIPAA Administrative Simplification. Washington, DC: Author.

US Dept. of Health and Human Services. (2013). HIPAA Omnibus Final Rule . Washington, DC: Author.

How to Fight a Phobia

Not only do I treat phobias when people come to my psychotherapy office, but I’ll confess to having struggled with public speaking anxiety myself. It’s actually one of the most common phobias.

Last April, I decided to challenge myself: teach about phobias in an Ignite talk. I’ve gotten pretty comfortable giving talks, but the Ignite format: 20 slides, 5 minutes, with slides auto-advancing every 15 seconds….that definitely made me nervous.

But a friend nudged me to face my fear, I submitted my talk, and it was accepted!

Here is the result:



The slides can be viewed in better quality below.


When Psychotherapists Digitally Eavesdrop on Social Media

This post was first published on PsychCentral.

Mental health professionals have worried for years about their clients digging for personal information about them on the Internet. But what about when psychotherapists consult Google to unearth personal information about their clients? Do psychotherapists carry the same concerns for client privacy that they do for their own?

Some mental health professionals assert that what clients post on the web is public information, and — as such — it is fair game for review. And, yes, it is one thing if you are in a forensic role, and your job is to investigate your client. But what if your role is clinical and involves building a relationship of trust and authenticity? Do we somehow have a right to access all of a person’s archived Internet data simply because they visited our office seeking care?

Those who assert that clinicians have a right to search for this information seem to be expressing a sense of entitlement to a patient’s out-of-session life. Reasons given for looking for this information include assessing risk and verifying information shared in treatment. But would these same clinicians attend a performance or a talk a client was giving and not tell the client they had attended? Would they go observe other social events secretly and not share with their client that they had done so? It is the discretion provided by the Internet that seems to allow some clinicians an excuse for engaging in online behaviors they would never endorse offline.

For most people, taking time to develop trust and a connection before divulging difficult information is part of healthy boundaries, even when seeking psychological treatment. A psychotherapist who rushes to discover what a client hasn’t yet shared may be contaminating the therapy relationship or re-enacting boundary violations that the client has already experienced. Many clients of mine share deeper secrets as the therapy progresses, and for me to race ahead to these points of vulnerability in a web search would seem to to be shortchanging both of us in the clinical relationship.

Those who argue clients look us up on the Internet, and therefore it is fair game for us to do the same, are failing to note a key difference in that there is a significant power differential when psychologists seek supplemental personal information about clients.

As mental health professionals, we have the ability to use this information to influence our diagnostic impressions. We hold authority in our relationships with our clients that they do not hold with us. We are not equals. That is why we have licensing boards and an informed consent process with clients in which we are required to share with them our policies and protocols. When patients look us up before retaining our services as professionals, they are typically seeking information about how we practice or if others recommend our services. If we routinely engage in the practice of researching our clients without informing them that we do so, I’d say it has the potential to be exploitative, harmful, and deceptive.

While the extent of such a search and whether it is clinically warranted may alter the significance of it, in my opinion, those who do so without engaging in a thoughtful analysis of their motivies and those who do not inform their clients of this practice may be taking advantage of electronic access to those who are in our care. If you are compelled to seek out this information, why not do such a search with your client present? Why not do it openly, with full disclosure, so that the two of you may discuss the accuracy of what you find then and there and actually incorporate it into treatment?

None of this is to say that it’s possible to avoid incidental contacts with patients on the Internet. It is all too easy to stumble onto a client’s Facebook page or Twitterfeed by following a shared connection.

But what one does when they arrive there does matter. Do you read every post on the client’s Wall and browse his photo albums? Or do you hit the back button on your browser and let your client enjoy a life outside of the therapy room, choosing himself what to bring into treatment?

I’d vote for the latter.

Agree or disagree with this post? I’d love to know your thoughts. Feel free to comment.