Continuing Education & Resources for Mental Health Professionals

Online Course #1 – Ethics Training in Mental Health Settings: What Do Non-Clinical Staff Need to Know?

Ethics Training in Mental Health Settings: What Do Non-Clinical Staff Need to Know? 
Mary Alice Fisher, Ph.D.

2 CE Credits – 14 test items – $50


This page contains learning objectives, course outline and complete text for this CE course.  You can read the course online, print the course or save it to your computer. 

At the bottom of the course there is a link that allows you to purchase the test. You will be required to create an account (using your email address) so that you will be able to complete the test immediately, or on your schedule.  You may also begin the test and save it to finish at a later time.

Once you submit the online test, it will be automatically graded. You may take the test up to 3 times in order to pass (80% correct out of 14 questions).  Once you pass, you will be required to complete an evaluation form, after which you will be able to immediately download a certificate of CE credits.


Learning Objectives:

  1. List the ethical & legal implications of staff involvement with patients and their records;
  2. Describe the areas of ethics-based training that are appropriate for non-clinical staff;
  3. Name some of the advantages of pooling resources for staff training.

Course Outline:

Introduction

  1. Ethical & Legal Mandates About Staff Training
  2. Staff Hiring and Firing
  3. What Should Non-Clinical Staff Know?
    1. Underlying Principles
    2. Environment and Staff-Patient Interactions
    3. General Office Procedures in Your Setting
    4. Privacy and Confidentiality
    5. Boundaries and Dual Relationships
    6. Billing and Third-Party Reimbursement
    7. Patient Access to Records
    8. Other Policies with Ethical and/or Legal Implications
  4. Are Your Policies & Expectations Clear? Written?
  5. Who Will Take Responsibility?
    1. Who Will Provide Training?
    2. Who Will Test Employees?
    3. Will You Pool Resources?
  6. Recommendations
  7. Sample Staff Training Manual – Outline

Course Content:

Introduction     

Why should mental health settings provide ethics training for their non-clinical staff?  Employee training rarely includes formal discussion of ethics. Yet, mental health professionals are ethically responsible for establishing and maintaining policies and procedures that are consistent with their own professional ethical standards. Unless well trained in policies that support those standards, staff members might unintentionally behave in ways that place mental health patients at risk, thereby placing the clinician at risk.  The training described in this course is therefore designed to meet the staff training requirements that are implied by the Ethical Standards that mental health professionals must uphold.  It can be adapted to outpatient, inpatient, research, or academic clinic settings.

Should we also provide legal training for non-clinical staff?  It is not unusual for a mental health care provider to send non-clinical staff members to attend legal-based HIPAA training.  This is certainly appropriate.  After all, the non-clinical staff often bear much of the responsibility for learning and maintaining HIP HHcompliance with these complicated federal regulations. However, attorney-led HIPAA training that focuses on legal compliance should never be considered a substitute for ethics-based training that focuses on patients’ rights about confidentiality and privacy.  Fisher (2009) provided the following arguments for differentiating between ethics-based training and legal training:

One advantage of ethics-based training is that its focus is on protection of the client’s rights as defined by the mental health professions themselves. Another advantage is that, unlike training that focuses on laws, an ethical focus shifts the training responsibility away from attorneys and toward psychologists themselves. Because laws can have ethical consequences, it would be inappropriate for psychologists to focus only on the laws themselves or to abdicate their training responsibilities to attorneys (Fisher, 2008). Attorneys are experts about laws, and their participation may be necessary for presenting material that has prominent legal content (including HIPAA), but psychologists must serve as the experts about their own ethical standards and retain responsibility for clarifying the ethical implications of state or federal laws.

What about risk-management training?   Unlike ethics training, a risk-management focus implies attention not on ethics (i.e., protection of patients and their rights) but on protection of the professional who provides mental health services.  In other words, a risk-management focus implies “attention on minimizing the legal risks to oneself  (e.g., identifying ways in which patients can be harmed — or perceive themselves to be harmed —  for the purpose of protecting oneself from allegations of misconduct, whether founded or frivolous)”  (Fisher, 2013, p. 5, citing a definition adapted from Knapp & VandeCreek, 2006, pp 11, 35).  In contrast, ethics training focuses on protecting patients and their rights — a focus that also thereby protects clinicians. “From an ethical perspective, staff training is not an end in itself, nor a risk-management strategy for protecting [mental health professionals], but a means of protecting patients and their rights.  The goal is to create a culture of safety in which upholding ethical standards becomes everyone’s shared responsibility” (Fisher, 2009, p. 459).

From an ethical perspective, the better the staff training and the higher the expectations for staff conduct, the better protected the clients will be. From a risk-management perspective, the better protected the clients, the safer the psychologist will be. However, attention to risk management does not mean inattention to ethics. On the contrary, awareness of professional ethical principles is an essential aspect of risk management. (Fisher, 2009, p. 460, citing Bennett et al., 2006, p. 182)

The ethics-based training outlined here would be appropriate not only for non-clinical staff, but also for clinical staff, supervisees, students, and volunteers.  It is suggested that all personnel be included in this staff training in order to create a “culture of safety” (Knapp & VandeCreek, 2006, p. 115) in which maintaining an ethical workplace is viewed as everyone’s responsibility, and all staff cooperate in maintaining high ethical standards the workplace.  Toward that end, it is recommended that the Ethics Codes of all the mental health professionals in the workplace be made available to all staff, including non-clinical staff.

Sample training vignettes are provided in some of the sections below.  However, the most useful vignettes will be those provide by staff members themselves.  Staff can be invited to provide vignettes in advance, based on some of their own experiences in the setting.

I. Ethical and Legal Mandates About Staff Training

            Responsibilities about staff training in mental health settings can arise from several sources.  Mental health professionals have Ethics Codes, and sometimes these contain mandates about staff training. Laws related to staff training can arise from federal regulations such as HIPAA, as well as from state laws and state agency regulations.

A. Ethical Requirements

            The Ethics Codes for mental health professionals do not explicitly require ethics-based staff training.  However, the Ethical Standards do make mental health professionals responsible for ensuring the competence of those to whom they delegate tasks.  For example:

  • Counselors are required to “select competent staff and assign responsibilities compatible with their skills and experiences” and to “make every effort to ensure that privacy and confidentiality of clients are maintained by subordinates, including employees, supervisees, students, clerical assistants, and volunteers” (ACA, 2014, Ethical Standards B.3.a and D.1.f).
  • Psychologists who delegate work to employees . . . take reasonable steps to . . .authorize only those responsibilities that such persons can be expected to perform competently on the basis of their education, training, or experience, either independently or with the level of supervision being provided; and . . . see that such persons perform these services competently” (APA 2002, Ethical Standard 2.05).
  • Social Workers “take reasonable steps to provide or arrange for continuing education and staff development for all staff for whom they are responsible” and “address current knowledge and emerging developments related to social work practice and ethics” (NASW, 2008, Ethical Standard 3.08).

“For staff members who interact with clients, or who have access to confidential client information, technical competence may not be sufficient” (Fisher, 2009, p. 459).  Ethical competence may be necessary as well, and ethics-based training is the most direct way to ensure that all staff, including non-clinical staff, will demonstrate ethical behavior and avoid actions inconsistent with the protection of patients’ rights and welfare.

B. Legal Requirements

Legal mandates that apply in mental health settings include those contained in the federal HIPAA regulations (1996). These require certain types of training for all members of the “workforce” in a health care setting.  HIPAA defines “Workforce” to include paid employees plus trainees, supervisees and volunteers under direct control of the HIPAA-covered clinician. The training must occur within a reasonable time after they join the workforce and must be tailored to their job responsibilities, as well as the confidentiality policies and procedures within that specific setting.  This training must be documented, and the documentation must be retained for six years. (45CFR184 530(b)(2)(i); 45CFR184 530(k)).

The HIPAA Privacy Rule requires as follows:

A covered entity must train all members of its workforce on the policies and procedures with respect to protected health information (PHI) . . . as necessary and appropriate for the members of the workforce to carry out their functions within the covered entity.” (45CFR184 530(b) (1)).

The HIPAA Security Rule and Transaction Rule also have implications for staff training. The Security Rule requires practitioners to safeguard electronic protected health information in their practice from unauthorized alteration, destruction, or disclosure, both intentional and unintentional. That means practitioners need to train staff members to protect electronic data, such as patient notes, e-mail with/about patients, insurance or financial records with identifying patient information, etc., from potential security risks. Under the Security Rule’s “contingency planning standard,” employers must also develop an emergency plan to address how employees should respond to a loss of electronic information in the event of a disaster or emergency. This would include training employees about what to do if they are involved in an emergency situation and whom they should contact to assess the seriousness of the situation. A disaster recovery plan should also encompass procedures such as developing an employee phone list to use in an emergency and procedures for patient contact in the event that appointments need to be verified or rescheduled. It is recommended that employers use a written test or an oral examination to insure that the employee has understood the material covered in the training

Finally, legal requirements about staff training can arise at the state level.  These can include general statutes, licensing regulations, and state agency regulations, all of which vary greatly from state to state.  Such requirements can include staff training about how to protect patient confidentiality and other patient rights.

II. Staff Hiring & Firing

Creating an ethical workplace begins with careful hiring of staff, both clinical and non-clinical.

Woody (2000) recommended that mental health professionals select job applicants on the basis of their integrity and then screen further for maladaptive behaviors before hiring.  Koocher and Keith-Spiegel (2008) similarly recommended that we “assess the ability and sensitivity of all potential staff members prior to hiring” (p. 363), including the ability to respect privacy and confidences, and then exercise diligence in “training and monitoring the behavior of employees and supervisees to ensure conformity with ethical practice” (p. 373).

Both of these recommendations imply a focus not only on technical competence but also on the “ethical competence” of staff.

For the protection of both clients and themselves, psychologists must be free to discharge any staff member who engages in unethical behavior. This should be explained to both clinical and nonclinical staff and can be stipulated in employment contracts.

The APA Insurance Trust actually recommends that all personnel in the setting be required to follow the APA Ethics Code, with failure to do so being “grounds for employment termination.”  (Fisher, 2009, p. 460, citing Bennett et al., 2006, p. 182)

The quotation above is from an article published in a psychological journal, citing a risk-management text published by a malpractice insurer for psychologists.  However, this advice would apply to mental health service providers of any profession. In multidisciplinary settings, staff can be provided with the Ethics Codes of each of the professionals in the setting, and these can be referenced during the staff training. If ethical non-compliance will be considered a basis for termination of employment, this should be stipulated in the employment contract.

III. What Should Non-Clinical Staff Know?

Underlying Principles

The staff training can begin with a discussion of some of the patient-protective principles that underlie ethical practice in mental health settings.  These might include the following principles.

During the training, staff members can be asked to consider how to answer the related questions from the perspective of their own job in the setting:

  1. Beneficence (Doing Good): – “Will my doing this be helpful to our patients?”
  2. Nonmaleficence (Doing No Harm) – “Will this action likely harm the patient or anyone else?”
  3. Fidelity (Trustworthiness) – “To whom do I owe an obligation or an allegiance in this situation?”
  4. Responsibility (Clarifying Roles; Avoiding Exploitation) – “Will this action complicate the patient’s relationship with me, or risk exploiting the patient?”
  5. Autonomy (Fostering Independence) – “Will this action foster independence or will it promote dependence on the part of the patient?”
  6. Integrity (Honesty, Truthfulness) – “Have I been honest and truthful in providing the patient with information?”
  7. Justice (Fairness) – “Is this action consistent with how I would want to be treated if I were the patient?”

Environment & Staff-Patient InteractionsWhat atmosphere are we trying to create?  What will be a new patient’s first impression of our setting?  How well does our space reflect our approach to providing mental health services?  How are staff expected to interact with patients in this environment?

This aspect of staff training can include decisions about the waiting room (e.g., choice of reading material and/or toys; use of background music or white sound; decisions about decor), as well as consideration of who will be responsible for monitoring and maintaining that space.  It can also include discussion of staff-patient interactions that occur in the waiting room (e.g., staff responses to patient complaints; staff intervention if patients or others create excessive noise or use cellphones in a manner that intrudes on others).

This section of staff training can also include discussion of how to respond to patient’s questions or comments, and how to deal with patients’ friendship overtures.  (This would overlap with the topic, “Boundaries and Dual Relationships” below)  Examples of training topics might include the following:

When is silence the best answer?  Patients sometimes ask questions that staff should not answer (e.g., questions about another patient; questions about their clinician’s private life; questions staff have not been authorized to answer about a clinician’s schedule or office hours, etc.).  Staff should not attempt to give any answer to such questions.  If they are uncomfortable remaining silent, they may simply say, “I am not able to answer that question,” with no further explanation and no apology. In other words, sometimes providing any answer can create a breach of confidentiality about another patient or invade the privacy of the clinician.  However, the clinician may want staff to let him/her know that the patient was making such inquiries.

When is “I don’t know” the right answer?  Sometimes patients ask an appropriate question, but the staff member doesn’t know the answer (e.g., “Will my insurance cover mental health services if I receive them in my home instead of here at the office?”).  Unless completely sure of the answer to such questions, it is important that staff say “I don’t know” rather than trying to guess at the answer.  Sometimes such questions can have important clinical implications, or can raise privacy issues, so there may be categories of questions that the patient’s clinician will instructed staff never to try to answer.  Clinicians vary in their policies about this, but staff are never wrong to refer the patient to the clinician for an answer. In other words, since providing a wrong answer may cause clinical, financial, or practical complications later, it is always safer for staff to be instructed to simply refer such questions to the clinician.

When should staff refer questions or concerns to the patient’s clinician?  Staff should always be free to refer the patient’s question to his/her clinician if they are unsure about whether it is appropriate to grant a request, or to answer a question.  Staff should refuse to agree to be a patient’s “messenger” or to “play middleman” (e.g., “Please tell Dr. Jones I said he should change the magazines in his waiting room;” or “Can you please convince Dr. Jones that I need to be seen more often?”).  Staff should be instructed to note such questions, comments, or requests, and report them to the clinician later, but it is not appropriate for staff to agree to advocate on the patient’s behalf about such requests.

General Office Procedures in the Setting

Policies differ greatly across mental health settings.  For this reason, even the personnel who have previously worked in other mental health sites should be required to attend the ethics-based training, because it teaches how professional ethical standards will be upheld through the policies in this specific setting. For the training, and for later reference, staff members should be provided with a written copy of the office policies, including those described in the sections below, so that the specifics can be discussed together.

Training Vignette #1:

Environment & Office Procedures

 

In each of the situations below:

What ethical or legal issues might apply?

What office policy issues might apply?

How should staff respond?

1. The local sheriff walks into the clinic waiting room, hands a subpoena to the nearest staff member, and says, “This is for Dr. Jones.  Please sign here.”

2. The part-time billing clerk works in the open clerical space adjoining the waiting room and often must consult with other staff about patient information relevant to her billing tasks. She has a loud voice that can probably be heard by waiting patients.

3. When the new patient, Mr. Parent, comes for his weekly individual therapy sessions, he brings his two young children and leaves them in the waiting room where other patients are waiting for their therapy sessions.  The children usually play fairly quietly, but today they seem restless and noisy and “all over the room.”

Privacy & Confidentiality

Within the context of a mental health setting, patient “privacy” has to do with “the patient’s right to be protected from visibility, access, or intrusion by others — the right not to be public” (Fisher, 2013, p. 7).  Patient privacy can be protected through such things as discrete office arrangements and by sound barriers that prevent voices from being heard outside a therapy room.

“Confidentiality” is a narrower concept that relates to the privacy of information.  In the Ethics Codes for each mental health profession, patient confidentiality is protected by a confidentiality rule (or non-disclosure rule) requiring that no information about patients will be disclosed without their consent. The ACA Ethics Code stipulates that “Counselors make every effort to ensure that privacy and confidentiality of patients are maintained by subordinates, including employees, supervisees, students, clerical assistants, and volunteers” (ACA, 2014, Ethical Standard B.3.a).  The APA Record Keeping Guidelines (APA, 2007) further emphasize the need to “educate employees about confidentiality requirements” (p. 997).  Knapp (2002) described the importance of staff training for preventing accidental breaches of confidentiality; and Barnett and Klimik (2012) recommend that “psychologists should train staff to protect client confidentiality, oversee their performance, . . . and give feedback as needed to remediate any misunderstandings” (p. 434). Although there are some exceptions to the ethical rule of confidentiality, it must be the clinicians – not the non-clinical staff — who determine when those exceptions will apply in their setting.

In addition to these ethical requirements about privacy and confidentiality, the federal HIPAA regulations have very detailed legal requirements about privacy and confidentiality (APA Corporate Relations and Business Strategy Staff, 2005).  However, as described in the Introduction above, it is important that legal-based HIPAAS training not be considered a substitute for ethics-based training about confidentiality. For example, the federal HIPAA regulations contain many mandates about confidentiality and privacy, but some of the disclosure policies that are legally allowed by HIPAA fall far below the disclosure standards required by the ethics codes of most mental health professions.

It is true that legal requirements sometimes overlap with psychologists’ ethical obligations. For example, some key HIPAA principles are consistent with confidentiality protections in the APA Ethics Code (Koocher & Keith-Spiegel, 2008); and some state licensing laws cite ethical standards, or incorporate specific professional obligations into law. However, there are also laws that can conflict with ethical standards (Donner, 2008; Knapp, Gottlieb, Berman, & Handelsman, 2007; Pope & Bajt, 1988). Ethics-based  training highlights both the ethical–legal overlaps and the potential ethical–legal  conflicts, helps staff understand the similarities and differences between ethical standards and laws, and helps psychologists prepare for the potential conflicts. (Fisher, 2009, p. 460).

For therapists of any profession, Fisher (2007) has provided sample confidentiality contracts that can be used for both clinical and non-clinical employees who might have access to patients and/or to protected confidential information about them. If non-compliance with the stipulated confidentiality requirements will be considered a basis for termination of employment, this should be stipulated in the contract.

             Protecting Patients’ Informed Consent Rights: Should nonclinical staff play a role in the initial informed consent process about confidentiality or other matters? Legal trainers may teach that, in the name of efficiency, non-clinical staff can satisfy the HIPAA requirement to inform prospective patients about limits of confidentiality by simply obtaining their signature on the HIPAA Notice of Privacy Practices at their first visit. This practice is not unethical in itself, but it would be unethical to treat it as a substitute for obtaining the patient’s truly informed consent to accept the potential risks created by the limits that may be imposed on confidentiality in your setting (Fisher, 2009).  Legally speaking, the purpose of signing the HIPAA Notice of Privacy Practices is simply to document that it was received. Ethically speaking, however, obtaining informed consent about the limits of confidentiality involves more than obtaining a signature on a form. Furthermore, most HIPAA notices are unintelligible to the average patient, and this does not meet the ethical requirement to that patients be informed in reasonably understandable language.

Some settings also give nonclinical staff the duty of informing prospective patients about certain other things at the initial visit, including fees, insurance, scheduling, clinician availability, scheduling, etc. The Center for Ethical Practice (2014) has provided a chart summarizing the many topics about which clinicians are ethically required to inform prospective patients when obtaining their consent for treatment. Again, assigning this task to non-clinical staff and having them obtain patients’ signatures on consent forms is not a substitute for a complete informed-consent discussion with a clinical person about such matters.

Although clinicians are not always in control of the setting’s intake policies, they can meet their ethical obligations by (a) providing specialized staff training about informed consent, and (b) beginning their own initial session by ensuring that the client was well informed before giving consent to receive services. This gives prospective clients “sufficient opportunity to ask questions and receive answers. Such conversations often raise clinical issues that nonclinical staff should not try to address. (Fisher, 2009, p. 461)

Finally, it is important for staff to understand that informed consent is an ongoing process, not a one-time event. For example, potential limits of confidentiality should be discussed not only at the outset of the relationship but also thereafter whenever circumstances may warrant. “The latter responsibility cannot be delegated to non-clinical staff, because such issues are best addressed when they arise, which will likely be during a private clinical session.

When it comes to patients’ informed consent rights and confidentiality, it is especially important not to focus primarily on legal compliance, but instead to use ethics-based training to place the legal regulations into ethical context.

To illustrate the difference between legal-based training and ethics-based training, we will use the first two examples below to contrast ethical requirements about confidentiality with the legal requirements in the federal HIPAA Regulations.

             Responding Ethically If Disclosure is Legally Demanded:  How should staff be trained to respond if presented with a subpoena or some other legal demand for confidential patient information? HIPAA training might teach non-clinical staff that a legal demand is a sufficient basis for disclosing information, even without patient consent. Legally speaking, this is sometimes true. Ethically speaking, however, the first order of business is to determine (a) whether disclosure is truly legally required (e.g., is a court-ordered disclosure, not simply a discovery subpoena) and (b) whether the legal demand conflicts with our ethical duties.  If so, mental health professionals are ethically required to attempt to resolve the ethical-legal conflict in a way that conforms to both law and to ethical practice. (See ACA Ethical Standard I.1.c, “Conflicts Between Ethics and Laws; APA Ethical Standard  1.02, “Conflict s Between Ethics and Law…”; and NASW Ethics Code “Purpose.”)

Even if the information is not legally protectable, nonclinical staff should not be responsible for deciding whether to disclose it. They should be trained to notify the patient’s clinician, who can use a structured decision-making process for deciding whether to “follow the law despite the ethical concerns” or whether “a conscientious objection is warranted” (Knapp et al., 2007, p. 54). Ethics-based training can instruct nonclinical staff on matters such as how to behave if someone delivers a subpoena, but clinicians themselves must be the ones who weigh the competing values (Behnke, 2001) and make the decision about whether to disclose.  If a patient declines to give consent for the release of legally demanded information, it may be possible to minimize the disclosure and sometimes the information can be protected completely (APA Committee on Legal Issues, 2006; APA Practice Organization, Legal and Regulatory Affairs Staff, 2008).

            Limiting “Voluntary” Disclosures to the Extent Legally Possible:  May employees voluntarily disclose information without patient consent as long as the disclosure is legally allowed? Law-based training sometimes suggests that if a disclosure is allowed by law, then patient authorization is not required. This has broad implications: HIPAA allows disclosures without patient authorization for such wide-ranging purposes as “treatment, payment and health care operations activities” (HIPAA, 45 C.F.R.§164.506), which includes disclosing information to any other providers who are working with the patient.  Some state laws also allow similarly broad disclosures without patient consent.

Ethically speaking, however, voluntarily disclosing information without client consent in the absence of a legal requirement constitutes a breach of confidentiality.  This raises ethical issues very different from those raised by legally required disclosures. Whereas a legal requirement can create a true ethical/legal conflict . . . a voluntary disclosure involves no ethical/legal conflict at all. There is thus a vital ethical difference between legally mandated disclosures (which can be legally compelled regardless of whether a client gives consent) and those merely legally allowed (which you remain free not to make, and for which a client remains free not to give consent).” (Fisher, 2009, p., emphasis added).

Ethics-based training would therefore teach that “legally allowed” may not be synonymous with “ethically appropriate” and that the non-clinical staff person is not qualified to make that determination..

             Protecting Confidentiality With Protocols for Use of Electronic Technology: [The following protocols are taken from Fisher, M.A. (2014).  Providing Ethical-Legal Training for Non-Clinical Staff in Mental Health SettingsCharlottesville, VA, The Center for Ethical Practice]

Ethical mandates about usage of electronic technology are expanding.  In the latest Ethics Code for Counselors, an entire section is devoted to the topic of “Distance Counseling, Technology, and Social Media” (ACA, 2014, Section H).  State laws and regulations about technology are also expanding, although most of the legal mandates about use of technology are still found primarily in the federal HIPAA regulations.

The training about confidentiality should include instructions to staff about how to assure security of patient information in the use of electronic technology, including computers, FAX machines, photocopiers, telephones, etc.   This will both support the ethically required confidentiality standards in clinician’s Ethics Codes while also conforming to the legally required regulations in the HIPAA Security Rule and Technology Rule.

The protocols should be setting-specific.  However, the training manual Providing Ethical-Legal Training for Non-Clinical Staff in Mental Health Settings (Fisher, 2014) contains samples of detailed protocols that could be adapted for training purposes in any setting.

For example, regarding email, the guidelines such as the following might apply.

(1.)  Transmit no identifiable patient information via email unless explicitly authorized to so do by a clinician in a specific case.

(2.)  Use office computers only for official business.  Send or receive personal email on office computers only if so authorized.

(3.)  Double-check the destination address, and include a confidentiality message in the “signature” at the bottom of each sent message.

(4.)  Remember that e-mail messages, once sent, can be copied, printed, or forwarded by the recipient.  Monitor the content and tone of everything you have written before hitting “SEND.”

[NOTE: Many of the recommendations below for use of FAX machines would also apply to email.]

The same manual (Fisher, 2014) also contains a sample list of recommendations for use of FAX for transmitting patient-identifiable information.

(1.)  Everything FAXed from this office contains the “return address” for our office.  You should obtain permission before using the FAX machine for your personal use, and you should FAX nothing that would compromise, or would reflect negatively upon, this office.

(2.) The FAX machine used for sending patient information is located in a secure area that remains inaccessible by any individual who has not signed our Confidentiality Contract.  The area (or the machine) should be locked when the FAX machine is unattended.

(3.)  A FAXed document containing patient information should be accompanied by our cover sheet that includes language clearly outlining the confidential nature of the information being faxed and provides a warning to any recipient who is not authorized to have access to that information:

The information contained in this facsimile message is privileged, confidential, and only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this message in error, please immediately notify us by telephone and return the original message to us at the address listed above via the US Postal Service. Thank you for your cooperation.

(4.)  Some FAXed documents containing patient information (e.g., copies of patient records; summaries of patients’ treatment) should also contain the following notation.

The person who receives this information may not re-disclose it to anyone else without the patient’s further separate written consent, unless such recipient is a provider who makes a disclosure required or permitted by law.

(5.)  In order to reduce dialing errors as much as possible, we have pre-programmed some frequently-dialed numbers into the FAX machine.  You should use those whenever available, in order to prevent patient information being erroneously sent to an unauthorized third party.

(6.)  If you become aware that you have erroneously sent patient information via FAX to an unauthorized third party, contact the clinician immediately.

(7.)  When possible and appropriate, advise the recipient that the information is being sent “now.”  This is especially if you know that the receiving FAX machine is shared with others; or if you believe the receiving FAX machine is located in an open, unsecured area.  When possible and appropriate, follow up with the intended recipient to verify that the FAX was received there.

(8.)  Immediately remove any identifiable confidential information that may have been automatically saved inside the FAX machine records, unless that is password-protected.  If a record of the transmission is needed, print it, file it in a secure place in paper form, then delete the record from the machine so that others may not obtain access.

(9.)  After FAXing, do not use an open trash can to discard papers that contain patient information.  File or shred.  Destroy or return to owner any confidential papers left on the machine by others.

Finally, from the same source (Fisher, 2014) there are extensive recommendations about the use of computers that contain patient-identifiable information. As with the above recommendations, these would apply to all personnel in the setting who have access to the electronic equipment, whether employees, students, volunteers, or others.

(1.)  If your job description or other assigned duties require you to use our computers, you will be given a password, which will be changed periodically.  Your use of the computer should be limited to the tasks required for your assigned duties.  Do not give out your password to anyone else.  Do not use your password to give someone else access to the computer without specific authorization in a specific instance.

(2.) Computers containing patient information should remain inaccessible to unauthorized individuals. [As required by HIPAA Regulations, they are both password-protected and kept in a room that is locked when no one is in attendance, in order to adequately prohibit access to protected health information files by unauthorized individuals.]

(3.) Do not attempt to obtain access to information you are not authorized to see or use.  [re illegal in some states under “computer invasion of privacy” laws.]

(4.)  Position the computer in such a direction that the screen is not visible to patients or visitors to the office.

(5.)  When you are not sitting at the computer, exit from any files containing patient information, so those files will not be visible on or accessible from the screen without your password.

(6.)  Copy no patient information onto CD or other computer storage disk except during authorized backup procedures, in which case the backup information will be stored securely according to established office security procedures.

(7.)  Copy no patient information from our computer, or from other records, onto your own personal laptop or computer storage disks.

(8.) Remove no computerized patient information from this office, either on laptop or on disk, without specific authorization.  This includes information that you intend to use for working from your home or elsewhere

(9.) Transmit no patient information to any location outside this office unless specifically authorized to do so, or unless this is a specified part of your job description (e.g., sending electronic reimbursement claims to third party payers).

(10.) When connected to the Internet, our firewall protection software helps protect the computers, and thus individuals’ health information files, from being accessed by unauthorized individuals through their Internet connection.  However, we request that you close the internet connection whenever your work does not immediately require internet access, in order to further reduce that danger.

(11.) For transmitting patient information, our computers are equipped with encryption software [as required by HIPAA Regulations].  If you are authorized to transmit information, confirm that the individuals authorized to receive it at the point of termination have the necessary software.  Make sure that files are password-protected prior to transfer and that individuals authorized to receive the files at the point of termination have password access to those files.

Training Vignettes #2:

Privacy & Confidentiality

 

In each of the situations below:

What ethical or legal issues might apply?

What office policy issues might apply?

How should staff respond?

 

1. A staff employee for a private practice knows that Dr. Handy is seeing a new patient today named Mary Doe, but she knows nothing else about the patient.  Half-way through the hour, a young man comes in, looks into the waiting room and asks, “Is Mary Doe done with her appointment?”

2. A secretary in a therapy clinic receives a phone call from a man stating that he has lost the appointment card for his daughter, Jane Jones, whose name the secretary recognizes as Dr. Smith’s new teenage patient.  The caller asks to know the time of her next appointment.

3. A man claiming to be a taxi driver enters the waiting room at 2:55, saying he was told to pick up a Susie Smith from this office at 3 PM. The receptionist does not recognize the name, but s/he knows that one of the clinicians is in session with a new walk-in patient.

4. A secretary who is using the photocopier discovers that a previous user has left confidential patient material on the machine.

5. A billing clerk requests permission to take home some CDs containing patient information in order to work on them at home using her family computer.

Boundaries and Dual Relationships

It can be important to define these two concepts, because they overlap and are often treated as if they were almost synonymous. For training purposes, it can be helpful to conceptualize boundaries as “where we must draw the line” and to conceptualize dual relationships as “wearing more than one hat with the same person.”  Dual relationships become ethically problematic when the two relationships require different boundaries.

Mental health professionals have Ethical Standards regarding boundaries and dual relationships with their patients.  Practitioners can expect non-clinical staff members to also monitor their relationships with patients in order to avoid unnecessary complications.

  • The NASW Ethics Code stipulates that Social Workers “should take reasonable steps to ensure that the working environment for which they are responsible is consistent with and encourages compliance with the NASW Code of Ethics” and “should take reasonable steps to eliminate any conditions in their organizations that violate, interfere with, or discourage compliance with the Code” (NASW, 2008, Ethical Standard 3.07d).
  • The APA Ethics Code requires that Psychologists who delegate work to employees “take reasonable steps to avoid delegating such work to persons who have a multiple relationship with those being served that would likely lead to exploitation or loss of objectivity” (APA, 2002, Ethical Standard 2.05)

Training Vignettes #3

Boundaries & Dual Relationships

 

For each of the vignettes below:

What ethical or legal issues might apply?

What office policy issues might apply?

How should staff members respond?

 

1. Mrs. Busy, a long-term therapy patient of Dr. Weary, has recently been arriving earlier and earlier for her therapy appointments, explaining that she wants to “beat the traffic.”  She likes to strike up detailed conversations with the office staff while she waits (e.g., sharing pictures of her children and grandchildren, talking about her recent medical problems, complaining about her neighbors). Today, she brought some elegant home-baked cookies to share with the staff.

2. Mr. Romantic is a patient in individual therapy in a mental health clinic.  He has been flirting with the receptionist and has now told her that he plans to ask her out soon for dinner and a movie.

3. Mrs. Fragile has arrived for her first individual therapy appointment in a private group practice.  The receptionist who hands her the initial intake paperwork immediately realizes that they are next-door neighbors.  It is not clear whether Mrs. Fragile recognizes the receptionist yet.

Billing and Third Party Reimbursement

Mental health professionals have Ethical Standards about billing and reimbursement.  Among these is the ethical requirement to obtain the patient’s informed consent before disclosing information to others for reimbursement purposes.  Obtaining informed consent requires more than simply obtaining the patient’s signature on a form.  It means that patients must be given the opportunity to make the decision about whether or not to seek third party reimbursement only after they have first been informed about the implications of that decision. The clinician will have this discussion with patients and, where appropriate, will obtain their consent to submit claims.  It is therefore important that non-clinical staff send no information to third parties until specifically so authorized by the clinician. 

Even though the third party payer is providing reimbursement to us with the patient’s consent, we have no ethical basis for releasing any further information about the patient, beyond what is necessary for obtaining that reimbursement.  In other words, the fact that someone is paying the bill does not, in itself, entitle them to information about the patient without the patient’s explicit consent.  This would apply to any adult patient, whether the third party payer is an insurance company or a family member.

It is also ethically important that the information sent to third party payers be accurate.  If staff have any questions about billing codes, or about the accuracy of the information they are about to submit, they should be trained to consult the clinician and request a review before sending or transmitting a claim for reimbursement.

When billing for reimbursement for services to adult patients, the same Ethical Standards would apply whether the third party is an insurance company, a family member, referring agency, or other entity:

Counselors:. . . disclose information to third-party payers only when clients have authorized such disclosure” (ACA Ethical Standard B.3.d., Third Party Payers).

Psychologists. . . take reasonable steps to ensure the accurate reporting of the nature of the service provided or research conducted, the fees, charges, or payments, and where applicable, the identity of the provider, the findings, and the diagnosis” (APA Ethical Standard 6.06, Accuracy in Reports to Payors and Funding Sources).

Social Workers “. . . should not disclose confidential information to third-party payers unless clients have authorized such disclosure” (NASW Ethical Standard 1.07, Privacy and Confidentiality).  And “. . . should establish and maintain billing practices that accurately reflect the nature and extent of services provided and that identify who provided the service in the practice setting. (NASW Ethical Standard 3.05, Billing).

 Patient Access to Records

Patients sometimes request copies of their own records.  Some state laws, as well as the federal HIPAA regulations, give patients the legal right to obtain that information.  However, under certain circumstances, a patient’s request may need to be refused.  For example, there may be a potential for the patient to respond to what is in the record by harming him/herself or someone else.  In multiple-client cases, as in couple or family cases, there can also be legal guidelines that govern who has a legal right to the record.

In such cases, there are legal requirements that determine when and how refusals of patient access to records must be carried out. Non-clinical staff do not have the authority to make that determination.  Patients’ requests for copies of their own records should therefore always be referred to the clinician who treats (or who previously treated) that patient.

Training Vignette #4:

Patient Access to Records

 

In the situation below:

What ethical and/or legal issues might apply?

What should the secretary say/do?

Would the answer change if patient said why she needed the record?

Would the answer be different for couple or family therapy?

Would the answer be different if this were a current patient?

 

1.  Mrs. Ready was previously seen in individual therapy by Dr. Slow.  She comes to the office and tells the secretary that she needs a copy of her record of previous therapy.  She states, “Dr. Slow promised he would send it to me last week, but I haven’t received it and I need it today.  I am just going to wait here while it is being photocopied.”

Other Policies With Ethical and/or Legal Implications

            Operating Within Your Specified Job Description:   In general, it is helpful for staff to notice things that need doing, and to be willing to do them even if it is not formally required by their job description.  This cooperative attitude should be applauded and encouraged in all general office activities.  However, staff should not engage in activities that reach beyond their job description without authorization from a supervisor if the extra activity involves interactions with patients (e.g., completing intake forms) or electronic transmission of patient information (e.g., FAXing claim forms), or if it allows access to more extensive patient information than is allowed in their job description (e.g., reading patient records).

Whether or not the job description requires a staff member to with patients, a patient may initiate interactions with a staff member by asking a question or making a request.  (See above.) Regardless of  job description, staff members should ordinarily not offer advice to patients, even if asked.  This would include personal advice about life decisions, over-the-counter remedies, nutrition/diet issues, etc., since such advice might mistakenly be taken as (or reported to be representative of) the official advice from this office. Staff members should be trained to be polite but to decline to offer advice on such matters and to return to their usual duties.  If, in spite of their non-response, such patient requests persist, staff should notify that patient’s clinician.

Staff might be provided with the following general guidelines:

  • Your job performance should be evaluated on the basis of clearly stated criteria and expectations. If your job description is unclear, request that it be clarified.
  • If your job description contains activities for which you have not been trained or do not feel qualified, request that they be deleted or that you receive the necessary training.
  • You should engage in no clinically-based activities (e.g., testing; intake interviewing, etc.) without specific training and explicit clinician approval and supervision. If asked to do otherwise, discuss your concerns with the clinician or supervisor.
  • Do not take on extra activities outside your job description without authorization, especially if they involve an increased level of interaction with patients or confidential information. For example, if your job description allows access only to certain limited information about our patients, you should not engage in unauthorized activities that provide access to more extensive patient information, unless so instructed.

             Monitoring Ethical Behavior in the Setting: The task of maintaining an appropriate atmosphere, and of upholding ethical policies and procedures, requires the cooperation of all personnel in the setting — clinical and non-clinical; full-time or part-time; employee or volunteer; student, intern, or supervisee.  All staff might be trained to respond as follows:

  • If you have questions about any of the ethical standards, legal requirements, or general policies to be followed in this office, you should feel free to seek answers or clarify areas of confusion with your supervisor or the appropriate clinician at any time.
  • If you have suggestions about ways to improve the atmosphere in this mental health office, or ways in which patients’ rights might be better protected, please relay them to your supervisor and/or the appropriate clinician.
  • If you believe there has been an invasion of a patient’s privacy, or a breach of confidentiality, whether intentional or unintentional, whether by you or by someone else, please bring that to the attention of your supervisor and/or the appropriate clinician or HIPAA Privacy Officer.

IV. Are Policies and Expectations Clear? Written?

Obviously, the first step in creating clear expectations for staff behavior will be to develop specific policies about topics such as those described in all the above sections.  (See APA Corporate Relations and Business Strategy Staff, 2005).  Staff should be presented with copies of clear written policies during the ethics-based training.  Barnett & Klimik (2012) recommend that mental health care providers should keep copies of their general policies in a central location, update them regularly, and review them with all staff periodically.    .

V. Who Will Take Responsibility?

             Who Will Provide the Training? A clinical person within each mental health setting can be assigned to make sure ethics-based training happens regularly.  Whether or not they take responsibility for conducting the training themselves, this clinical person should ensure that the primary trainer is a mental health professional.  If the training involves legal material, then there might be a need for an attorney co-trainer. However, the clinician trainer should have the primary role and should take responsibility for clarifying the ethical implications of any state or federal laws presented by the attorney.  In other words, attorneys are experts about laws, and their participation may be necessary for presenting material that has prominent legal content (including HIPAA), mental health professionals must serve as the experts about their own ethical standards, retaining responsibility for placing the laws into ethical context.

The ethical-legal interface can become especially complicated in the training sections related to confidentiality.  It is recommended that for those portions of the training, attorney co-trainers can be provided in advance with the Ethical Practice Model provided by Fisher (2008; 2013).  That Model outlines ethical responsibilities in a way that helps place legal responsibilities into ethical context.  The annotated version of the Model is on the website of the Center for Ethical Practice (2010).

            Will You Pool Resources?  Clinicians often complain of isolation.  Although some of the ethics-based training described here must be specific to policies within each setting, mental health professionals can collaborate with peers in planning for such staff training.  Since there is little or no ethics disagreement across professional lines in the topics described above, collaborative multidisciplinary training can be possible about the general topics, and this can then be followed by brief follow ups in separate settings to clarify specific policies where those might differ.

Collaboration in training can also help foster collegial relationships that will be useful when confronting later ethical or ethical-legal dilemmas.  (See Fisher, 2013, Chapter 13.)

VI. SUMMARY RECOMMENDATIONS

On the basis of the ethical and legal considerations described above, mental health care providers might apply the following principles when planning ethics-based staff training:

(1) Create clear written policies that both conform to your Ethics Code and meet the legal requirements that apply in your setting.  If your policies are vague, unclear, or inconsistent, so will be the training.

(2) Ethics-based training can extend beyond the topics in your Ethics Code. Although it covers most situations, it is not exhaustive, and you should cover all policies in your setting that are designed to protect patients’ rights

(3) Maintain an ethical focus. On topics that have both ethical and legal content, it is recommended that Ethical Standards be presented first, with legal requirements then discussed within that ethical context (Fisher, 2009, p. 464).

(4) Do not treat attorney-led training on any topic as a substitute for ethics training on that topic. For example, if staff receives law-based HIPAA training elsewhere, the ethical implications can be clarified in the confidentiality section of the ethics-based training. Alternatively, an attorney familiar with mental health law might be invited to co-train about confidentiality and privacy, which would allow on-the-spot opportunities to place the legal requirements into ethical context and to maintain a focus on ethics (i.e., protection of patients) rather than on legal compliance, risk-management and self-protection.

(5) Remember that staff training is not a one-time thing.  Updates and refresher training are recommended, and staff meetings can address ethical issues whenever they arise in the setting.

(6) Invite all personnel to attend this training.  This can include clinical and nonclinical staff, interns, students, and volunteers.  “Inappropriate behavior by anyone in the setting can harm a patient or reflect badly on the profession. Further specialized ethics training and ethical consultation can also be available to clinical staff, students, and supervisees, as needed” (Fisher, 2009, p. 465).

(7) Assess staff understanding.  Use oral or written examinations, administered immediately after the training and repeated annually, or during job performance evaluations. Certificates can document staff completion of training. (See sample at Fisher, 2007.)

(8) Encourage self-monitoring.  It requires the attention of everyone in the setting, because all must share responsibility for maintaining a culture of safety (Knapp & VandeCreek, 2006).  Assure staff that there will be no retaliation for calling attention to areas of ethical concern or alerting you to ethical breaches in the workplace.

(9) Consider asking all personnel — clinical and nonclinical — to sign a confidentiality contract or a more general ethics contract. (See sample in Fisher, 2007.) This signing can be repeated annually, or as appropriate, to emphasize its importance and to reflect any changes in policy or laws.

VII. Sample Staff Training Manual – Outline

Below is the outline of a sample staff training manual, adapted from Appendix VIII in Fisher (2013).  This outline would need to be adapted to each setting.  For example, under the topic of “Privacy and Confidentiality,” details about “Policies” might be different in each setting.

Sample Table of Contents for Ethics-Based Staff Training Manual
in an Outpatient Mental Health Setting

  1. Guiding Principles
  2. Environment
  3. Informed Consent
    1. Ethical Standards Requiring Informed Consent
    2. Legal Requirements and Implications (state laws; HIPAA)
    3. Our Policies Protecting Patients’ Informed Consent Rights
      1. Obtaining Initial Informed Consent Before Providing Services
      2. Obtaining Informed Consent Before Disclosing Information
      3. Conducting Ongoing Informed Consent Conversations
  4. Privacy and Confidentiality
    1. Ethical Standards About Confidentiality
    2. Legal Requirements About Confidentiality (state laws; HIPAA)
    3. Ethical & Legal Consequences of Unethical/Unlawful Disclosures
    4. Policies Protecting Privacy & Confidentiality In This Setting
      1. Protecting Patient’s Right to Privacy While In Our Office
      2. Protecting Patient’s Right to Confidentiality (Non-Disclosure)
        • Rule: Disclose Information Only With Patient Consent
          1. Policies: Handling Requests for Information
          2. Handling Telephone Interactions
        • Rule: Protect Confidentiality in Storing, Transmitting, & Disposing of Information
          1. Policies: Using Computer, Copier, FAX, E-Mail;
          2. Transporting Data Outside the Office
          3. Shredding
      3. Responding to Legal Demands
        • Rule: Disclose Only if Legally Required
          1. Policies:Refer Subpoena, Attorney, to Clinician
  5. Relationships With Patients
    1. Ethical Standards About Boundaries & Dual Relationships
    2. Legal Implications of Patient Relationships
    3. Our Policies About Relationships with Patients
  6. Billing and Third Party Reimbursement
    1. Ethical Standards Related to Billing & Reimbursement
    2. Legal Requirements and Limitations
    3. Policies re Staff Responsibilities (Billing, Claims Transmission, etc.)
  7. Other Policies With Ethical and/or Legal Implications
    1. Maintaining Competence and Remaining Within Job Description
    2. Understanding Procedures in Non-Clinical Emergencies (e.g., computer failure; flood; etc.)
    3. Maintaining a “Culture of Safety” — Monitoring Ethical Compliance in the Workplace
  8. Demonstrating Understanding and Signing Ethics Contracts

 

OPTIONAL: APPENDIX TO TRAINING MANUAL

Ethics Codes of the Mental Health Professionals in the Setting

Summaries of Relevant Legal Requirements (state laws; HIPAA)

Sample Documents (e.g., Certificate Documenting Completion of Training; Confidentiality Contract)

[Outline Adapted from Appendix VIII in Fisher, 2013)

 

REFERENCES

American Counseling Association (2014). ACA Code of Ethics. Alexandria, VA, Author.  Retrieved from http://www.counseling.org/docs/ethics/2014-aca-code-of-ethics.pdf?sfvrsn=4

American Psychological Association (2010). Ethical Principles of Psychologists and Code of Conduct (2002, amended 2010).  Washington D.C., Author.  Retrieved from http://www.apa.org/ethics/code/index.aspx

American Psychological Association Corporate Relations and Business Strategy Staff (2005, March 29).  Put it in writing:  Your office policies and procedures.  Online for members of APA Practice Directorate at http://www.apapractice.org/apo/insider/practice/pracmanage/business_strategies/policy.GenericArticle.Single.articleLink.GenericArticle.Single.file.tmp/Download_Office_Policies_article.pdf

American Psychological Association Legal and Regulatory Affairs and Technology Policy and Projects Staffs (2005).  Contingency planning:  Do you know what HIPAA requires?  Retrieved from http://www.apapractice.org/apo/insider/hipaa_reg/hipaa/hipaa_security_rule/contingency.html

Barnett, J. E. & Klimik, L (2012). Ethics and business issues in psychology practice. In Knapp, S. J.; Gottlieb, M. C.; Handelsman, M. M.; & VandeCreek, L.D. (Eds), APA handbook of ethics in psychology, Vol 1: Moral foundations and common themes. (pp. 433-451). Washington, DC, US: American Psychological Association,  doi: 10.1037/13271-017

Barnett, J.E., Zimmerman, J. & Walfish, S.  (2014). The Ethics of Private Practice:  A Practical Guide for Mental Health Clinicians. N.Y., Oxford University Press.

Bennett, B.E., Bricklin, P.M., Harris, E., Knapp, S. VandeCreek, L., & Younggren, J.N. (2006). Assessing and Managing Risk in Psychological Practice: An Individualized Approach.  Rockville, MD, American Psychological Association Insurance Trust.

Center for Ethical Practice (2010). Ethical Practice Model (Annotated).  Retrieved from             http://www.centerforethicalpractice.org/EthicalPracticeModelAnnotated

Center for Ethical Practice (2014).  Ethical Responsibilities About Informed Consent.  Retrieved from  http://www.centerforethicalpractice.org/informedconsentchart

Donner, M. B. (2008). Unbalancing confidentiality. Professional Psychology: Research and Practice, 39, 369–372. DOI: 10.1037/0735-7028.39.3.369

Fisher, M.A. (2007).  Staff training:  Sample contracts, checklists, and documentation.  Retrieved from http://www.centerforethicalpractice.org/staff-training

Fisher, M.A. (2008b). Protecting confidentiality rights:  The need for an ethical practice model. American Psychologist, 63, 1-13. DOI: 10.1037/0003-066X.63.1.1  (Online in html at http://www.centerforethicalpractice.org/articles/articles-mary-alice-fisher/protecting-confidentiality-rights/)

Fisher, M.A. (2009). Ethics-based training for non-clinical staff in mental health settings.  Professional Psychology: Research and Practice, 40, 459-466. doi:  10.1037/a0016642 (Online in html at http://www.centerforethicalpractice.org/ethics-based-training-for-non-clinical-staff/

Fisher, M.A. (2012). Confidentiality and Record Keeping. Chapter 13 in S. Knapp,  M. Gottlieb, M. Handelsman, & L. VandeCreek (Eds.) APA Ethics Handbook for Psychologists(pp. 333-375).  Washington DC: American Psychological Association. DOI: 10.1037/13271-013.

Fisher, M.A. (2013).  The Ethics of Conditional ConfidentialityA Practice Model for Mental Health Professionals. New York, Oxford University Press.  ISBN13: 9780199752201

Fisher, M.A. (2014).  Providing Ethical-Legal Training for Non-Clinical Staff in Mental Health SettingsCharlottesville, VA, The Center for Ethical Practice.

Fisher, M.A. (Pending – Under contract with APA Publishing as of 2014)  Can You Keep A Secret?     Ethics Checklists For Psychotherapists Who Place Limits on Confidentiality.

Fisher, M.A. (2014). Ethics-Based Training for Non-Clinical Staff in Mental Health Settings. The Center for Ethical Practice, Inc., 934 East Jefferson Street, Charlottesville VA 22902. www.CenterForEthicalPractice.org  [This manual can be ordered at http://www.centerforethicalpractice.org/ce-home-study/home-study-manuals-tests/.]

Health Insurance Portability and Accountability Act of 1996 (HIPAA). Pub. L. No. 104–191, 104th Cong. (1996). [See as USDHHS regulations at http://www.hhs.gov/ocr/privacy]

Knapp, S. (undated). Responsibilities of HIPAA Privacy Officers.  Retrieved from http://www.apadiv31.org/Coop/HIPAAPrivacyOfficers.pdf

Knapp, S. (undated) : What Should Your Employees Know About Confidentiality?   A HIPAA Training Guide.  Retrieved from http://www.apadiv31.org/Coop/WhatShouldYourEmployeesKnowAboutConfidentiality.pdf

Knapp, S., Gottlieb, M., Berman, J., & Handelsman, M.M. (2007). When laws and ethics collide:  What should psychologists do? Professional Psychology: Research and Practice, 38, 54-59. DOI: 10.1037/0735-7028.38.1.54

Knapp, S. J., & VandeCreek, L.D. (2006). Practical ethics for psychologists: A positive approach. Washington, D.C., American Psychological Association Woody, R.H. (2000). Risk management and office personnel.  Florida Psychologist, 51(1).

Koocher, G.P., & Keith-Spiegel, P. (2008). Ethics in Psychology and the Mental Health Professions: Professional Standards and Cases (3rd ed.).  N.Y., Oxford University Press.

National Association of Social Workers (2008). Code of Ethics.  Washington D.C., Author Retrieved from http://www.socialworkers.org/pubs/code/code.asp

Pope, K.S. & Bajt, T.R. (1988). When laws and values conflict: A dilemma for psychologists. American Psychologist, 43, 828-829.

Woody, R.H. (2000). Risk management and office personnel.  Florida Psychologist, 51(1).

 

(© 2016), Mary Alice Fisher, Ph.D.

 


Portions of this course were adapted from Chapter 13, “Ethics-Based Staff Training About Confidentiality” in the book, The Ethics of Conditional Confidentiality, published by Oxford University Press in 2013. This course is also based on the manual Providing Ethical-Legal Training for Non-Clinical Staff in Mental Health Settings published by The Center for Ethical Practice in 2014. That staff training manual addresses additional areas and provides further resources. To order that staff training manual please follow this link for more information.


Purchase Test Now >

Print This Page Print This Page