Because I am a big ol'
dork technophile, I am working on a project for my professional organization (US-based) regarding therapist use of technology, and just what the ethics that pertain thereto should be.
So I wanted to solicit your opinions.
About therapist use of text messages, i.e. SMS and MMS. Read on, if interested.
Do you think therapists should use text messages with their clients? Like at all?
There are therapists who don't and think therapists shouldn't. I am a therapist who does use text messaging; think text messaging, while it has risks and challenges, is invaluable to coordinating with clients. If a client is running late, if they need to get a hold of me at a time I am seeing other clients or on the road, I vastly prefer an SMS to a call. I can check texts much faster than listen to voice mail; I can't freely respond vocally to calls coming in from clients when I'm in public, say on the bus ride in.
Also, I have used text to send URLs to clients, including in session. Particularly clients who don't have email, but have smart phones. If they ask me for a referral to, say, a psychiatrist or a couples counselor, I can send them a link to the professional's website.
One of the problems with this is that most text messaging is insecure. There are things like Signal, but it requires the client to also have a smart phone and also be able/willing to install Signal on it, and use it correctly. No use for people on feature phones.
More fundamentally, Signal is not secure against a kind of idiocy I've already encountered twice in the wild with my own patients: patients lending their phones to third parties, and giving the third parties the passwords.
I've had the experience of texting an appointment reminder to a client's phone, getting back a confirmation, and then, when the client doesn't show up and I call them, finding out that at the time I texted the client, the phone had been in the custody of the client's adolescent daughter. Thank goodness I didn't say anything more substantive.
Unlike the situation where a patient of mine who was being physically abused texted me about what was going on, and I exhorted them to get to safety, and their abuser snatched the phone out of their hands and saw who they were texting with and what I had said. Yeah, that also happened.
The failure modes, where confidentiality is concerned, of text messaging can be pretty epic.
One of the issues is that a lot of thought about therapists and text messaging revolves around the idea, "Well, it's okay, so long as nobody says anything substantive and personal in text message, since it's generaly unencrypted. But discussing what time to book an appointment is fine."
As I point out above, encryption only goes so far, anyways. But there's two other problems.
First there's the assumption that if patients aren't discussing Super Private Therapy Contents Disclosures in text – if they're just saying they're running late – that that isn't highly confidential information.
The fact that someone is a therapist's patient is highly confidential information (even though it is widely, especially by healthcare IT, not treated as such!) If someone is stalking a patient, their knowing who the patient's therapist is allows them to identify a location where the patient is likely to go; if someone knows when their regular appointments are, e.g. "Tuesday at 4pm", they know a time to be there to accost, harass, or assault the client. That combination can get somebody killed.
Furthermore, the only way a client can prevent their therapist from being subpoenaed, in any of the (entire too many) circumstances in which it is legal to subpoena a therapist to force the therapist to testify to the detriment of their client (e.g. discrediting the client as a witness), is to prevent third parties who might want to do that from finding out who their therapist is.
Past text messages from one's therapist thereby present an attack surface – admittedly a modest one – whereby that information could be acquired by antagonists. We can imagine a scenario in which one spouse who intends to divorce the other and engage in a custody battle for their children (in MA we can be subpoenaed in custody disputes) gets a look at the other spouse's cell phone and learns the identity of their spouses therapist – and handing that info to their laywer.
That's one problem. Another problem is how on earth is a therapist to keep patients from divulging Super Confidential Therapy Disclosure Material in text message?
I mean, sure, you can ask nicely. But let's be clear: on one of my very first days on the job at the clinic that hired me fresh out of grad school, a patient who had previously met with me once, announced to the entire damned waiting room when I came to fetch her for her appointment, "OH THANK GOODNESS, SIDEREA, I'VE BEEN FEELING LIKE KILLING MYSELF ALL DAY." Patients, man, they will do – and say – the damnest things under the damnedest circumstances. Including in text message. And we have no way to stop them.
And I'm not even convinced that we should try.
I once had a patient text me that she was actively suicidal and very agitated. The patient was phone phobic - that's why she used text message all but exclusively. She was, unsurprisingly, unwilling to take a voice call. She was an hour away by car, not at her home, by the side of some random road where she had pulled over to cry; I had no idea where to send emergency responders to find her. I spent an hour texting with her, de-escalating her and engaging her in safety planning. It's generally widely understood among therapists that doing therapy in text message is terrible because of the lack of encryption and security. My alternative was... what? Telling her to call 911 and refusing to respond to further text messages? Telling her that if she didn't speak to me by voice, I wouldn't talk to her? Sounds like dicing with her life, to me.
There are those – one of my bosses leaps to mind – who would tell me that I should never have given a patient a text-capable number at all, for exactly this reason. That if the patient had never been given a way to text me, I would never have been in that situation. Indeed, that is true. And what situation would the patient have been in? She would still have been crying at the side of the road, planning on killing herself, only without a way to reach out to someone she trusts.
I actually like what happened better than that scenario. I would actually much prefer my patients reach out to me if they feel they're a danger to themselves. I prefer to be given the opportunity to try to keep them alive.
So I'm pretty philosophical about the supposed distinction between using text messaging just for coordinating treatment and using text messaging for Important Personal Confidential Therapy Disclosures. I figure that the moment you (a therapist) give your client a phone number, you have forfeited the only control you had over how that client uses it, which was to forbid them using it all together by keeping it secret from them. The day you give your cell number to a client is the day you sign up to be texted, later on down the road, "Hey, feeling suicidal here".
And, further, I think taking the line, "Oh, well, you can't help what the patients do, but therapists are responsible for telling patients not to transmit personal disclosures in an unencrypted medium", is at odds with patient safety as in the above situation.
So it seems to me that it really boils down to something quite binary: either a therapist is using texting with a client or they aren't. Differentiating how they're using it (how they think they're using it) with that client doesn't really doesn't pragmatically matter.
Right now, there are in various states (jurisdictions) and in some therapists' ethical codes (per their professional organizations official Codes of Ethics) rules that if a therapist texts with a patient they have to somehow print out those text messages and put them in the patient's chart (clinical file). Or if the chart is digital, cut and paste them in somehow.
And this is true even if it's just, "Hey, running 5 min late, traffic."
As far as I know, none of you who are not therapists know that therapists do this.
In fairness, approximately 100% of the therapists I personally know, including myself, to whom such rules apply and who use text messaging with patients, fail to do this. In fact, I bet a bunch of you who are therapists don't know about this, either, much less do it.
Some ethical codes and some law/regulations say we (or some of us) are required to do this. But completely aside from what is ethically or legally required of therapists, it is in the best interests of therapists to do this.
This is called "risk prevention" and what it means is prevention (or rather mitigation) of legal risks to the therapist. Should the therapist ever be hauled up on the stand in court – or before their licensure board – the last thing the therapist wants is for a patient or other plaintiff to have a complete record of every SMS conversation with the therapist and the therapist not to.
You can imagine a situation in which a therapist is being accused by a patient's survivors of failing to provide appropriate care to a suicidal patient who subsequently killed themselves, in which the therapist's responses to the patient's texted requests for appointments were entered as evidence in the suit. That's not something the therapist and their legal team want to be surprised by in open court. Worse, if the therapist didn't retain their own original copies for legal reference, well, if the plaintiffs altered or faked any of that proposed evidence to make the therapist look negligent, how would the therapist catch them?
It's in the best interests of therapists to do this – but that's not at all the same as in the best interests of the patients.
We have other rules and other parts of our ethical codes, which minimize the records we keep. For instance, the code of my org specifies that if recordings are made of a therapy session, they are destroyed promptly after their intended use – because hanging on to those things just increases the risk that they'll be subpoenaed or stolen, or otherwise the confidentiality of the recorded sessions is breeched.
Of course, such a recording could be exonerating of a therapist facing a civil suit or a challenge to their license - the logic under which keeping text messages in the client chart is a good idea for the therapist. But we don't allow it in the case of recordings of sessions. Contrariwise, we not only allow it, we mandate it, in the case of SMS.
There is a conflict of principles here. We (as a profession) recognize that unnecessary keeping recordings of therapy sessions is an unacceptable risk to our clients, so forbids it; however we require the keeping of what amount to be transcripts of text message conversations, whole, in the record, which could be a similar risk to the client.
(Now, there's an obvious distinction here which I think doesn't actually matter: the example of recordings of sessions is different from text messages because (presumably) the recordings are of the therapy and presumably contain highly confidential personal disclosures of precisely the sort therapist-patient legal privilege is supposed to protect, while text messages (presumably) only contain at most logistical, coordinative information about the therapy and does not (presumably) have highly confidential disclosures in it. I already addressed that above, in part ii. We could say that therapists are only required to keep the verbatim text record of conversations when it doesn't contain personal disclosures – that therapists are required to store only the texts that ostensibly aren't clinically significant, but then why are we doing this?)
I am somewhat skeeved out by the realization that therapists are (if any are actually in compliance here) storing what amount transcripts of conversations with clients – those via text message – without clients knowing or being informed that those communications are being stored. I don't know that it's occurred to any therapists that this is something that requires Informed Consent, I don't know that any therapists are doing Informed Consent about the storage of text message conversations, I don't know that any therapists are asking patients to sign that they consent to it; I don't think the public at large know that this is a thing, so we can't assume that members of the public would just reasonably surmise this is a thing that happens in the ordinary course of therapy (like we do assume about note-taking).
Do you think therapists should be required to keep all text messages with a client in the client's chart? Or forbidden to? Or only some? Or... what? What do you think the rules and the norms around this should be?
ETA: Ah, I knew I was forgetting something! Two somethings:
One of the wrinkles here is that it's not necessarily possible to get the text messages off a phone. I have a Motorola Razr V3xx from the depths of time, and damned if I can figure out how to get text messages off it. I can get my photos and other files off by syncing, but apparently not my text messages. Even if I could, it only really stores incoming messages (to me) not outgoing messages (from me); it has a very small buffer for the latter, and autodeletes them rapidly.
If therapists have some ethical responsibility to preserve text messages to patient charts, does that mean therapists can only engage in text message conversation from phones (or other text systems) which support downloading the whole conversation? Do therapists have an ehtical responsibility to only have certain cell phones? Or to use a text message service which facilitates this sort of archiving?
Which brings us to...
Nobody has a HIPAA BAA with their cell phone company. But the cell phone company/ies involved – yours (you being a therapist), the client's – may have some record of the text messages sent between you. I'm unclear on how long ATT (my cell company) keeps the full contents of text messages around, but they keep the metadata on calls – and maybe text messages? – for months. I know this because I got my call records from ATT on an occasion to help me sort of the timeline of some patient calls and calls with related collaterals.
Similarly, nobody has a HIPAA BAA with Twilio or Google Voice or any other technological system they might be running text messages over. These systems may also keep records of text messages – I seem to recall Twilio keeps whole text messages approximately forever, or at least as long as you keep your account paid up? The implication would be that if you're using a text message system built on top of Twilio, whoever runs that system can log into their Twilio account and read back through ever text message ever sent across their system. (I'll try to check on this.)
(I've thought of developing a text message system for clinics, built on Twilio, so they could have patients contact the clinic via text message, for all the reasons text message accessibility is good for patients.)
If these records exist, well, they can be subpoenaed.
If somebody tries to subpoena a therapist, the first thing the therapist is supposed to do is call their malpractice insurance company and ask to speak to a lawyer, because there are ways to fight this, and we are supposed to try to fight against being coerced into breaking patient confidentiality.
ATT is just going to roll over and divulge the records. There is no phone company that won't. Google and Twilio have no interest in protecting therapist-patient privilege, and they're not going to suddenly stand up for that principle by counterproposing an in camerata review. They're just going to sing on command.
Also, if the records exist, they could be compromised illegally, too. Spearfishing, key loggers, inside jobs, even social engineering to commandeer either the patient's or the therapist's telephone account. (I wonder if text-message repositories of relevant companies have been targetted for inside-job thefts the way credit card numbers and email addresses and passwords and SSNs have been, and whether such compilations of text messages are sold on the black market.)