ERK4499 - SECTION 5: THE COMMUNICATION ADDENDUM TO THE STATEMENT OF INFORMED CONSENT
Section 5: The Communication Addendum to the Statement of Informed Consent
The Health Insurance Portability and Accountability Act (HIPAA) was enacted into law in 1996, establishing important guidelines for the maintenance of privacy and confidentiality for Protected Health Information (PHI). In the years since implementation of this legislation, there has been an enormous explosion in electronic modes of communication (e-communication), including ways that people may communicate that were not fully anticipated when HIPAA was being written.
The legislative response to this explosion in e-communication at the federal level included two important updates to HIPAA. The first update, known as the HI-TECH Act was passed in 2009 and implemented in 2010. (It is variously called the HI-TECH Act, the HI-TECH Act of 2009 and the HI-TECH Act of 2010). The second important update is known as the Final Omnibus Rule of March 2013. These two updates provided important clarification to what is expected of health professionals when it comes to the sending, receiving and storing of e-communications containing PHI.
There are a few key complications in this area of practice. While it creates an amazing level of convenience to be able to have contact between clinicians and their clients via email, texting, chatting, and video teleconferencing, as well as the capacity to store patient records electronically and bill insurance companies electronically, there are also increased risks for breaches in the patient’s private health information. Many forms of e-communication are not fully secure in ways that adequately prevent breaches – unless the clinician has put into place specific security protections. These two pieces of Federal Legislation directly address what some of these precautions need to be and provide some guidance about how to implement them.
For an excellent source for reviewing these important pieces of legislation, please check out the following website:
www.hipaasurvivalguide.com
However, even if a conscientious clinician fully implements all the steps necessary to create a secure environment for all e-communications in ways that create full HIPAA compliance, a very important practical problem remains. Many clients will not want to use them when they communicate with the clinician. Each increase in communication security is accompanied by a decrease in how convenient it is to communicate, and the inconvenience is often something that the client does not want to experience.
For example, technology currently exists allowing a clinician to send an email to a client using high-level encryption technology that prevents any party who intercepts the email from being able to open it in a readable format. Only a person who has the correct password to open the email will be able to see the email as it was written. The inconvenience increases significantly because additional steps are required to get the correct password to the client, who then needs to enter the password to open the email. Clients frequently resist these extra steps, preferring the simplicity of using emails with their clinicians in the same easy format as emails with all of their other contacts.
Under the HI-TECH Act, there are provisions that acknowledge and address this preference on the part of clients. In short, the patient retains the right to determine how PHI is handled, and if the patient prefers the convenience of unencrypted emails (and most will) over the additional security (and extra steps) of encrypted email, the clinician may use the more convenient option. Likewise, if the patient is comfortable with other modes of communication over less secure and private networks such as texting and conversations over unencrypted cell phone networks, then the patient may give permission to the clinician to engage in those kinds of e-communications.
This is very similar in nature to the right of the client to give the clinician permission to release information from the client record to an outside party. The clinician formalizes this permission through the use of a form to denote that such permission has been granted using a release of information form.
The Communication Addendum to the Informed Consent Agreement is a form that has been designed to clarify which modes of e-communication may be utilized to communicate with clients using more convenient, but less secure, technologies. Like any aspect of the informed consent process, this form should be covered thoroughly with the client, not simply provided to the client so as to secure his/her signature. There are cases for which breaches in information can be dangerous to the life and safety of the client (e.g., domestic violence cases) and clinicians may be held liable if they do not adequately inform their clients of those risks prior to agreeing to the use of less secure modes of communication.
For instance, there are technological devices called IMSI Catchers that permit the user to track the location of cell phones, intercept text messages and listen in on cell phone conversations. There are also applications (Apps) that can serve the same purposes, and can be secretly loaded onto clients’ cell phones without clients’ awareness. For clinicians who work with high risk cases, these problems must be known and discussed with clients carefully, so that an adequate level of communication security can be agreed to and achieved.
For other cases, the clinician should hold a detailed conversation with the client to explore risks – and the client’s comfort level with assuming those risks – using the Communication Addendum as a structured format to look at the ways that e-communication should be employed in the treatment relationship.
This form is presented below.
Communication Addendum to the Informed Consent Agreement
Secure and private communication cannot be fully assured utilizing cell/smart phone or regular email technologies. It is the client’s right to determine whether communication using non-secure technologies may be permitted and under what circumstances. Use of any non-secure technologies to contact Jane Q. Clinician, LCSW will be considered to imply consent to return messages to client via the same non-secure technology, pending further clarification from client. Please check below which modes of communication are permitted and which are not permitted. This consent may be altered at any time should circumstances or preferences change.
In the event that client chooses not to allow non-secure modes of communication, contact will only be made via wire to wire phone, wire to wire fax, or mail.
Voice communication via client’s cell/smart phone for:
Scheduling appointments ___Permitted ___Not permitted
Appointment reminders ___Permitted ___Not permitted
Between session contact ___Permitted ___Not permitted
Voice communication from Jane Q. Clinician’s cell/smart phone for:
Scheduling appointments ___Permitted ___Not permitted
Appointment reminders ___Permitted ___Not permitted
Between session contact ___Permitted ___Not permitted
Fax communication via client’s non-secure fax or E-fax for:
Scheduling appointments ___Permitted ___Not permitted
Appointment reminders ___Permitted ___Not permitted
Between session contact ___Permitted ___Not permitted
If permitted, list permitted fax number(s):
Text communication, including with attachments, via client’s cell/smart phone for:
Scheduling appointments ___Permitted ___Not permitted
Appointment reminders ___Permitted ___Not permitted
Between session contact ___Permitted ___Not permitted
Text communication from Jane Q. Clinician’s cell/smart phone for:
Scheduling appointments ___Permitted ___Not permitted
Appointment reminders ___Permitted ___Not permitted
Between session contact ___Permitted ___Not permitted
Contact via the client’s email, including with attachments, for:
Scheduling appointments ___Permitted ___Not permitted
Appointment reminders ___Permitted ___Not permitted
Between session contact ___Permitted ___Not permitted
If permitted, list permitted email address(es): ________________
Teleconferencing based communication via client’s platform for:
Scheduling appointments ___Permitted ___Not permitted
Appointment reminders ___Permitted ___Not permitted
Between session contact ___Permitted ___Not permittedIf permitted, list permitted portal site(s):
Teleconferencing based communication from Jane Q. Clinician’s platform for:
Scheduling appointments ___Permitted ___Not permitted
Appointment reminders ___Permitted ___Not permitted
Between session contact ___Permitted ___Not permitted
If permitted, list permitted portal site(s): ______________
Statement of Validation.
I have read this Statement of Services, it has been adequately explained to me, and I understand its contents.
By Client(s)
________________ ________________ ________
Print Name Here Sign Here Date
________________ ________________ ________
Print Name Here Sign Here Date
________________ ________________ ________
Print Name Here Sign Here Date
________________ ________________ ________
Print Name Here Sign Here Date
By Jane Q. Clinician
________________ ________________ ________
Print Name Here Sign Here Date