Electronic service delivery is defined in paragraph (EE) of rule 4757-3-01 of the Administrative Code. Licensees are reminded that standards of ethical practice and professional conduct rules 4757-5-01 to 4757-5-12 of the Administrative Code apply to electronic service delivery.
(A) These standards govern the practice of electronic service delivery and address practices that are unique to electronic service delivery and electronic service delivery practitioners.
(1) All practitioners providing counseling, social work or marriage and family therapy via electronic service delivery to persons physically present in Ohio shall be licensed in Ohio.
(2) All licensees of this board providing services to clients outside the state of Ohio shall comply with the laws and rules of that jurisdiction.
(3) Licensees shall provide only electronic services for which they are qualified by education, training, and experience.Licensees shall assume responsibility to continually assess both their professional and technical competence when providing electronic services. This includes ensuring that all methods of delivering services are compliant with commonly accepted standards of technology safety and security at the time at which services are rendered.
(4) Licensees shall screen potential distance service clients for appropriateness to receive services via distance methods, which includes considering their current mental and emotional status. Licensee shall screen the client's technological capabilities as part of the intake process. Therapists shall acknowledge power dynamics when working with a family or group with differing levels of technological competence. These considerations shall be documented in the records.
(5) Licensees shall be aware of cultural differences and how they can affect non-verbal cues. Electronic service delivery methods should be appropriate to the client's cultural experiences and environment, and shall also be sensitive to audio/visual impairment and cognitive impairment.
(6) Licensee shall regularly review whether electronic service delivery is meeting the goals of therapy.
(7) Electronic service delivery shall require an initial face-to-face meeting, which may be via video/audio electronically, to verify the identity of the electronic service delivery client. At that meeting steps shall be taken to address impostor concerns, such as by establishing passwords or phrases to identify the client in future electronic contacts.
(8) Licensees shall identify an appropriately trained professional who can provide local assistance, including crisis intervention, if needed. Licensees shall provide electronic service delivery clients the local crisis hotline telephone number and the local emergency mental health telephone number.
(9) Licensees shall retain copies of all written therapeutically relevant communication with clients, to include emails, texts, instant messages, and chat history. Records. Such records should be maintained for a minimum of seven years.
(10) Licensees must maintain records in accordance with rule 4757-5-09 of the Administrative Code.
(B) Informed consent shall include information defining electronic service delivery as practiced by the licensee and the potential risks and ethical considerations per paragraph (B) of rule 4757-5-02 of the Administrative Code.
(1) Clients shall be given sufficient opportunity to ask questions and receive answers about electronic service delivery. These discussions should be documented in the client record.
(2) Informed consent should include the risks of entering private information when using a public access computer, or one that is on a shared network, and caution against using auto-fill user names and passwords. Clients should be advised to consider employer policies related to use of work computers for personal communication.
(3) Informed consent shall include the associated needs of delivery method, for example owning a computer with the correct capabilities or internet access, possibility of technology failure and what the procedure is in the event that services are disrupted, anticipated response time to electronic communication, alternative service deliveries, and electronic communication between scheduled appointments and after normal working hours.
(4) Informed consent should include a discussion of how electronic service delivery may affect billing and access to insurance benefits.
(5) Licensees shall obtain written permission prior to recording any part of the electronic service delivery session. If licensees are storing audiovisual data from sessions, these cannot be released to clients unless the client authorization specifically states they are to be released.
(6) Licensees shall obtain client consent when using electronic search engines to gather information about the client, except in emergency circumstances when such searches may provide information to help protect the client or other parties who may be at risk. The licensee must document the rationale for conducting any electronic search and why it is not harmful to the client.
(7) Licensees shall provide links to websites for all of their certification bodies and licensure boards to facilitate consumer protection. Licensees shall provide a link to the board online license verification site on their web page.
(8) Licensees shall obtain written informed consent.
(9) Licensees shall not provide services without client signed informed consent.
(C) Confidentiality in electronic service delivery and records maintainence shall be maintained by the licensee.
(1) Licensees shall use encryption methods that are Health Insurance Portability and Accountability Act of 1996 compliant for electronic service delivery, except for treatment reminders, scheduling contacts or other information provided outside of a therapeutic context .
Clients may waive encryption via informed consent. Licensees must ensure clients understand the risk of non-encrypted communications.
(2) Licensees shall develop and disclose policies for notifying clients as soon as possible of any breach of confidential information.
(3) Licensees shall create a policy for the secure storage, recovery, and destruction of data, as well as the technologies used to store, maintain, and transmit data.