Attorney Articles | Emailing Your Client Legal and Ethical Implications

Articles by Legal Department Staff

The Legal Department articles are not intended to serve as legal advice and are offered for educational purposes only. The information provided should not be used as a substitute for independent legal advice and it is not intended to address every situation that could potentially arise. Please be aware that laws, regulations and technical standards change over time. As a result, it is important to verify and update any reference or information that is provided in the article.

Emailing Your Client Legal and Ethical Implications

While no California law prohibits e-mail communications between a therapist and a client, it is important for therapists to consider the legal and ethical ramifications pertaining to this issue.

by Ann Tran-Lien, J.D.
Staff Attorney
The Therapist
May/June 2012

These days it is easier than ever to access e-mail given the availability of computers and smart phones. As a result, therapists are increasingly communicating with their clients via e-mail and, are being routinely asked by their clients “Can I e-mail you?” While no California law prohibits e-mail communications between a therapist and a client, it is important for therapists to consider the legal and ethical ramifications pertaining to this issue.

How are e-mails used in the typical therapy practice? Many therapists prefer to limit e-mail communications with clients to appointment scheduling and other administrative purposes, such as sending billing information, transmitting scanned forms for clients’ review, and sending referrals. Others utilize e-mails to exchange communications of a clinical nature with clients, for instance, following up in between sessions and clarifying instructions for “homework.” In addition, a number of therapists have also provided some form of therapy services to clients through e-mail, and in some situations, in conjunction with other modes of telehealth services, such as videoconferencing or online chatting.

Disclosure Statement About E-Mail Use
Therapists who wish to exchange e-mails with their clients should consider providing clients with a statement (perhaps included in the Informed Consent or Disclosure Statement) that details the therapist’s guidelines and limitations on the use of e-mail, potential risks to confidentiality, and expected turnaround time.

Confidentiality and HIPAA
A therapist has the legal and ethical obligation to preserve client confidentiality and take reasonable steps to ensure that client confidential information is protected. E-mails exchanged between therapist and client are confidential and should be reasonably maintained in a manner that protects the privacy of the communication. If you are e-mailing your clients, providing services electronically, or storing records in electronic form, it is recommended that you password-protect your computer, consider purchasing an encryption software, install firewalls and anti-virus software, and change your e-mail account password on a regular basis to guard from unauthorized access. Encryption software, firewalls, and anti-virus software are widely available.

It is important to note that e-mailing your clients, storing electronic records, and providing services electronically are not “covered transactions” under HIPAA. Accordingly, these practices alone will not render you a “covered entity” that must be in compliance with HIPAA. In short, you are a covered entity if you conduct certain financial and administrative transactions electronically, such as submitting claims to a health plan through the plan’s website.1 To determine if you are a covered entity, or to read more about covered entities, see David Jensen’s article, “To Be or Not To Be a Covered Entity: That is the Question” (The Therapist, March/April 2003).

If you are a covered entity, you should be aware of the Security Rule and the HITECH Act. See David Jensen’s articles: “HIPAA Overview of the Security Standards” (The Therapist, September/October 2003) and “President Obama Extends HIPAA’s Reach and Alters the Health Care Landscape” (The Therapist, July/August 2009).

Psychotherapist-Patient Privilege
California law provides that an electronic communication between a patient and a psychotherapist is protected by the psychotherapist-patient privilege, and “does not lose its privileged character for the sole reason that is communicated by electronic means.”2 Also, the communication is still protected by the psychotherapist-patient privilege even if people who are involved in the delivery, facilitation, or storage of the electronic communication (for example, the e-mail server) may have access to the content of the communication. The term “electronic” is defined as “technology having electrical, digital, magnetic, wireless, optical, electromagnetic, or similar capabilities.”3 Consequently, you should assert the psychotherapist-patient privilege on behalf of your client when information pertaining to those communications are sought to be disclosed without the appropriate authorization or court order.

Depending on what was shared in an e-mail correspondence, that e-mail may be considered a part of the clinical record. If a client is simply e-mailing to schedule an appointment, a notation may be made in the therapist’s appointment books, or in the client’s record and the e-mail be deleted, without the need to print the e-mail out to be placed in the client record. On the other hand, if substantive clinical information is exchanged via e-mail, this is arguably something that should be included in the client record. It is recommended that, unless you keep electronic files, the e-mail should be printed out, placed in the client record, and deleted from your inbox. If you keep electronic files, you should save a copy in your client’s file on your computer. Keeping client’s clinical information in your e-mail inbox is inadvisable for privacy and security reasons. Your e-mail account is at risk for being hacked at any time, thus it would be wise to diligently remove clinical information from your inbox to lessen the risk of unauthorized access to confidential information. Furthermore, it is important to note that the CAMFT Code of Ethics requires therapists to maintain client records consistent with sound, clinical practice, whether written, taped, or computerized.4

CAMFT Code of Ethics The CAMFT Code of Ethics provides guiding principles to ensure therapists are cognizant of the ethical concerns associated with electronic communications with clients. The following provisions from the Code of Ethics are pertinent to this issue:

Part I, Section 1.4.2 Electronic Therapy: When patients are not physically present (e.g., therapy by telephone or Internet) during the provision of therapy, marriage and family therapists take extra precautions to meet their responsibilities to patients. Prior to utilizing electronic therapy, marriage and family therapists consider the appropriateness and suitability of this therapeutic modality to the patient’s needs. When therapy occurs by electronic means, marriage and family therapists inform patients of the potential risks, consequences, and benefits, including but not limited to, issues of confidentiality, clinical limitations, transmission difficulties, and ability to respond to emergencies. Marriage and family therapists ensure that such therapy complies with the informed consent requirements of the California Telemedicine Act.5

Part I, Section 2.3 Electronic Media: Marriage and family therapists are aware of the possible adverse effects of technological changes with respect to the dissemination of patient information, and take care when disclosing such information. Marriage and family therapists are also aware of the limitations regarding confidential transmission by Internet or electronic media and take care when transmitting or receiving such information via these mediums.

Part I, Section 3.11 Electronic Services: Marriage and family therapists provide services by Internet or other electronic media to patients located only in jurisdictions where the therapist may lawfully provide such services.

The AMA Guidelines The American Medical Association (AMA) has established guidelines for physicians who choose to utilize e-mail for patients and medical practice communications. These guidelines may be helpful to therapists who communicate, or desire to communicate, with clients via e-mail or other electronic means. A few of the guidelines are as follows:

  • Establish turnaround time for messages and exercise caution when using e-mail for urgent matters;
  • Inform patients about privacy issues;
  • Whenever possible and appropriate, physicians should retain electronic and/or paper copies of e-mails communications with patients;
  • Establish type of transactions and sensitivity of subject matter permitted over e-mail;
  • Instruct patients to put the category of transaction in the subject line of the message for filtering: prescription, appointment, medical advice, billing question;
  • Maintain a mailing list of patients, but do not send group mailings where recipients are visible to each other. Use blind copy feature in software;
  • When e-mail messages become too lengthy or the correspondence is prolonged, notify patients to come in to discuss or call them;
  • Never forward patient-identifiable information to a third party without the patient’s express permission;
  • Develop a patient-clinician agreement for the informed consent for the use of e-mail;
  • Describe security mechanisms in place.

For a complete list of the guidelines, visit the AMA website at

Some Helpful Tips The following are some helpful tips for the general use of e-mail with your clients:

  • Keep in mind that anything you send via e-mail to your clients ultimately ends up in their possession and may be shared with third parties anytime at their discretion. What you write in these e-mails can be used against you if there is a legal dispute between you and the client. Therefore, take time to review your e-mail correspondences with your clients and be comfortable with what you have written before you send.
  • Always double check the “To” field to verify that you are sending the e-mail to the correct recipient(s). You can breach a client’s confidentiality if e-mail containing client information is sent to the wrong recipient.
  • Consider including a confidentiality disclaimer in the content of your e-mails. Although it’s not guaranteed that this practice will protect you from liability, it demonstrates due diligence in taking reasonable steps to protect confidential information. A confidentiality disclaimer provides notice to the recipient that the information contained in the e-mail is confidential, and should not be shared without express authorization from the sender. It also gives notice to unintended recipients that the information was not meant for them and that immediate action to permanently delete the e-mail is requested.
  • Due to the possibility of e-mail hacking, it’s recommended that you change the password to your e-mail account on a regular basis.
  • It’s good practice to log out of your e-mail account and close the web browser after each access.
  • Refrain from e-mailing your clients on a public computer for privacy and security reasons.

To conclude, communicating with your clients via e-mail can be done, but careful consideration should be given to the guidelines and relevant legal and ethical issues.

Ann Tran-Lien, JD, is a staff attorney for CAMFT. Ann is available to answer member calls regarding business, legal, and ethical issues.


1. 45 C.F.R. 164.104.
2. Cal. Penal Code § 917(b).
3. Cal. Civil Code § 1633.2(e).
4. CAMFT Code of Ethics, Part I, Section 3.3.
5. AB415 changed the name of the “Telemedicine Act” to “Telehealth Advancement Act of 2011