Recommended Practices for School-Based Psychotherapists Part II:
The Application of California Law, HIPAA and Ethical Codes in School-Based Therapy Programs
by Michael Griffin, JD, LCSW
Staff Attorney
The Therapist
March/April 2018
Updated November, 2022 by Sara Jasper, JD, CAE (CAMFT Staff Attorney) 

---

This article is Part II of a three-part series entitled Practice Guidelines for School-Based Psychotherapists. In the March/ April, 2017 issue of The Therapist, Part I of this series discussed the Family Educational Rights and Privacy Act (FERPA)¹ and its application to school-based psychotherapists.²  This article discusses the application of the Health Insurance Portability and Accountability Act (HIPAA), California laws and professional ethical codes to school based practice, and Part III of the series (in this issue), applies the principles discussed in Part I and Part II to a variety of common scenarios. 

As discussed in Part I, FERPA applies to education records which are created and maintained by schools (public or private), that receive funding from the U.S. Department of Education, and which are directly related to the student.³  FERPA does not apply to records which are kept in sole possession of the maker and which are not accessible or revealed to any other person, including records which were created and maintained for the purpose of documenting confidential mental health treatment.⁴  Records which are maintained by mental health providers who are either contracted or employed with the school district to provide mental health treatment to students, could not therefore, be shared with any other person or entity unless the disclosure was permitted by the applicable provisions of (HIPAA), state laws and professional ethical codes. 

Overview of HIPAA 
HIPAA was passed for the purpose of establishing national security and privacy standards for the protection of private health information.⁵  While HIPAA is comprised of many components, the following discussion is intended as an overview of selected key elements of the law.⁶ 

Covered Entities 
HIPAA only applies to individuals and organizations which qualify as “covered entities” under the law. A covered entity is defined as: 1) a health plan; 2) a healthcare clearinghouse; or, 3) a health care provider who transmits health information in electronic form in connection with certain administrative and financial transactions, also known as “covered transactions.”7 Covered transactions include, but are not limited to, billing a health plan electronically; checking a client’s eligibility and health benefits via the health plan’s website; and receiving confidential client information from health plans via e-mail. Merely e-mailing clients, storing client records electronically, or providing therapy services electronically are not “covered transactions” under HIPAA, and such transactions do not qualify the provider as a “covered entity.” Most schools are not HIPAA covered entities as they do not engage in one or more of these covered transactions. However, some school-based mental health treatment programs may elect to voluntarily comply with HIPAA, and this article provides an overview of relevant requirements. 

Business Associates 
If a HIPAA-covered entity engages a person or other business entity to perform certain functions or activities that involve the use or disclosure of protected health information on behalf of the covered entity, the third party is known as a “business associate.” In such instances, the covered entity must have a Business Associate Agreement (“BAA”) with the third party. A BAA must describe what the business associate has been contracted to do, and it must require the business associate to comply with HIPAA. 

The HIPAA Privacy Rule 
One of the core components of HIPAA is known as the “Privacy Rule.” The HIPAA Privacy Rule requires covered entities to protect individuals’ private health information (“PHI”), by requiring appropriate safeguards to protect client’s privacy, and defines conditions which govern the uses and disclosures of PHI without client authorization.8  The Privacy Rule provides the following six rights: 

1. The right to request restrictions on certain uses and disclosures of their PHI 
2. The right to receive confidential communications from health care providers 
3. The right to inspect and receive a copy of their PHI 
4. The right to receive an accounting of disclosures of their PHI 
5. The right to amend their PHI, and 
6. The right to receive a paper copy of the provider’s Notice of Privacy Practices 

Notice of Privacy Practices 
Under the Privacy Rule, providers who are covered entities must provide their clients with a written Notice of Privacy Practices (Notice). The Notice must describe how a client’s PHI is protected under the Privacy Rule, be written in plain language, and contain information as to how the provider will use and disclose the client’s PHI. The Notice must also describe the rights that clients have with respect to their PHI, including how they may obtain access to such information, specify when a client’s PHI may be used or disclosed without the client’s consent or authorization, describe the permitted uses and disclosures of PHI, (such as for purposes of payment and health care operations), and provide the name of a contact person to request additional information, or to file a complaint. Clients must be provided with a document which serves as an “acknowledgment of receipt of privacy practices,” and a copy of the privacy practices must be posted in public view on the provider’s business premises.9 

The HIPAA Security Standards 
The Security Standards require covered entities to protect the confidentiality, integrity, and availability of any electronically stored, protected health information (EPHI) that the covered entity creates, receives, maintains, or transmits. This means that the covered entity is expected to protect against any reasonably anticipated threats or hazards to the security or integrity of the EPHI and to protect against any reasonably anticipated uses or disclosures of EPHI that is not allowed or required by HIPAA. ¹⁰ 

Covered entities must also provide for appropriate authorization and supervision of workforce members who work with EPHI, implement policies and procedures for authorizing access to EPHI which allow only authorized persons to access such information, and, adopt reasonable and appropriate policies and procedures to comply with the Security Rule.¹¹ 

Access to Records: California Law 
Clients who consent to their own health care have a corresponding right of access to their health care record.¹²  Parents and guardians also have a right of access to their children’s health care records unless their children are legally authorized to inspect their own records.¹³  This means that, in circumstances where the minor is authorized to provide his or her consent to treatment under one of California’s minor consent laws, (discussed later in this article), the minor would control access to the treatment record. A provider may also decline to provide access to the minor’s records under certain circumstances. Pursuant to Health & Safety Code, §123115 (a) “The representative of a minor (such as a parent or guardian) shall not be entitled to inspect or obtain copies of the minor's patient records in either of the following circumstances: (1) With respect to which the minor has a right of inspection under Section 123110. (2) Where the health care provider determines that access to the patient records requested by the representative would have a detrimental effect on the provider's professional relationship with the minor patient or the minor's physical safety or psychological well-being.” ¹⁴ 

HIPAA defers to California law regarding access to minor’s health records 
Covered entities must comply with state law, in addition to HIPAA, (where applicable). Consequently, state and federal law may both apply to a given circumstance, such as when a client requests a copy of, his or her treatment record. As a general rule, the applicable federal law, such as HIPAA, takes precedence over relevant state law. However, when the provisions of state law are stricter than the federal law, the state law must be followed. In addition, in some circumstances, federal law may defer to state law on a given issue. For example, the HIPAA Privacy Rule defers to California law when it comes to parent’s access to minor’s health care records. This means that the above-described provisions of Health & Safety Code, §123115 (a), (concerning the release of minor’s records in response to a request by a parent (or the parent’s representative), are applicable to minor’s records in California, even when services have been provided by a HIPAA-covered entity. 

Confidentiality 
All mental health clients^{15 16}  are entitled to confidentiality, the parameters of which are defined under various sections of state and federal law,¹⁷  and by the ethical standards provided by professional associations such as the California Association of Marriage and Family Therapists (CAMFT).  ^{18 19}  Providers are expected to be familiar with, and to comply with, the provisions of any law or ethical standard which applies to the treatment of a client. 

Minors and Confidentiality 
Under California law, the “Confidentiality of Medical Information Act,” codified in section 56.10 of the Civil Code, states: “A provider shall not disclose medical information regarding a client of the provider...”²⁰  The CAMFT Code of Ethics similarly provides that a therapist may not release confidential information in the absence of an authorization, unless otherwise mandated or permitted by law.²¹ 

In the absence of a legally mandated disclosure, or in a circumstance where disclosure is permitted under the law, a therapist is not permitted to reveal the specific content of his or her communications with a client, including a minor client, without the client’s permission as required under Civil Code §56.11.  ^{22 23}  Examples of legally mandated disclosures include instances of suspected child, elder, or dependent adult abuse, or, when a psychotherapist is discharging his or her duty to contact law enforcement in circumstances involving a serious threat of physical violence against a reasonably identifiable victim.²⁴  Examples of permissible disclosures include the submission of a bill to a person who is responsible for payment, or, communications between health care professionals for purposes of diagnosis or treatment of a client.²⁵  A minor who is a mental health client has a corresponding expectation of privacy in his or her communications with the treating therapist. But confidentiality involving minors is not identical to that which applies to adult clients/clients. While this may seem to be contrary to the notion of confidentiality, the “standard of care” when treating minors is that therapists are generally expected to attempt to involve caretakers in the minor’s treatment.²⁶  In many circumstances, it would be difficult, if not impossible, for the therapist to maintain absolute confidentiality regarding the minor’s treatment, while concurrently involving the child’s parent(s) in the treatment. 

Psychotherapist-Patient Privilege²⁷ 
Confidential communications between a client and his or her psychotherapist, including the diagnosis made and any advice given to the client, is also protected from disclosure under the “psychotherapist-client privilege.”  ^{28 29}  Under California law, the psychotherapist who received or made a communication subject to the privilege must claim the privilege on behalf of the holder of the privilege (usually, the client), when the confidential communication is sought to be disclosed, unless he or she is authorized to release the confidential information being sought.³⁰ 

In California, a minor client is the holder of the psychotherapist-client privilege.³¹  A “guardian ad-litem” and/or “minor’s counsel” has the legal authority to assert or waive privilege on behalf of a minor and there are special rules concerning the application of the psychotherapist-client privilege to minors who are in placement.³² 

Program planning: Questions to consider regarding privilege 

1. Who is the custodian of the mental health treatment records kept apart from the education records? 
2. What is the process the therapist must follow when responding to the subpoena? 

Consent for Treatment of Minors 
When mental health counseling is sought for a minor, providers must clarify who has the authority to provide consent for treatment of the minor, prior to rendering services. Generally speaking, it is desirable to involve both parents in the treatment of a minor.33  In situations where the consent of both parents is not required, a provider should carefully consider the child’s needs, and the particular facts and circumstances of the request, when contemplating the possibility of providing treatment to the minor without the involvement of both parents. 

Basic rules for obtaining consent 

• If the minor’s parents are presently married, either parent may provide consent.³⁴ 
• If the minor’s biological parents were never married, either may provide consent.³⁵ 
• If the minor’s parents are divorced, the therapist must determine whether there is joint legal custody, or sole legal custody of the child. 
• In circumstances where one parent is the sole legal custodian, he or she alone may provide consent.³⁶ 
• If the parents have joint legal custody, their final custody order should be consulted to clarify their authority to consent to the minor’s health care. When there is joint legal custody, in the absence of specific language in the custody order, either parent may provide consent.^{37 38}  If the language of the custody order indicates that both parents must consent to health care decisions, the therapist should ask for the consent of both parents. In some instances, the custody order may require other conditions to be met prior to treatment of the minor. 
• If the minor resides with a relative who qualifies as an “authorized caregiver,” the relative may provide consent.³⁹  In this situation, the relative must complete a form entitled “caregiver authorization affidavit” (available in the Family Code, §6552), wherein the caregiver, who must be at least 18 years of age, states that the minor is living in his or her home, and that he or she has either contacted the minor’s parent(s) and received no objection to the intended treatment, or, that he or she is unable to locate the child’s parents. Qualified relatives include, but are not limited to: stepparents, siblings or stepsiblings, half-brothers or half-sisters, uncles, aunts, nieces, nephews and grandparents.⁴⁰ 
• A minor may provide consent for his or her treatment, under specified circumstances. Health and Safety Code, §124260, provides that a minor who is 12 years of age or older may consent to mental health treatment or counseling services if, in the opinion of the attending professional person, the minor is mature enough to participate intelligently in the mental health treatment or counseling services. Family Code, §6924 also permits a minor who is age 12 or older to consent to his or her outpatient mental health treatment if he or she, in the opinion of the attending professional person, is mature enough to participate intelligently in the outpatient services or residential shelter services, and he or she would present a danger of serious physical or mental harm to himself/herself or to others without the treatment, or, is the alleged victim of incest or child abuse. Under both Health & Safety Code §124260, and Family Code §6924, the treatment authorized must include involvement of the minor’s parent or guardian unless, in the opinion of the professional person who is treating or counseling the minor, such involvement would be inappropriate. The professional person who is treating or counseling the minor is required to state in the client record whether and when he or she attempted to contact the minor’s parent or guardian, and whether the attempt was successful or unsuccessful, or the reason why, in his or her opinion, it would be inappropriate to contact the minor’s parent or guardian. 
• A minor who is emancipated, married, or a member of the armed services may consent to his or her treatment.⁴¹ 

Program planning: Questions to consider regarding consent 

1. How does the school mental health program plan on obtaining consent to treat minors? Are consent forms sent home specifically with a minor who is requesting services, or are consent form sent home upon enrollment? 
2. Will the school mental health program allow therapists to treat minors under the “minor consent laws” (Health & Safety Code §124260 and/or Family Code §6924)? 

Recordkeeping/Storage 
Therapists are required to maintain clinical records, documenting the services which are rendered to the client. While treatment records may vary from setting to setting, there are fundamental requirements for providers: Under California law, treatment records must reflect the provider’s sound clinical judgment, standards of the profession, and the nature of the services being rendered.^{42 43} 

Relevant ethical standards express similar requirements regarding clinical documentation.  ^{44 45} 

Records must be maintained in a manner which protects the confidentiality of their contents and must be kept for a minimum of seven years from the date of termination of treatment, unless the client was a minor, wherein the records must be maintained for a minimum of seven years from the date at he or she reaches 18 years of age.  ^{46 47 48}  Practically speaking therefore, a minor’s treatment records must be maintained by the provider until that minor reaches 25 years of age. 

When providing mental health services in a school setting, providers must ensure that health care records are protected from loss, damage or unpermitted disclosure. As evident in the foregoing discussion, access to mental health treatment records, and the storage of such records must be maintained in accord with the provisions of California law, HIPAA, and relevant ethical standards. 

Records should never be left unprotected or stored in a manner which permits unauthorized access to the client’s confidential health information. In circumstances where the therapist is sent into the school to offer mental health services as a contracted provider, it is customary for him or her to maintain physical possession of the record at his or her office. 

Program planning: Questions to consider regarding recordkeeping/storage 

1. In what form (electronic storage/hard copies) will treatment records be maintained? 
2. If records are to be stored electronically, what type of password protection and back-up system will be used? How often will the system be backed up? Where will the backed-up version be stored? How often, if ever, will hard copies be printed? 
3. If records will be maintained in hard copy, will they be stored in a locked cabinet? 
4. Are there procedures in place, which prevent the unauthorized access to confidential treatment records? For example, under what circumstances will file cabinets containing confidential information be left unlocked? Will the door to the room where the records are stored be locked? 
5. Who, specifically, will have access to the treatment records, and under what circumstances? 
6. If records are being physically stored at the school site, who will be responsible for the records if the treating therapist is no longer providing services at that school? 

School-based mental health programs are important resources for many students. They provide timely assistance to minors who might otherwise fail to receive the help they need and deserve. As a general rule, it is fair to say that successful school-based programs are founded upon a collaborative effort between school professionals and mental health providers. 

---

Endnotes 

¹  20 U.S.C. §1232g; 34 CFR Part 99 

²  Jasper, Sara, JD, “Practice Guidelines for Psychotherapists Who Work in Schools-How FERPA Applies to School-Based Therapy Programs,” The Therapist, March/April, 2017 

³  20 U.S.C. §1232g(a)(4)(A); 34 CFR Part 99.3 

⁴  20 U.S.C. §1232g(a)(4)(B)(i) 

⁵  The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) 

⁶  Numerous articles and related resources concerning the topic of HIPAA are available on the CAMFT website, at:www.camft.org 

⁷  45 C.F.R. 160.103 

⁸  45 C.F.R 164.510(b) The HIPAA Privacy Rule does permit communications between health care providers and a patient’s family members, friends, or other persons whom the patient has permitted to be involved in his or her treatment. 

⁹  A sample “Notice of Privacy Practices,” and related forms, are available on the CAMFT website at:www.camft.org 

¹⁰  Jensen, David, JD, “HIPAA overview of the Security Standards,” The Therapist, Sept/Oct, 2003, updated August 2010. 

¹¹  “Summary of the HIPAA Security Rule,” available at: https:// https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.htm 

¹² Health & Safety Code, §123100 “…Every person having ultimate responsibility for decisions respecting his or her own health care also possesses a concomitant right of access to complete information respecting his or her condition and care provided. Similarly, persons having responsibility for decisions respecting the health care of others should, in general, have access to information on the patient’s condition and care.” 

¹³  Health & Safety Code, §123115(a)(1) 

¹⁴  Health & Safety Code, §123115(a)(2) “The decision of the health care provider as to whether or not a minor’s records are available for inspection or copying under this section shall not attach any liability to the provider, unless the decision is found to be in bad faith.” 

¹⁵  The terms “patient” and “client” are used synonymously in this writing. 

¹⁶  Evidence Code, §1011, “Patient” means a person who consults a psychotherapist, or submits to an examination by a psychotherapist for the purpose of securing a diagnosis or treatment of his or her mental or emotional condition. 

¹⁷  See e.g. 45 C.F.R. 160.103 

¹⁸  The CAMFT Code of Ethics is available on the CAMFT website at www.camft.org Part I of the Code contains the standards and Part II contains the procedures. 

¹⁹ These guidelines reference several key laws and ethical standards which apply to the issues being discussed, but is not intended to serve as an exhaustive list of every law or ethical code which may be applicable to the subject matter. 

²⁰  Civil Code, §56.10 

²¹  CAMFT Code of Ethics, §2.1 Disclosures of Confidential Information: Marriage and family therapists do not disclose client/patient confidences, (including the names or identities of their clients/patients), to anyone except a) as mandated by law b) as permitted by law c) when the marriage and family therapist is a defendant in a civil, criminal, or disciplinary action arising from the therapy (in which case client/patient confidences may only be disclosed in the course of that action), or d) if there is an authorization previously obtained in writing. Such information may only then be revealed in accordance with the terms of the authorization. 

²²  Business & Professions. Code, §4982(m) The failure to maintain confidentiality, except as otherwise required or permitted by law, of all information that has been received from a client in confidence during the course of treatment and all information about the client that is obtained from tests or other means, is unprofessional conduct. 

²³  CAMFT Code of Ethics, §2.3 Maintenance of Client/Patient Records— Confidentiality: Marriage and family therapists store, transfer, transmit, and/or dispose of client/patient records in ways that protect confidentiality. 

²⁴  Welfare. & Inst. Code, §8100(b), §8105(c) 

²⁵  Civil Code, 56.10(c)(2) 

²⁶  See, Civil Jury Instructions, §501. The “standard of care” that is applicable in a given situation depends on the actual facts and circumstances present in the case. A therapist must exercise the reasonable degree of skill, knowledge and care that is ordinarily exercised by other members of his or her professional community, when practicing under similar circumstances. 

²⁷  Evidence Code, §1010 Under the language of this section, “psychotherapist,” includes licensed and pre-licensed mental health professionals. 

²⁸  Evidence Code, §1012 “‘Confidential communication between patient and psychotherapist’ means information, including information obtained by an examination of the patient, transmitted between a patient and his psychotherapist in the course of that relationship and in confidence by a means which, so far as the patient is aware, discloses the information to no third persons other than those who are present to further the interest of the patient in the consultation, or those to whom disclosure is reasonably necessary for the transmission of the information or the accomplishment of the purpose for which the psychotherapist is consulted, and includes a diagnosis made and the advice given by the psychotherapist in the course of that relationship.” 

²⁹  Evidence Code, §1014 “the patient, whether or not a party, has a privilege to refuse to disclose, and to prevent another from disclosing, a confidential communication between patient and psychotherapist if the privilege is claimed by :(a) the holder of the privilege. (b) A person who is authorized to claim the privilege by the holder of the privilege. (c) The person who was the psychotherapist at the time of the confidential communication, but the person may not claim the privilege if there is no holder of the privilege in existence or if he or she is otherwise instructed by a person authorized to permit disclosure.” 

³⁰  Evidence Code, §1015 

³¹  In re: Daniel C.H., (1990) 220 Cal.App.3d 814 (minor as holder of psychotherapist-patient privilege). 

³²  Welfare & Institutions Code, 317(f) “Either the child or counsel for the child, with the informed consent of the child if the child is found by the court to be of sufficient age and maturity to consent, which shall be presumed, subject to rebuttal by clear and convincing evidence, if the child is over 12 years of age, may invoke the psychotherapist-client privilege, physician-patient privilege, and clergyman-penitent privilege. If the child invokes the privilege, counsel may not waive it, but if counsel invokes the privilege, the child may waive it. Counsel shall be the holder of these privileges if the child is found by the court not to be of sufficient age and maturity to consent.” 

³³  Numerous situations may arise when treating minors and it is beyond the scope of this writing to recommend a course of action which is applicable in all circumstances. 

³⁴  Family Code, §8616 In the event that a child has been adopted: “After adoption, the adopted child and the adoptive parents shall sustain towards each other the legal relationship of parent and child and have all the rights and are subject to all the duties of that relationship.” 

³⁵  Family Code, §7602 “The parent and child relationship extends equally to every child and to every parent, regardless of the marital status of the parents.” 

³⁶  Family Code, §3006 “‘Sole legal custody’ means that one parent shall have the right and the responsibility to make the decisions relating to the health, education, and welfare of a child. 

³⁷  Family Code, §3083 In making an order of joint legal custody, the court shall specify the circumstances under which the consent of both parents is required to be obtained in order to exercise legal control of the child and the consequences of the failure to obtain mutual consent. In all other circumstances, either parent acting alone may exercise legal control of the child.” 

³⁸  Family Code, §3085 “In making an order for custody with respect to both parents, the court may grant joint legal custody without granting joint physical custody.” 

³⁹  Family Code, §6550 

⁴⁰  Family Code, §6552 

⁴¹  Family Code, §7002, §7050 

⁴²  Business & and Professions Code §4982(v) “Failure to keep records consistent with sound clinical judgment, the standards of the profession, and the nature of the services being rendered is unprofessional conduct.” 

⁴³  Health & Safety Code §123105(a),) (b) and (d) “‘Mental health records’ means patient records, or discrete portions thereof, specifically relating to evaluation or treatment of a mental disorder. ‘Mental health records’ includes, but is not limited to, all alcohol and drug abuse records… (d) ‘Patient records’ means records in any form or medium maintained by, or in the custody or control of, a health care provider relating to the health history, diagnosis, or condition of a patient, or relating to treatment provided or proposed to be provided to the patient. ‘Patient records’ includes only records pertaining to the patient requesting the records or whose representative requests the records. ‘Patient records’ does not include information given in confidence to a health care provider by a person other than another health care provider or the patient, and that material may be removed from any records prior to inspection or copying under Section 123110 or 123115.” 

⁴⁴  CAMFT Code of Ethics, §3.12 Documenting Treatment Rationale/Changes: Marriage and family therapists document treatment in their client/patient records, such as major changes to a treatment plan, changes in the unit being treated and/or other significant decisions affecting treatment.  

⁴⁵  CAMFT Code of Ethics, §5.3 Client/Patient Records: “Marriage and family therapists create and maintain client/patient records consistent with sound clinical judgment, standards of the profession, and the nature of the services being rendered.” 

⁴⁶  Civil Code, §56.101(a) “Every provider of health care, health care service plan, pharmaceutical company, or contractor who creates, maintains, preserves, stores, abandons, destroys, or disposes of medical information shall do so in a manner that preserves the confidentiality of the information contained therein.”   

⁴⁷  Business & Professions Code, §4980.49 “A marriage and family therapist shall retain a client’s or patient’s health service records for a minimum of seven years from the date therapy is terminated. If the client or patient is a minor, the client’s or patient’s health service records shall be retained for a minimum of seven years from the date the client or the patient reaches 18 years of age. Health service records may be retained in either a written or an electronic format. (b) This section shall apply only to the records of a client or patient whose therapy is terminated on or after January 1, 2015.” 

⁴⁸  CAMFT Code of Ethics, §2.3, Maintenance of Client/Patient Records—Confidentiality: “Marriage and family therapists store, transfer, transmit, and/or dispose of client/patient records in ways that protect confidentiality.” 

---

Before You Get Started 

1. Consider whether the mental health treatment records will be kept separate and apart from the education records. 
2. Consider the form (electronic storage/hard copies) mental health treatment records are to be maintained and the security protocol implemented to ensure confidentiality of the records. If records are to be stored electronically, what type of password protection and back-up system will be used? How often will the system be backed up? Where will the backed-up version be stored? How often, if ever, will hard copies be printed? If records will be maintained in hard copy, will they be stored in a locked cabinet? 
3. Consider who has access to the mental health treatment records and implement policies/procedures regarding this matter. 
4. Consider if the protocol for how a mental health program may obtain consent to treat minors, to include, who must consent for the minor’s treatment; are consent forms sent home or is the consent form provided at the time the services are being requested; and whether the school mental health program allow minors to consent under the California consent laws (Health & Safety Code §124260 and/or Family Code §6924). 
5. Consider the process a therapist must follow when responding to the subpoena. 
6. Consult with legal counsel and other experts regarding the implementation of a school-based mental health program. 
7. Consult with CAMFT on psychotherapists’ legal and ethical obligations.