About Us | Chapters | Advertising | Join
The Legal Department articles are not intended to serve as legal advice and are offered for educational purposes only. The information provided should not be used as a substitute for independent legal advice and it is not intended to address every situation that could potentially arise. Please be aware that laws, regulations and technical standards change over time. As a result, it is important to verify and update any reference or information that is provided in the article.
The Basics of Telehealth. This article discusses the legal, ethical, and business considerations related to the practice of telehealth, and explains the California regulations pertaining to telehealth and the specific CAMFT Code of Ethics provisions that relate to telehealth.
Alain Montgomery, JD, Staff Attorney The Therapist January/February 2015 Updated November, 2022 by Luke M. Martin, MBA, JD (CAMFT Staff Attorney)
Technology allows us to create a personalized global village. Internet-based and mobile applications make it possible to virtually socialize, network, and conduct business from any location, at any time. Mobile devices and videoconferencing technologies offer mental health care professionals the opportunity to expand their businesses and broaden their range of services while offering consumers flexible treatment options. As audiovisual telecommunication technologies emerge as a treatment medium for the delivery of behavioral health, it is important for mental health care providers to understand the laws, professional ethical guidelines, as well as the privacy and security standards that pertains to the use of telecommunication in the practice of marriage and family therapy.
What is Telehealth? Under California law, "Telehealth" is the delivery of health care services using information and communication technologies to consult, diagnose, treat, or educate a patient while the patient is at an “originating site” and the health care provider is at a “distant site.” The “originating site" is the site where a patient is located at the time health care services are provided through a telecommunications system. 1
The practice of telehealth involves providing services in one of two ways. The first mode is through a “synchronous interaction” which is a live, real-time, interactive, audiovisual, two-way communication. 2 An example of a live, real-time, interactive communication is therapy performed over the telephone or through videoconferencing. The second mode is an “asynchronous interaction” which is not a real-time interaction. An example of an asynchronous interaction is providing therapy via e-mail. Keep in mind that routine e-mail and instant messaging conversations, where professional therapy services are not rendered, are excluded from the definition of telehealth.
Can an LMFT in California Provide Psychotherapy to a Patient Outside the State of California? A California marriage and family therapist license or registration allow the holder to practice psychotherapy in the state of California. California law states: “Marriage and family therapists provide crucial support for the well-being of the people and the State of California.”3 The Board of Behavioral Sciences (BBS) acknowledges that licensing requirements vary by state and individuals who provide psychotherapy or counseling to persons in California are required to be licensed in California. Thus, a California license does not – in and of itself – allow a therapist to practice in any jurisdiction other than in California. The location of the patient determines the applicable law.
Currently, there is no reciprocity between California and any other state which would allow a California LMFT to practice in a different jurisdiction. All fifty states, including DC, regulate the practice of marriage and family therapy. Consequently, there may be legal implications when a provider wants to continue to offer services to a patient who is outside the state of California. Please check with the jurisdiction you are looking to provide services in for additional insight into the requirements necessary to legally perform services there.
On one hand, it seems counterintuitive that a therapist would be prohibited from maintaining a therapeutic relationship with a patient who leaves the state. A patient’s diagnosis or condition does not disappear when a patient goes on vacation, takes a business trip, or relocates to another state. In such times, a patient may want and/or need the continued support of their therapist even without the physical face-to- face connection.
However, each state is responsible for licensing and regulating the profession of marriage and family therapy. As such, each state’s licensing or regulatory board determines who may practice marriage and family therapy in that state. So, while the inclination to continue a therapeutic relationship with a patient who is in another state may feel – and be – ethically justifiable, it is important to be mindful of the risks involved in providing services to an individual in another state without being appropriately licensed by that state; or, otherwise authorized by that state’s regulatory board acting in accordance with that state’s laws and regulations. Some states’ regulatory boards may allow a practitioner to perform psychotherapy temporarily in their state. The practitioner who is interested in performing services in that out-of-state jurisdiction should seek consultation with the state’s licensing board.
One option for a therapist whose client is either temporarily out of state, or who has moved to another jurisdiction, is to help the client find a meaningful resource who can continue treatment or offer emergency services.
Penalties for the Unlawful Practice of Telehealth If another state discovers that a provider has rendered or is rendering services in their jurisdiction without being licensed or appropriately authorized, penalties may range from reprimand, fines, conviction of a crime or incarceration.
Under California law, if a provider is disciplined by another state’s regulatory board for violating that state’s licensing laws, the provider is under a duty to report the violation to the BBS.4 As per BBS regulations, therapists licensed or registered in California are lawfully permitted to provide telehealth services to clients located in another jurisdiction only if the California licensee or registrant meets the requirements to lawfully provide services in that jurisdiction and delivery of telehealth services are allowed by that jurisdiction. Penalties for unprofessional conduct include denial of a license or registration, suspension, fines, or license revocation.5
Online Therapy Practices As telehealth practice has grown in popularity so has the presence of online therapy businesses.
Many internet-based counseling businesses have very specific terms of use which state that therapeutic treatment will not be provided to a patient located in a state with a specifically defined telehealth statute; or, disclaim that any type of service provided is not therapy, but coaching or consultation.
Regardless of how an online business, refers to, or identifies its services, a California-licensed provider who offers therapy online to individuals who are physically located in another state should understand the licensing requirements and regulations of the state where the client is physically located at the time services are rendered.
Web Based Platforms for Clients within California There are a number of different online platforms which allow behavioral health care providers to connect with patients for the purposes of conducting online therapy. For example, Zoom is an online audio-visual software service that allows users to communicate with one another through computers, smart phones, and iPads and is one of the top-rated free video conferencing programs.6 Hence, it has broad appeal to healthcare providers who practice telehealth. The primary concerns about the use of Skype in telehealth focus on confidentiality, privacy and compliance with the Health Insurance Portability and Accountability Act (“HIPAA”).
HIPAA privacy and security rules require individuals, organizations, and agencies who meet the definition of a covered entity to comply with the rules' requirements to protect the privacy and security of a patient’s health information. For more information regarding HIPAA Privacy and Security rules, see articles on HIPAA in the “Resource Center” section of the CAMFT website.
A covered entity is a health care provider (an individual or organization) who transmits health information electronically to another covered entity to effectuate administrative and/or financial transactions related to a patient’s health care.7 If a covered entity engages a “business associate” – a third party who provides services to the covered entity who may have access to a patient’s protected health information (“PHI”) – the covered entity must have a written business associate agreement (“BAA”) which assures that the business associate will appropriately safeguard and protect the privacy and security of a patient’s health information. For more information about business associate agreements, see the CAMFT article, “Neither You Nor Your Business Associates Can Afford to be Lax About Complying with HIPAA Requirements,” by Sara Jasper.
According to Skype’s privacy and security policy, Skype uses organizational and technical safeguards to protect the privacy and the confidentiality of personal data. All Skype-to-Skype voice, video, file transfers and instant messages are encrypted with advanced encryption standards which are the same standards used by the US government to protect sensitive information.9
However, Skype neither promotes its video technology as a tool specifically designed for the health care community nor does it hold itself out as being a business associate subject to HIPAA. Skype may be made HIPAA complaint should additional configurations be added to a healthcare provider's account and a Business Associate Agreement is obtained from Microsoft.
It is important to understand the context of what it means for a covered entity to comply with HIPAA when using web-based platforms to provide behavioral health care services. Products such as Skype are not HIPAA compliant or non-compliant. Rather, it is the individual or organization using the program that is required to comply with HIPAA standards.
It is critical for covered entities who utilize internet based video communication software for therapeutic exchanges to know whether or not their use of a particular web based platform complies with any and all applicable state and federal laws. For example, a covered entity would want to ensure they are provided with a business associate agreement by the company that provides the software used for telehealth services.
Professional Ethical Standards Regarding Electronic Therapy CAMFT Code of Ethics, Section 6 pertains to telehealth (e.g., therapy by telephone or internet). Section 6 states the following:
1 Cal Bus and Prof Code §2290.5 (a)(4) 2 Cal Bus and Prof Code §2290.5 (a) (5) 3 Cal Bus and Prof Code §4980 4 Cal Bus and Prof Code §4984 (b) (4) and §4989.32 5 Cal Bus and Prof Code §4982.25 6 https://www.skype.com/ 7 45 CFR 160.103 8 45 CFR 160.103 9 Skype 2020. Privacy and Security, “Does Skype Use Encryption?” Accessed November 2nd, 2020: https://support.skype.com/en/faq/FA31/does-skype-use-encryption 11 Cal Bus and Prof Code §2290.5 (b) 12 American Telemedicine Association, “50 State Telemedicine Gaps Analysis: Coverage and Reimbursement,” Accessed September 9, 2014: https://higherlogicdownload.s3.amazonaws.com/AMERICANTELEMED/3c09839a-fffd-46f7-916c-692c11d78933/UploadedImages/Policy/State%20Policy%20Resource%20Center/Coverage%20-%202016_50-state-telehealth-gaps-analysis--coverage-and-reimbursement.pdf ; Cal Health & Saf Code §1374.13; Cal Ins Code §10123.13 and §10123.85 13 Cal Wel & Inst Code §14132.72(c) 14 Cal Wel & Inst Code §14132.72(d) 15 AB415 16 Id.