About Us | Chapters | Advertising
The Legal Department articles are not intended to serve as legal advice and are offered for educational purposes only. The information provided should not be used as a substitute for independent legal advice and it is not intended to address every situation that could potentially arise. Please be aware that laws, regulations and technical standards change over time. As a result, it is important to verify and update any reference or information that is provided in the article.
The Basics of Telehealth. This article discusses the legal, ethical, and business considerations related to the practice of telehealth, and explains the California regulations pertaining to telehealth and the specific CAMFT Code of Ethics provisions that relate to telehealth.
Alain Montgomery, JD, Staff Attorney
Reviewed November, 2017 by Ann Tran-Lien, JD (Managing Director, Legal Affairs)
Technology allows us to create a personalized global village. Internet-based and mobile applications make it possible to virtually socialize, network, and conduct business from any location, at any time. Mobile devices and videoconferencing technologies offer mental health care professionals the opportunity to expand their businesses and broaden their range of services while offering consumers flexible treatment options. As audiovisual telecommunication technologies emerge as a treatment medium for the delivery of behavioral health, it is important for mental health care providers to understand the laws, professional ethical guidelines, as well as the privacy and security standards which pertain to the use of telecommunication in the practice of marriage and family therapy.
What is Telehealth?
Under California law, "Telehealth" is the delivery of health care services using information and communication technologies to consult, diagnose, treat, or educate a patient while the patient is at an “originating site” and the health care provider is at a “distant site.” The “originating site" is the site where a patient is located at the time health care services are provided through a telecommunications system. 1
The practice of telehealth involves providing services in one of two ways. The first mode is through a “synchronous interaction” which is a live, real-time, interactive, audiovisual, two-way communication. An example of a live, real-time, interactive communication is therapy performed over the telephone or through videoconferencing. The second mode is an “asynchronous interaction” which is not a real-time interaction.2 An example of an asynchronous interaction is providing therapy via e-mail. Keep in mind that routine e-mail and instant messaging conversations, where professional therapy services are not rendered, are excluded from the definition of telehealth.
Can an LMFT in California Provide Psychotherapy to a Patient Outside the State of California?
A California marriage and family therapist license or registration allows the holder to practice psychotherapy in the state of California. California law states: “Marriage and family therapists provide a crucial support for the well- being of the people and the State of California.”3 The BBS acknowledges that licensing requirements vary by state and individuals who provide psychotherapy or counseling to persons in California are required to be licensed in California. Thus, a California license does not – in and of itself – allow a therapist to practice in any jurisdiction other than in California. The location of the patient determines the applicable law.
Currently, there is no reciprocity between California and any other state which would allow a California LMFT to practice in a different jurisdiction. All fifty states, including DC, regulate the practice of marriage and family therapy. Consequently, there may be legal implications when a provider wants to continue to offer services to a patient who is outside the state of California.
On one hand, it seems counterintuitive that a therapist would be prohibited from maintaining a therapeutic relationship with a patient who leaves the state. A patient’s diagnosis or condition does not disappear when a patient goes on vacation, takes a business trip, or relocates to another state. In such times, a patient may want and/or need the continued support of their therapist even without the physical face-to- face connection.
However, each state is responsible for licensing and regulating the profession of marriage and family therapy. As such, each state’s licensing or regulatory board determines who may practice marriage and family therapy in that state. So, while the inclination to continue a therapeutic relationship with a patient who is in another state may feel – and be – ethically justifiable, it is important to be mindful of the risks involved in providing services to an individual in another state without being appropriately licensed by that state; or, otherwise authorized by that state’s regulatory board acting in accordance with that state’s laws and regulations.
One option for a therapist whose client is either temporarily out of state, or who has moved to another jurisdiction, is to help the client find a meaningful resource who can continue treatment or offer emergency services.
Penalties for the Unlawful Practice of Telehealth
If another state discovers that a provider has rendered, or is rendering services in their jurisdiction without being licensed or appropriately authorized, penalties may range from reprimand, fines, conviction of a crime or incarceration.
Under California law, if a provider is disciplined by another state’s regulatory board for violating that state’s licensing laws, the provider is under a duty to report the violation to the BBS.4 As per BBS regulations, therapists licensed or registered in California are lawfully permitted to provide telehealth services to clients located in another jurisdiction only if the California licensee or registrant meets the requirements to lawfully provide services in that jurisdiction and delivery of telehealth services are allowed by that jurisdiction. Penalties for unprofessional conduct include denial of a license or registration, suspension, fines, or license revocation.5
Online Therapy Practices
As telehealth practice has grown in popularity so has the presence of online therapy businesses.
Regardless of how an online business, refers to, or identifies its services, a California licensed provider who offers therapy online to individuals who are physically located in another state should understand the licensing requirements and regulations of the state where the client is physically located at the time services are rendered.
Web Based Platforms for Clients within California
There are a number of different online platforms which allow behavioral health care providers to connect with patients for the purposes of conducting online therapy. For example, Skype is an online audio visual software service which allows users to communicate with one another through computers, smart phones, and iPads and is one of the top rated free video conferencing programs.6 Hence, it has broad appeal to health care providers who practice telehealth. The primary concerns about the use of Skype in telehealth focus on confidentiality, privacy and compliance with the Health Insurance Portability and Accountability Act (“HIPAA”).
HIPAA privacy and security rules require individuals, organizations, and agencies who meet the definition of a covered entity to comply with the rules' requirements to protect the privacy and security of a patient’s health information. For more information regarding HIPAA Privacy and Security rules, see articles on HIPAA in the “Resource Center” section of the CAMFT website.
A covered entity is a health care provider (an individual or organization) who transmits health information electronically to another covered entity to effectuate administrative and/or financial transactions related to a patient’s health care.7If a covered entity engages a “business associate” – a third party who provides services to the covered entity who may have access to a patient’s protected health information (“PHI”) – the covered entity must have a written business associate agreement (“BAA”) which assures that the business associate will appropriately safeguard and protect the privacy and security of a patient’s health information. For more information about business associate agreements, see the CAMFT article, “NeitherYou Nor Your Business Associates Can Afford to be Lax About Complying withHIPAA Requirements,” by Sara Kashing.
According to Skype’s privacy and security policy, Skype uses organizational and technical safeguards to protect the privacy and the confidentiality of personal data. All Skype-to-Skype voice, video, file transfers and instant messages are encrypted with advanced encryption standards which are the same standards used by the US government to protect sensitive information.9
However, Skype neither promotes its video technology as a tool specifically designed for the health care community nor does it hold itself out as being a business associate subject to HIPAA. As such, Skype does not offer business associate agreements for health care professionals who want to use it for telehealth purposes. In fact, Microsoft, which owns Skype, did not mention Skype in its April 2013 press release announcing its updated business associate agreement for its cloud services. 10
It is important to understand the context of what it means for a covered entity to comply with HIPAA when using web-based platforms to provide behavioral health care services. Products such as Skype are not HIPAA compliant or non-compliant. Rather, it is the individual or organization using the program that is required to comply with HIPAA standards.
It is critical for covered entities who utilize internet based video communication software for therapeutic exchanges to know whether or not their use of a particular web based platform complies with any and all applicable state and federal laws. For example, a covered entity would want to ensure they are provided with a business associate agreement by the company that provides the software used for telehealth services.
Professional Ethical Standards Regarding Electronic Therapy
CAMFT Code of Ethics, Section 1.4.2 pertains to electronic therapy (e.g., therapy by telephone or internet). The CAMFT Code of Ethics recommends the following:
It is important to inform patients about the benefits and risks of telehealth at the outset of the professional relationship. Discussing limits on confidentiality is paramount. While telephone or video conferencing is a flexible alternative to meeting face-to-face, the patient should be aware of the potential risks to the confidentiality of telehealth treatment sessions. There are a number of situations that could compromise the confidentiality of the therapeutic conversation. For example, someone may listen in on the conversation; or, be in the same room as the patient but outside the view of the camera. Thus, the patient should feel comfortable in the environment where they are receiving services and in setting appropriate boundaries to ensure his or her own privacy.
Formerly, the law required patients to sign a telehealth specific written consent form prior to receiving treatment via telehealth. However, this requirement was perceived as creating an unnecessary barrier to care. While written consent is no longer mandated, the patient’s verbal consent should be documented in the record. In 2014, the law was amended to allow providers to secure consent for telehealth services the first time an appointment is made and removed the requirement that providers get consent prior to each telehealth session. 14
Is Special Malpractice Insurance Required to Practice Telehealth?
Providers lawfully utilizing telehealth should contact their insurance carrier to determine whether an additional premium is required. It is important to note that a malpractice carrier may not defend a provider for activities that occur outside the state in which the provider is licensed because such activities could be considered to be outside the scope of the provider’s license.
Do Private Insurance Plans Reimburse for Telehealth Services?
California is one of twenty-one states, and the District of Columbia, that requires private insurers to cover telehealth as they cover in-person services.15 However, some insurers are not reimbursing for telehealth services unless the client’s policy as well as the participating provider’s contract with the plan specifies coverage of telehealth services. CAMFT has been advocating with the regulatory agencies and the plans on this front and will keep members apprised of any updates on this issue.
To determine if a specific insurance company covers telehealth services, it is advisable to speak directly with the insurance company’s benefits manager.
Does Medi-Cal Reimburse for Telehealth Services?
While therapy that occurs through telephonic conversations is a form of telehealth, Medi-Cal only reimburses for psychotherapy services provided through live, interactive, two-way audio video communications. Medi-Cal does not reimburse for therapy that occurs over the telephone.
Also, under the “Telehealth Advancement Act of 2011” two Medi-Cal regulations viewed as restrictive to services provided through telehealth were removed. First, in-person contact between a health care provider and a patient is not required for services provided through telehealth.16 Second, the health care provider is not required to document a barrier to an in-person visit for Medi-Cal coverage of services provided via telehealth.17
Technology affords both clinicians and patients flexibility and portability. As telehealth grows in popularity, it is important for practitioners in the behavioral health care field to look to the laws and ethical standards as guides for proper practice as opposed to perceiving them as obstacles to providing safe, productive, and beneficial treatment. Remember, regardless of how advanced the technology, the success of any therapeutic depends on the connection between the therapist and the patient and finding a modality that works for both.
1 Cal Bus and Prof Code §2290.5 (4)
2 Cal Bus and Prof Code §2290.5 (1) and (5)
3 Cal Bus and Prof Code §4980
4 Cal Bus and Prof Code §4984 and §4989.32
5 Cal Bus and Prof Code §4982
6 Griffith, E. (2013, November) Top Free Software Picks: Video Conferencing. PCMag. Retrieved from http://www.pcmag.com
7 45 CFR 160.103
8 45 CFR 160.103
9 Skype 2014. Privacy and Security, “Does Skype Use Encryption?” Accessed September, 2014:https://support.skype.com/en/faq/FA31/does-skype-use-encryption
10 Microsoft 2014. News Center. “Microsoft updaes Business Associate Agreement to address new HIPAA requirements and help enable healthcare organizations to maintain compliance in the cloud,” April 2013. Accessed September, 11, 2014:http://www.microsoft.com/en-us/news/press/2013/apr13/04-25baapr.aspx. “Microsoft’s updated BAA covers Office 365, Microsoft Dynamics CRM Online and Windows Azure Core Services.”
11 CAMFT Code of Ethics §1.4.2
12 American Telemedicine Association, “Practice Guidelines for Video-Based Online Mental Health
Services,” May 2013,http://www.americantelemed.org/docs/default-source/standards/practice- guidelines-for-video-based-online-mental-health-services.pdf?sfvrsn=6.
13 Suler, J. (2000). Assessing a Person’s Suitability for Online Therapy: The ISMHO Clinical Case Study
Group. Cyber Psychology & Behavior, 4:675-679.
14 Cal Bus and Prof Code §2290.5 as amended by AB 809
15 American Telemedicine Association, “50 State Telemedicine Gaps Analysis: Coverage and Reimbursement,” Accessed September 9, 2014: http://www.americantelemed.org/docs/default- source/policy/50-state-telemedicine-gaps-analysis---coverage-and-reimbursement.pdf?sfvrsn=6 ; Cal Health & Saf Code §1374.13; Cal Ins Code §10123.13 and §10123.85
16Cal Wel & Inst Code §14132.72(c)
17Cal Wel & Inst Code §14132.72(d)