use of technology informed consent

Purpose of This Document. This document outlines how technology is used in the delivery of mental health services through telehealth, and other electronic communication. It explains the benefits and limitations of technology, the responsibilities of both client and therapist, and the privacy and security considerations involved.

SECTION 1: TELEHEALTH SERVICES

1.1  TELEHEALTH SERVICES. Telehealth is provided only to clients physically located in NY at time of service. Telehealth allows mental health counseling to be delivered through video conferencing. Benefits of telehealth include:

  • Increased access

  • Convenience and flexibility

  • The ability to continue care despite travel, illness, or mobility issues

There are also limitations and risks to telehealth services, including:

  • Technology may fail or disconnect

  • Audio or video may freeze

  • Unauthorized access to electronic communications is possible

  • Telehealth may not be appropriate for all clinical needs

  • Telehealth is not emergency care.

The therapist may discontinue telehealth if technology is insufficient or if it becomes clinically inappropriate. The therapist may recommend in-person services if telehealth is no longer clinically appropriate.

1.2  CLIENT RESPONSIBILITIES FOR TELEHEALTH SERVICES. To protect your safety and confidentiality, you agree to:

  • Be physically located within the state of New York during telehealth sessions

  • Not attend telehealth sessions while driving or operating a vehicle

  • Use a secure, private Internet connection

  • Ensure you are in a confidential environment

  • Inform your therapist if anyone else is in the room or can overhear

  • Not record sessions without explicit permission

  • Not share session links or passwords with anyone

  • Maintain responsibility for the security of your own devices

  • Keep software and devices updated

You agree to provide the following at every telehealth session:

  • Your physical location

  • A reliable phone number where you can be reached if the connection drops

  • If your location changes mid-session, you will notify the therapist immediately

1.3  TECHNOLOGY FAILURE PROTOCOL. If the session disconnects:

  1. Both parties will attempt reconnection for up to five (5) minutes

  2. If unable to reconnect, your therapist will call you

  3. You agree to answer the phone

  4. If your therapist is unable to reach you and there are safety concerns, your emergency contact or emergency services may be contacted

1.4  EMERGENCY PROTOCOL. Telehealth is not appropriate for emergencies. If you are in crisis, your options are:

  • Call 911

  • Go to the nearest Emergency Room

  • Or call/text 988 for the Suicide & Crisis Lifeline

If your therapist believes you are at risk of harm during a telehealth session, you understand and agree that emergency services will be contacted.

SECTION 2: ELECTRONIC COMMUNICATIONS

2.1  COMMUNICATION IN-BETWEEN SESSIONS. Electronic communication is not a substitute for therapy. Clinical conversations must occur during scheduled sessions. Between sessions:

  • Brief logistical questions may be handled via portal message, email, or text

  • Your therapist does not provide crisis services

  • If you reach out in distress, your therapist will likely not be available

  • Response times may vary up to two business days

  • Emergencies must be directed to 911 or 988

  • If your communication indicates a risk to your safety, your therapist will contact emergency services

2.2  ALLOWED FORMS OF COMMUNICATION. You authorize the practice to contact you using:

Client portal messaging (preferred): This feature in your Client Portal is fully encrypted and HIPAA-compliant. It is our best option for private communications in between sessions. Download the SimplePractice app to make this option convenient for you.

Email: Your therapist uses Proton Mail, which keeps emails encrypted on her devices. You have the option to also download and use Proton Mail. This allows for all email communication to always be encrypted. If you receive mail through a service provider such as gmail, yahoo, hotmail, aol, email is not encrypted on your devices. If your therapist needs to share private information with you via email, she will send a password-protected email to encrypt the information.

Text message: Your therapist uses a HIPAA-compliant version of Google Voice to keep text messages encrypted on her devices. Because there is no way to ensure encryption on your end, this communication will always only be logistical in nature without personally identifiable information.

Voicemail: Your therapist generally does not leave voicemail messages. If voicemail needs to be used, no information will be left that discloses your participation in mental health services.

Phone calls: Your therapist does not use phone calls for therapy between sessions. Phone communication may only be used to complete a telehealth session in the event of a technology failure. If you choose to continue the session by phone, you acknowledge the loss of encryption protections.

Email, texting, and phone communication are not fully secure. These channels for communication are used for scheduling, administrative, and logistical purposes only, not for therapy. Although reasonable safeguards are used, confidentiality cannot be guaranteed.

2.3  CLIENT RESPONSIBILITIES FOR ELECTRONIC COMMUNICATIONS. You agree to:

  • Update your contact information promptly

  • Maintain the privacy of your devices

  • Use password protection on your phone and computer

  • Avoid discussing sensitive information over insecure channels

SECTION 3: DATA SECURITY

3.1  THERAPIST RESPONSIBILITIES. No system is completely risk-free. To protect your privacy as best as possible, your therapist agrees to:

  • Use HIPAA-compliant platforms and vendors

  • Maintain updated security measures

  • Store records within a HIPAA-compliant EHR

  • Utilize administrative, physical, and technical privacy safeguards

  • Limit access to, and use of, PHI

  • Uphold all HIPAA & HITECH standards

  • Follow a documented data breach response protocol

3.2  CLIENT RESPONSIBILITIES. The client assumes all responsibility for maintaining the privacy of their devices, internet connection, and physical environment. You agree to:

  • Use secure devices and private Wi-Fi (using a VPN provides an additional level of security on your end)

    • Keep your devices password-protected

    • Ensure no unauthorized persons can overhear sessions

    • Avoid using public Wi-Fi for sessions or communication

    • Never record sessions without explicit permission

SECTION 4: TECHNOLOGY VENDORS AND THIRD PARTIES

4.1  THIRD PARTIES USED IN THIS PRACTICE. Your therapist uses the following third parties to provide care and process payments:

  • SimplePractice (EHR, telehealth, messaging, AI transcription)

  • Stripe (payment processing)

  • Thrizer (optional payment platform using third-party payment processors such as Stripe/Plaid)

  • Proton (encrypted email)

  • Jotform (encrypted forms)

  • Google Workspace (encrypted text messaging)

  • Other HIPAA-compliant business associates as needed

These vendors maintain their own security protocols. Your therapist has signed Business Associate

Agreements with the above vendors to ensure their adherence to HIPAA compliance.