Private practitioners in the electronic era must consider a variety of legal, ethical and clinical issues in deciding how to keep their records, said Cynthia Sturm, PhD, chair of the APA Board of Professional Affairs' Committee on Professional Practice and Standards (COPPS), during APA's 2004 Annual Convention in Honolulu. Sturm spoke at a Board of Professional Affairs-sponsored session that touched on issues COPPS is addressing as it reviews APA's record-keeping guidelines.

Psychologists' various types of practices will affect their record-keeping procedures, noted Sturm, an independent practitioner in Portland, Ore. However, she advised psychologists across all settings to consider at treatment's outset the potential disclosures of the record, such as those that may flow from a patient's divorce proceedings or employment applications.

A significant record-keeping consideration is whether to keep separate psychotherapy notes, in additional to clinical records, said Alan Nessman, JD, special counsel in the Office of Legal and Regulatory Affairs in APA's Practice Directorate. The privacy rule of the Health Information Portability and Accountability Act (HIPAA) does not require that psychologists maintain psychotherapy notes, but doing so will generally provide greater protection from disclosure, especially to insurance companies, said Nessman. Special authorization is required to release that information.

Psychotherapy notes vs. clinical records

On the question of what information to put in psychotherapy notes, Nessman suggested considering the purpose of the notes. A helpful guidepost, he said, is commentary from the U.S. Department of Health and Human Services, which administers the HIPAA privacy rule. That commentary indicates that the psychotherapy notes are the psychologist's own notes for personal use and contain information that others in the health-care community, such as other treating professionals and insurers, do not need.

Based on that definition, psychotherapy notes might include formulations, hypotheses and themes discovered in sessions with clients, noted Sturm.

Sturm also pointed to a variety of practices for recording the clinical record--the rest of the record that is less protected than psychotherapy notes. APA's Record Keeping Guidelines from 1993 define the minimal level of information that should be in the record, including dates and types of service, fees, assessments, plans for intervention and releases of information. Some commentators advise against including in the record unnecessary detail, personal opinions or medical diagnoses that the psychologist isn't qualified to make.

"The fundamental things to document [in the clinical record] deal with significant clinical decisions," Sturm said. "What are your goals in treatment, why did you choose that treatment, have you provided informed consent by talking with the client about risks involved and alternatives to that treatment, and what are your rationales for referrals you've provided?"

Insurers may require additional detail in the clinical record, so be aware that you could have different requirements of varying complexities for individual clients, Sturm noted. Nessman added that these insurer requirements are separate from, and do not supplant, state and ethical requirements for record-keeping.

But psychologists working in larger medical settings need to adhere to their institution's specific record-keeping policies, noted Sara J. Knight, PhD, a research health science specialist at the San Francisco Veterans Affairs Medical Center.

While institutional policies and procedures often provide guidance about the content of the record, the medical record does not provide the same protection of patient information as the mental health record does, Knight said. In these situations, she advised, psychologists need to carefully balance patient privacy concerns with the need to coordinate the patient's care across diverse disciplines.

Keeping electronic records safe

Also, as more private health information is stored electronically, practitioners--especially in smaller organizations--must ensure the security of their files, said Leigh W. Jerome, PhD, research director at Hawaii-based Pacific Telehealth and Technology Hui.

Jerome offered several tips for protecting records from computer viruses, accidental leaks and breaches, including:

  • Develop a storage plan for backup data.

  • Install virus protection and keep on top of software updates.

  • Establish formal security policies and procedures.

  • Arrange a plan to securely dispose of electronic data.

  • Assign usernames to staff to track identities on your network.

HIPAA's security rule, which goes into effect in April 2005, will provide further guidance on the safekeeping of electronic records.

Further Reading

For more information, review APA's record-keeping guidelines or contact the Legal and Regulatory Affairs Department of the Practice Directorate at (202) 336-5886 or Salik Farooqi.