Top 10 Things Counselors Should Be Concerned About
Before You Begin...
This report is an inclusive report of the areas of your practice that are not taught in school. We have assembled a high-level overview of each of those areas and tried to include a relevant fact to highlight the problem area, and a short discussion about the points that are most directly threatening your practice, family, and income. And finally, we included links to more information about each topic on our website.
This report is not meant to be an exhaustive essay on each topic as the finished tome would be hundreds of pages long and no one but Kathleen would read such a thing! We're covering the threat areas we can do something about and laying out the groundwork for the creation of your custom, "Continuing Education By Design", curriculum that we hope will serve you well in, "Protecting, Equipping, and Defending", yourself.
Have a good read and while we know it may all sound a bit overwhelming and scary, we're going to do it together, one step at a time, okay?
1. The LPC & LMFT Boards' New Rules Changes
Are you aware that the LPC and LMFT Boards have been in the process of updating their rules for quite awhile now and the new crop of regulations became effective in March of 2019? Do you know what they are and how they affect your practice? You should.
Remember when your high school driving instructor told you, "ignorance is no excuse under the law"? He was right and it applies to all laws on the books not just the rules of the road. The governing powers expect you to know all of the laws, rules, and regulations that apply to any and all facets of your life.
So does the Board that rents your professional license to you (that's right, you don't own it, they do, but that's for another special report). Remember, ignorance is no excuse under the law!
2. The Complaint Process
Count yourself among the fortunate if you've never had a complaint filed against you or been asked to appear for any reason before the Board. Filing a complaint is a simple 1-page, online form that anyone can submit for any reason at all. In today's litigious environment, that should scare the pants off of anyone in the mental health field.
Do you know what defensive techniques to employ to lower your odds of receiving a complaint? Do you know how long you have to draft and mail a response to the State once you receive, "the letter" of complaint notification? Do you know when to employ an attorney or even if you should to assist you with a complaint? Will your low-cost liability insurance provide an attorney for a complaint?
You need to know and thoroughly understand the new complaint process. Then, you need to know and employ the best defensive techniques that you can to improve the odds of not receiving a complaint in the first place.
What if you do anyway? It could happen.
If you have the proper defensive tactics in place you will greatly increase the likelihood that the outcome will go your way. And that's a lot better than the alternative.
3. HIPAA Compliance
- 60% of providers are not using firewall rule sets.
- 53% are not adequately performing trainings and testing employees on HIPAA compliance.
- 46% are encrypting PHI.
- 86% are not performing penetration tests.
- 72% are not performing employees on how too respond to breaches.
HIPAA was enacted back in the '90's and the subsequent lax, Federal enforcement of its policies has lulled an entire generation or two of medical professionals into thinking they could side-step expensive compliance. And that has largely been the case. That changed under the Obama administration and enforcement, while not at 100% strength, is more likely to ensnare those whose compliance is less than adequate. "Less than adequate" because even the enforcement officers know that 100% compliance with HIPAA is impossible; too many conflicting regulations. But they do expect a proper attempt to be made at achieving 100% compliance as it applies to you and your practice.
The core objective of HIPAA is client data protection, that's the good news. Who isn't for client data protection especially since that involves you and me as well. You want your medical data protected from the bad guys and so does everyone else.
The bad news is you live in the highly digital, 21st century and you can't walk three feet without passing some kind of appliance, gadget, computer, printer, or even a child's toy that doesn't have a digital data-base (db) driving it.
So, you better care a lot because client/patient data has a stealthy way of showing up in places you'd never even consider. Ever text a client? Scan a document? Send an email to a patient? Copy an Intake Document? All of those channels have data-bases and whatever passes through them remains on them. Heck, you can't even keep track of your car keys on a regular basis, your PHI and other HIPAA covered data is on devices that have legs of their own. Learn what it means to be HIPAA compliant in your practice, and get compliant!
4. PCI Compliance
Fact: Most mental health providers are not equipped to handle data breeches. "73% of breaches investigated by SecurityMetrics were due to a lack of logging or log monitoring, which is a foundational data security principal. “
Digital security will never, ever be 100% fool-proof and anyone that tells you otherwise is either uninformed or lying.T he goal of "digital security" is to make it hard enough to break into your world, that the bad guys give up and move on to easier pickin's; the low-hanging fruit.
As I write this, my wife has informed me that someone has yet again, acquired MY credit card number and gone on a spending spree in NoWhere, TX. I take all of the precautions. I don't give my card to anyone, and I keep it in a plutonium-lined, RFID-proof carry-case in my pocket. I cover my card with my hand at the gas pump so no one sees me punching my PIN and still they come up with my credit card number. Apparently the owner of the pump wasn't as diligent about data security as I am.
So why bother to put up any defenses in your practice?
- CYA. Do your part to make all transactions as secure as possible, removing yourself from the basket of low-hanging fruit. And,...
- You owe it to your clientele to do your part on this, like the gas-pump guy should have done.
The banking industry has developed their own level of digital precaution and it's known as, "PCI Compliance". Get PCI Compliant and you remove yourself from the realm of, "low-hanging fruit" into a level of security where it is highly unlikely that you will become someone's next victim. If it hasn't happened to you in your practice yet, it will. Get PCI Compliant.
Are you starting to sense that there are about 1,000 different ways for a mental health professional to get in trouble with the law, and most of them have to do with client/patient data?
5. Family Law Issues
Fact: There are many other rules and regulations embedded into the LPC, LMFT and Social Worker rules that the Board fully expects their licensees to know. One of them is Texas Family Code, Chapter 153.
Family Law is an ugly little slice of the counseling profession you probably didn't get much of a "heads up" about before that first subpoena was handed to you. Dealing with attorneys, legal timelines, angry parents is difficult enough, then there's the art of testifying in an unfamiliar environment--court. Can be a bit stressful.
6. TX Chapter 611 - Release of Records Procedures
Fact: Texas Health and Safety Code, Chapter 611 requires mental health professionals be skilled in proper releases with 11 entities who may request client information from your office.
Let's begin our brief look at the Release of Records topic with this iron-clad statement: The release of records is NOT governed by common sense, or your assumptions.
Releasing client/patient records is governed by the Texas Code Chapter 611 - Release of Records. You need to know what it says you can do and what you cannot do when it comes to releasing client data to someone.
People want their data and they believe they have a right to whatever they think they need or deserve. Add a dash of emotion, a fistful of money and you have an explosive combination that almost always winds up in your lobby, asking for you!
The only way you'll manage to steer clear of a release of records-based complaint, or at the very best, a baseless release of records complaint that is eventually dismissed, is to know Chapter 611, front to back. Know what forms to use, know what questions to ask, know what to redact and when. There's more but, would you bet your license on your current understanding?
7. The Role of Insurance In Your Practice
You've probably been advised, usually by someone NOT in the insurance industry, that once you get your license all you'll need is a minimal liability policy, a 10'x10' room, and you'll be fine. That's not only bad advice, it's an outright injustice. The world is full of wolves looking to take everything you have and none of them are working on a, "minimal damage", basis. So why protect yourself with a "minimal liability" policy?
The role of insurance is to return you to the condition you were experiencing, prior to the event which caused your loss.
There are more than 20-30 different types of business-liability insurance products and each one serves to protect a different set of circumstances that could possibly happen to you in the course of operating your practice. Do you know which ones you need, how much coverage is appropriate, and what's covered/not covered in each policy??
Can you name the Top 12 Types of Business Insurance and their specific role in your practice?
8. For Supervisors - Full Intern Compliance
There are a number of consistently difficult issues when taking on the supervision of an intern, including:
- A lack of a standardized process in place
- Remote location supervision
- An unwillingness or inability to comply
Supervisory duties are difficult enough but the lack of a specific, documented process in place almost guarantees failure. Your process needs to include clearly outlined milestones, and penalties for failure to check those milestones within the given time-frame.
The best scenario for supervising an intern is that one which places them in your practice, under the guidelines you, the Supervisor, have established. In this way you have as much control over your intern's actions as is humanly possible.
Remote supervision, however, places your intern in a 3rd-party environment under operational rules that you have little to no control over. Are they HIPAA compliant? PCI compliant? What's their documentation process for releasing records? Are they properly monitoring your intern for compliance? And the list goes on. The environment for new complaints is almost totally out of your control.
You are, however, totally responsible for the actions of your intern within that 3rd-party environment. Think about that for a moment. Almost no behavioral or administrative control, yet charged with full accountability by the State.
Finally, there's the human element. The truth is that some people, and we're talking interns here, just don't have the level of adult responsibility or work ethic needed to make a remote supervision scenario work.
Is it worth the risk to your license and reputation, for $300 a month?
Still want to be a supervisor? There are risks and there are rewards. So, if you're going to take on the supervision of interns, know the risks and know how to mitigate them before the allure of, "easy money", draws you into an abyss you wish you'd never entered.
9. Utilization of The Proper Business Entity
Fact: The Sole Proprietorship is the worst form of business entity you can have from a liability stand-point because you can be sued personally by vendors, customers, anyone. And being sued personally means you can lose everything you own.
Did you know that if you don't leave a valid will behind after you die, the State has one for you? And it's horrible. When you decide to go into business and hang your shingle, the type of business entity that you set yourself up in works much the same way. If you don't set up some type of corporate entity (LLC, C-Corp, S-Corp, etc) then by default you're operating as a "Sole Proprietor". Make sense?
Sole Proprietorship simply means that you not only work IN the business, but that you ARE the business. What that means is that should someone sue you for damages, anything "the company owns" is fair game to be taken from you. And since YOU are the COMPANY, anything you own right now, your home, your cars, your furniture, your savings, can be taken from you for just cause.
I'm willing to bet that that's not the position you really want to be in but if you haven't taken steps otherwise then that's the position you've placed yourself in. Not good.
You need to set up the proper type of business entity in order to protect anything that you do not want to lose. Do you know the different types of business entities available, the pro's and con's of each one, and which one would work best for you?
10. Defensive Forms
Fact: According to the 2018 Texas Health Professionals Council Annual Report 2018, 71% of the complaints resulted in either a standard of care or unprofessional conduct by the LPC licensee. A large percentage of these could be related to the professional having a lack of proper defensive forms in place in their practice setting that sets certain professional protocol parameters between clinician and client right on the front of the client-clinician relationship.
Nothing you do guarantees your complete safety from the wolves. Then why bother?
The entire purpose of every risk-prevention tactic is to remove you from the realm of low-hanging fruit and make someone else an easier target. Everyone has the same opportunity to shore up their own defenses and you are only responsible for your own!
That sounds cruel but it's a very fair representation of how the world works, and it's the tactic all life-forms take in a world of no guarantees. We don't want anyone to be harmed but that list of folks to hold harmless begins with YOU, doesn't it?
One of the areas in which you can build a solid perimeter defense is the forms that you utilize in your practice. From simple forms on your website to Intake Packets, to Release of Records Request forms, to Fax Cover Sheets, a properly and legally worded trail of forms will reduce your risk in several areas involving client-data. Areas of vulnerability in your forms can easily be exploited causing baseless complaints to be filed, which is a large piece of what we're trying to avoid.
Have you ever done a forms inventory? Have your forms been designed with complaint-prevention in mind, or did you get yours from a friend? Did you find them, "on the interweb"? (It's on the internet it must be true!") Have your forms been approved by your attorney? Do you even have an attorney?
Forms make up a large segment of your front-line defenses.
This topic is thoroughly discussed in our upcoming live workshop on utilizing forms in your defensive posture. The online version is here.
Fact: Anti virus software is not a proper way to protect your business from cyber violation.
Really? Cybersecurity? Well, if you think cybersecurity only involves the Russians, N. Koreans, and the pimple-faced kid in your neighbor's basement you would be wrong. There are two sides to this coin: those perpetrating the madness (see Russia, N. Korea, and kid next door), and those being affected by it.
For your counseling practice, cybersecurity has everything to do with protecting all of your practice data and you need to think of it in those terms. How can you know for sure if you are either being negatively affected by, or are a good target for, the cybersecurity bullies? Take this test and find out:
- Do you own & operate a laptop, desktop, or mobile phone?
- Do you have internet access?
- Do you present yourself to the community as a SMB, a counseling practice?
If you answered, "Yes", to any one of those, you're a target.
In fact there's a good chance there's a couple cases of benign malware or adware living on your device right now. Good cybersecurity measures are a foundational aspect of your total HIPAA and PCI Compliance measures so make sure you get that put in place right away.
Or, you can wait until the real nasty stuff shows up, grabs all the data pertaining to your practice including your bank accounts, client data, and whatever else you left laying around, then demand a sum of money from you in order for them to return your data (they like small-businesses the best because they can stay under the radar that way; less publicity, less law-enforcement personnel). That sum of money alone will probably be enough to force you to close your doors. If that doesn't do it then once your clients find out what happened (yes, you're required to report it to each and every one of them), that ought to tip the scales in favor of locking up permanently.
Yes, it's scary stuff and some don't care to be told the naked truth but not doing so would be a great disservice to you. Get your cybersecurity defenses put in place. A fine position as a K-Mart greeter may await you if you don't!
12. The Branding of You
Fact: Times have changed and so has, "The branding of you!" Academic bravado is no longer relevant.
If you work for yourself on any scale then you are in business for yourself and your business should have a never-ending drive to tell the world about you and what you offer. Most mental health professionals have had no training in marketing, sales, or small-business operations. Consequently, they don't do very much of it or don't do it very well.
Branding is all about you, what you offer, why you're different, and who you serve. It's about crafting your story in a fashion that is meaningful to your targeted market. That last sentence is critical. Your next client only cares about his needs, from his point of view, and how you can help him with that.
So how are you marketing yourself right now? Does it reach out and touch your prospects in a manner that makes them want to pick up the phone and call you? Or is your marketing a shrine to your own accomplishments?
Branding yourself successfully, and marketing that consistently is at least half of the equation that yields a successful practice. Do you have a paper-based Branding Program in place? If not then please consider finding someone that can help you put that together, then watch your practice grow.
More information about branding and your story can be found here. Stay tuned for a new workshop on this topic coming sometime in 2019!
You've spent 6-7 years doing what your degree advisor told you to do to acquire the necessary academic credentials for your dream career. You probably worked a side job or two to stay afloat.
Then, with no guidance or advice you had to find a supervisor into whose hands you placed the future of your career, and you paid them for the privilege. Probably another side job or two? Then you spent the next year or two (or more?) following directions from Big Brother and your supervisor, accumulating required hours just to be able to apply for your professional license and wait another 6-12 months for approval.
It's no wonder counselors are some of the loneliest people in the world. That's 7-8 years of dutifully following some authority figures' guidelines just so you could eventually rent a 10'x10', hang your shingle, and work 4 days a week. Finish that gauntlet and all any rational person would want is to be left alone in a room to talk to someone for $150/hr and go home at 4, right?
Okay, take a little vacation, you've earned it. But realize that isolation is a knee-jerk reaction and is one of the worst possible environments you could possibly set up for yourself. In fact, it's going to be one of the fastest ways to stagnate or destroy what you just spent years putting into place. Isolation will stunt both your personal and professional development. It will deny you the opportunity to implement the defensive postures you need to protect yourself, your career, and your family. And isolation will play with your mind.
We all need to retreat from the daily fray and recharge our batteries but that's not the same as a full-time isolation scenario. So here's what you do. Purposefully develop a group of mentors that you reach out to for advice in a number of areas that includes:
- Professional Development
- Legal-Business Setup
- Legal-Family Law
- Insurance-Liability and a dozen other areas
- Federal Regulatory Compliance (HIPAA)
- Industry Regulatory Compliance (Banking-PCI Compliance)
- State Compliance-All Board Regulations including Release of Records and the Complaint Process
- State Compliance-Supervisory Guidelines
- Personal Friends
Sometimes that advice will be received in a "for-pay" scenario, sometimes through a "continuing education" conduit, and sometimes from a trusted friend over coffee.
The point is that healthy personal/professional growth cannot be achieved in isolation.
Establish your mentor-group and interact with them on a regular basis, and that includes being a mentor to others as well. Preparation for teaching is often the best way to achieve your own growth objectives.
Additional thoughts on building your mentor group can be found here, here, and right here.
Step 2 Recap
If you've read this far then congratulations! That means you care about the big picture and doing things right. You are indeed part of the Top 5% in our profession.
So what's your next step? Well, if you haven't already listened to the Kathleen Mills' Story then please go do that right now. It is, after all, the catalyst for everything you've just read, and what we're about to introduce to you.
If you've already heard Kathleen's story, and read through the report above, you get 5 extra credit points for following instructions. Your next step is to....well, you'll be receiving an email in the next 48 hours that will show you what to do and bring you to the culmination of these first two steps.
Please let us know what you think about PracticeMentors so far. We love constructive feedback; it's how we get better.