ACTO

Not all insurers are the same. I did a secret shopper survey in 2014 and I found a huge variation with regards to working online and some insurers didn’t seem to understand some of the issues involved, especially around jurisdiction. If you are working online we would suggest you contact your insurer to insure that you are covered to work online and if you’re working outside the UK to check that the country where your client is (or where you are) is covered by your insurer.  Get confirmation of this in wiritng.

I have clients in The States, my supervisor has told me this is not OK. Is she right? Generally how does it work if your client is in a different country?

This subject is known as jurisdiction. As the question covers the USA specifically I will start with the USA where there are specific issues. There are two issues to think about when working in the States online. HIPAA and State Licenses. There is an American online therapist, Roy Huggins, who runs a really interesting company and website https://personcenteredtech.com/ ….. you’ll find plenty of resources there and Roy is a great person to consult. In brief, HIPAA (Health Insurance Portability and Accountability Act of 1996) is a United States legislation that provides data privacy and security provisions for safeguarding medical information. If you are going to work in the States you’ll need to sign up for this and comply with it. The second constraint is that most States require you to have a State license. This is for face to face work and online work. So to comply with US State laws you’ll need to be licensed in each State that you work in. You’ll understand from this that it is for this reason that most insurers do not include working in the States within their Professional Indemnity Insurance cover.

To summarise it’s therefore HIGLY UNLIKELY that you’ll be able to work in the States unless you have the correct licenses and comply with HIPAA. If you want a second opinion on this Roy Higgins is your man!

I have used the USA as the example, but each country has its own laws, and you should not assume that because we are in (just) Europe that all EU countries Have the same rules and laws, they don’t. It can be very difficult to get the information you need, for example if you have a child protection issue with an online client in Italy, how might you proceed. You still need to think about safeguarding and compliance wherever the client is and it’s not always easy.

There is no doubt that having a trained online supervisor will be of benefit. However neither BACP or ACTO insist that you have a trained online supervisor but suggest that some of your current supervision is done through similar technology that’s used for working with clients and advise to have a trained online supervisor to do this with.

BACP Working Online Guideline 047, states:

Point 3 "It is considered good practice to receive at least some supervision online through similar technology to that used for working with clients ..."

(Bond, 2016 BACP online guideline)

ACTO Code of Ethics:

"Members should be aware of and work within their limitations and competence; seeking regular supervision preferably from an experienced online supervisor; and be willing to undertake continuing professional development."

We therefore recommend that at least part of your online therapy work should be explored in online supervision and preferably with an experienced online supervisor.

If you need help to find an online supervisor you can find a list of registered online supervisors on the ACTO website https://acto-org.uk/seeking-online-supervisor/

We are not able to provide definitive advice which you would need to seek from the ICO as every situation is different.

However our understanding is that if you keep any personal information relating to your clients either in paper or electronic form you will need to register. (This for example would include email addresses and phone numbers stored on a computer or mobile phone).

If your only work outside is as salaried employment then your employer is responsible for the management of all personal data within the company / organisation and in that instance it would not be necessary to register.

However, this is a fast changing area of legislation and with the arrival of General Data Protection Regulation (GDPR)and extensive new Data Protection Legislation we would recommend that you familiarise yourself with both the Data Protection Act and GDPR as well as completing the ICO’s self-assessment to determine if your personal circumstances necessitate your registering.

References:
Self-assessment: https://ico.org.uk/for-organisations/register/self-assessment/
Data Protection Act: https://ico.org.uk/for-organisations/guide-to-data-protection/
GDPR: https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/getting-ready-for-the-gdpr/
GDPR: https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/

There seems to be quite a lot of confusion generally about DBS checks. You cannot apply directly to the DBS Service but you can apply for your own DBS check at https://www.dbscentral.co.uk/. Whilst there appears to be no fixed time validity, https://codeuk.com/faq/dbs-crb-checks-expire-often-need-reviewing/, the generally available guideline is that a DBS should be valid for three years, and that's the standard we recommend at ACTO.

As soon as you receive your DBS check we would recommend you apply to https://secure.crbonline.gov.uk/crsc/apply?execution=e1s1 which is their updating service – you need to do this within 19 days of the date of your DBS certificate, but in future this will avoid you having any duplication.