FAQ

Not all insurers are the same. I did a secret shopper survey in 2014 and I found a huge variation with regards to working online and some insurers didn’t seem to understand some of the issues involved, especially around jurisdiction. If you are working online we would suggest you contact your insurer to insure that you are covered to work online and if you’re working outside the UK to check that the country where your client is (or where you are) is covered by your insurer.  Get confirmation of this in wiritng.

I have clients in The States, my supervisor has told me this is not OK. Is she right? Generally how does it work if your client is in a different country?

This subject is known as jurisdiction. As the question covers the USA specifically I will start with the USA where there are specific issues. There are two issues to think about when working in the States online. HIPAA and State Licenses. There is an American online therapist, Roy Huggins, who runs a really interesting company and website https://personcenteredtech.com/ ….. you’ll find plenty of resources there and Roy is a great person to consult. In brief, HIPAA (Health Insurance Portability and Accountability Act of 1996) is a United States legislation that provides data privacy and security provisions for safeguarding medical information. If you are going to work in the States you’ll need to sign up for this and comply with it. The second constraint is that most States require you to have a State license. This is for face to face work and online work. So to comply with US State laws you’ll need to be licensed in each State that you work in. You’ll understand from this that it is for this reason that most insurers do not include working in the States within their Professional Indemnity Insurance cover.

To summarise it’s therefore HIGLY UNLIKELY that you’ll be able to work in the States unless you have the correct licenses and comply with HIPAA. If you want a second opinion on this Roy Higgins is your man!

I have used the USA as the example, but each country has its own laws, and you should not assume that because we are in (just) Europe that all EU countries Have the same rules and laws, they don’t. It can be very difficult to get the information you need, for example if you have a child protection issue with an online client in Italy, how might you proceed. You still need to think about safeguarding and compliance wherever the client is and it’s not always easy.

There is no doubt that having a trained online supervisor will be of benefit. However neither BACP or ACTO insist that you have a trained online supervisor but suggest that some of your current supervision is done through similar technology that’s used for working with clients and advise to have a trained online supervisor to do this with.

BACP Working Online Guideline 047, states:

Point 3 "It is considered good practice to receive at least some supervision online through similar technology to that used for working with clients ..."

(Bond, 2016 BACP online guideline)

ACTO Code of Ethics:

"Members should be aware of and work within their limitations and competence; seeking regular supervision preferably from an experienced online supervisor; and be willing to undertake continuing professional development."

We therefore recommend that at least part of your online therapy work should be explored in online supervision and preferably with an experienced online supervisor.

If you need help to find an online supervisor you can find a list of registered online supervisors on the ACTO website https://acto-org.uk/seeking-online-supervisor/

We are not able to provide definitive advice which you would need to seek from the ICO as every situation is different.

This is a fast changing area of legislation. General Data Protection Regulation (GDPR) is now well embedded with many consequences for the counselling profession concernbing the privacy of clients and their data. In addition the Electronic and Privacy Regulations will replace PECCA this year and create further headaches for us in the counselling professions.

As a result we have revised our previous advice that registering for a Data Protection Registration Number (DPRN) which recommended completing the ICO’s (Information Commissioner’s Office) self-assessment to determine if your personal circumstances necessitate your registering.

Following the most recent advice given by the BACP Good Practice in Action 047 - Fact Sheet - Working online in the counselling professions, article 7, "Legal requirements for working in the UK and Europe" we now join BACP in recommending everyone signs up for a DPRN with the ICO:

“Anyone working online for any aspect of their work needs to take account of the relevant law concerning data protection. The General Data

Protection Regulation and the Data Protection Act 2018 set out the legal requirements for anyone who processes data about people in the UK.

The legislation aims to protect the privacy of people and to ensure that people, about whom information has been collected, can check the

accuracy of that information. The main implications for the counselling professions include:

• an obligation to register with the Information Commissioner’s Office

– see https://ico.org.uk/for-organisations/data-protection-fee/selfassessment/” (BACP, 2019). (Please note this is only an extract and article 7 should be read in its entirety).

References:
Self-assessment: https://ico.org.uk/for-organisations/register/self-assessment/
Data Protection Act: https://ico.org.uk/for-organisations/guide-to-data-protection/
GDPR: https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/getting-ready-for-the-gdpr/
GDPR: https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/

There seems to be quite a lot of confusion generally about DBS checks. You cannot apply directly to the DBS Service but you can apply for your own DBS check at https://www.dbscentral.co.uk/. Whilst there appears to be no fixed time validity, https://codeuk.com/faq/dbs-crb-checks-expire-often-need-reviewing/, the generally available guideline is that a DBS should be valid for three years, and that's the standard we recommend at ACTO.

As soon as you receive your DBS check we would recommend you apply to https://secure.crbonline.gov.uk/crsc/apply?execution=e1s1 which is their updating service – you need to do this within 19 days of the date of your DBS certificate, but in future this will avoid you having any duplication.