Tech Trends

Social Media Confidentiality for EA Clinicians & Clients

By Marina London, LCSW, CEAP

The other day, I logged onto Facebook, and I came across the following public post and comments (all names and identifying information have been changed):

First, the post – Abby, a potential EA client wrote: “Hi Bob, do you accept Aetna insurance?” (Note: Abby’s post included her full name and her photo.)

In response, Bob, a psychotherapist and EA clinician wrote: “Hi Abby. Can you send me a copy of your insurance card? What about using your EAP benefit? I’m affiliated with a number of Employee Assistance Programs. I would be happy to work with you.

Abby responded to Bob: “The Acme Widget Company, where I work, has an EAP. I have an EAP counselor assigned to me. But he wants me to see you due to our previous work together. He says I need more help with my issues than can be offered through the EAP. Do you know Dr. Phil in Oak Grove, IL? He is my new psychiatrist.

The Perils of Public Posts

I doubt Abby or Bob realized that this exchange was publicly posted and viewed by hundreds of people who should never have seen it. We have a duty as EA professionals to understand and use the appropriate social media privacy settings and to educate our clients about the danger of publicly exposing their mental health issues.

Abby should be told about the potential negative ramifications to her professional and personal life when she publicly revealed:

1. That she has a mental health issue (or implies she has a mental illness)
2. That she is seeing a psychiatrist
3. The name of her insurance plan
4. That she is seeing an EAP counselor
5. That she wants to see Bob for counseling

Unfortunately, we know all too well from hundreds of examples that information individuals make public can, and often will, be used against them. For example, what if someone at Acme sees this post and circulates it around the company? Abby may not get that sought-after promotion because her boss read her post and decided she is “too unstable” for the promotion.

Or she applies for a job, and prospective employers look for her on Facebook (and we know many will,) and they don’t hire her, because, why take a chance that her attendance and job performance may be affected by her “mental problems.”

Bob, on the other hand, should never respond to an inappropriate client post in a public Facebook setting. In doing so, he violated this clueless client’s confidentiality.

The irony is that I am absolutely positive that if Abby’s employer called Bob at his office, and asked “Are you seeing Abby for counseling?” he would respond, as we have all been taught, “I can neither confirm nor deny that I am seeing Abby for counseling.”

But on Facebook Abby and Bob seem to have lost their perspective.

Social Media Responsibility
Bob is not alone. Studies show that many therapists do not understand the confidentiality issues raised by social media. Here are some best practices to avoid breaching confidentiality online:

1. It is important for EA professionals to recognize that their “private” online activity may intersect with their professional competence. Indeed, online self-disclosures may represent the intersection where dilemmas surrounding personal and professional roles meet – and in some cases signaling the start of boundary violations.

2. Self-disclosure online is almost inevitable.
Often it is initiated by clients who want to learn more about their therapists. Some clients may do more than a Google search: They may join social networking sites and professional listservs/chat rooms, or pay for online background checks or online firms to conduct illegal, invasive searches.

3. EA counselors need to create and maintain a formal social networking site policy as part of the informed consent process. Informed consent processes should at the very least acknowledge the risks and benefits of using social media and other technologies. In addition, such policies should articulate practitioner expectations for using such sites, specifically that counselors will not “friend” or interact with clients on social networking sites.

4. EA counselors should develop online technological competence.
They must understand the nature and essential technology of social networking sites. They should proactively set controls that limit who can access their personal information.

5. EA clinicians should contact both professional and personal liability insurance representatives.
This is necessary because they need to find out whether their professional and personal liability insurance covers social networking sites.

6. EA clinicians should avoid using certain types of speech online.
This holds true even if they use high privacy restrictions and other protections (such as pseudonyms). These communications might include breaches of confidentiality – speech that is potentially libelous and which denigrates the reputation of their field.

Above all, I urge EA clinicians to develop online technological competence.
This can be done by:

* Reviewing the “Ethical Framework for the Use of Technology in EAPs” co-authored by EAPA and the Online Therapy Institute, and posted on EAPA’s website:

* Reading relevant articles on a topic such as “A therapist and coach guide to encryption,” which covers how to use encrypted e-mail services and the relationship between encrypted e-mail and HIPAA compliance.

*Taking a formal course such as “E-Therapy Certification”:  

The bottom line: if you are not sure you understand Facebook’s privacy settings...... don’t use Facebook.  

Marina London is Manager of Web Services for EAPA and author of iWebU,, a weekly blog about the Internet and social media for mental health and EA professionals who are challenged by new communication technologies. She previously served as an executive for several national EAP and managed mental health care firms. She can be reached at