What You Always Wanted to Know but Were Afraid to Ask
Perhaps nothing provokes more anxiety than the prospect or reality of facing a malpractice lawsuit or a licensing board complaint. As an attorney with almost 40 years of experience in representing health care and behavioral health care providers, I would love to offer you a foolproof way to prevent such events. Unfortunately, that is magical thinking. But there are many steps you can take to minimize your risk of exposure and to maximize your chance of a successful outcome if you are served with a lawsuit or a board complaint. Before providing you with a risk management toolkit, some background information and advice is essential.
Maximize your Insurance.
Behavioral health professionals should understand the critical importance of comprehensive insurance coverage, including different types of available coverage. Most providers do not understand the importance of obtaining optimal professional liability insurance, especially coverage for board complaints. While insurance carriers may use different labels to describe this coverage, such as board defense or administrative defense, it is intended to reimburse you for defense costs, including attorneys’ and expert witness fees. In my experience, providers tend to be underinsured for board defense. In fact, most of my clients erroneously believe that they have $1,000,000 of coverage for board complaints. But that relates to lawsuits, not board complaints, for which the highest amount available may be $100,000. Yet some carriers use $5,000 as the default if you fail to opt for higher limits. That is absurdly insufficient. I strongly recommend that all providers maximize their board coverage to at least $100,000. If your carrier offers a maximum of $35,000, I urge you to select a different carrier. If you want to protect your livelihood, then you need to protect your license.
You also should maximize your insurance in the event you are sued. Limits are typically $1,000,000/$3,000,000, which means you have up to $1,000,000 available for a settlement or adverse verdict in a single lawsuit and up to $3,000,000 in the aggregate during the policy period—typically one year—in the event you face several lawsuits during that period. You should consider higher limits, such as $2,000,000/$4,000,000 to increase your protection. You also should obtain and maximize your coverage for cyber liability (coverage in the event of a data breach), HIPAA breach notification, subpoenas, and deposition and court testimony.
You may be surprised to learn that the increase in premium to obtain adequate protection is relatively small. Let’s say that it costs you an additional $250 per year. While that may seem to be a lot of money, consider that it may be less than defense counsel’s hourly rate. In this hypothetical, paying $250 more a year to increase your board coverage from $5,000 to $100,000, and perhaps other types of coverage, gives a compelling example of effective risk management. Putting it bluntly, failing to have adequate insurance coverage means you may have to pay your attorney thousands of dollars out of pocket, which is unnecessary and totally within your control to prevent. Even if you work for an agency or organization that insures you, I recommend that you obtain individual coverage for many reasons, including that your employer’s policies may not provide you with board defense, the amount of the employer’s coverage may be inadequate, there may be a conflict of interest and exclusions may limit your coverage. I know of cases involving providers who erroneously thought their employers covered them and later learned that was untrue. Again, I want you to be fully protected and in control of your own destiny. Insurance is complex and cannot be fully addressed in this article. I suggest you speak with your insurance agent. Members of professional associations—such as APA, NASW, ACA, and AAMFT—may be eligible for competitively priced coverage as a member benefit.
Standard of Care.
To prevail in a malpractice lawsuit, the plaintiff (client or client’s representative) must prove that the defendant (provider or provider’s representative) owed a duty of care, breached that duty, and the breach was the proximate cause of harm to the plaintiff. Establishing a breach of the duty of care requires the plaintiff to show that the defendant failed to satisfy the standard of care. Standard of care is a legal concept. While jurisdictions vary in their definitions of standard of care, the common denominator involves showing that defendant failed to exercise the degree of care that a reasonable provider should have used in similar circumstances at that time. Reasonableness is the key. If a provider acted reasonably, then s/he can win even if there were a poor outcome. The standard of care is prospective, which refers to what the clinician knew at the time s/he made the decision or engaged in conduct that is in dispute (as opposed to judging the clinician’s decision or conduct based on a known outcome). The jury (or sometimes a judge) must determine whether, based on the information available to the provider at the time of the treatment, the provider’s conduct was reasonable. Generally, this involves each party presenting testimony from opposing expert witnesses. The standard of care is based on many sources, including, education, training, experience, statutes, regulations, codes of ethics, case law, professional literature, policies, protocols and guidelines, as amended. With this foundation in mind, you now can understand a provider minimizes risk by demonstrating that s/he acted reasonably. This leads to my recommended risk management toolkit.
Although most providers probably regard documentation as the bane of their existence, or at least a nuisance, it is the single most effective way for a provider to engage in proactive risk management. Clinicians need to know that the first thing plaintiff attorneys review to evaluate whether to file a malpractice lawsuit is the chart. Accordingly, providers should document their charts so that a juror or board member can understand the clinical rationale for their diagnosis, treatment plan and crisis management, among other professional decisions and actions. If the decision making seems reasonable, then a provider significantly increases his/her chance for a successful outcome. Conversely, if a clinician fails to document, for example, a suicide risk assessment, then a plaintiff attorney will argue that the absence of documentation means that no such assessment was done.
Clinicians also should consider how documentation reflects on their credibility and professionalism. If a chart contains typographical errors, inaccurate facts or inconsistent assessments, informal terms or abbreviations, ambiguous jargon, or leaves boxes unchecked or fields blank, that bodes poorly for a favorable outcome. This heightens the importance of proofreading carefully. I know of a case in which the failure to edit a conclusion about child custody, which was auto populated in every progress note in the electronic record since the initial intake, led to devastating consequences. At the outset, the clinician noted that the mother should never have custody of the child. Months later, the clinician believed changed circumstances warranted recommending custody, but the original comment appeared in every progress note in the chart, including on the last visit. The mother regained custody, murdered the child and the jury awarded a $45 million verdict against the behavioral health agency.
Perhaps the best way to emphasize the importance of documentation is to explain how it is displayed in a courtroom. Trial software allows attorneys to enlarge, highlight and literally use arrows to force the jury to focus on the cherrypicked parts of the chart that they believe advances their position. So the question you need to ask yourself is whether projecting your records on a large screen will help or hurt you. Can the jury understand from reviewing your chart why you made the critical decisions in your case or will the jury decide you ignored key facts and breached the standard of care?
There are many potential sources of requirements relating to documentation, including state and federal statutes and regulations, codes of ethics, third-party payer provider manuals, board advisories and guidelines, employer policies, and professional organization guidelines or standards. You should assume that your client, and possibly third parties, will have access to and read your clinical notes. This does not mean you should always strive to be as vague and concise as possible. I strongly disagree with that approach because it fails the threshold test: Can a juror or board member understand your clinical decision making from reviewing your chart? Whether notes should be vague or explicit, or short or long, depends on the unique situation and a variety of factors.
Your notes should be objective and avoid inflammatory comments, but they need to address and not hide the issue. I recognize that if your client discloses sensitive information, such as a history of rape or an abortion, you may opt to be somewhat vague and refer to a prior traumatic incident or health decision especially considering that third parties may have access to the notes. But there are red flag situations which may result in legal exposure. For example, if you conclude that your client is actively suicidal or homicidal to the point you decide to breach confidentiality and inform third parties, then your notes need to be detailed and provide factual support. Conversely, if despite expressions of suicidality or aggressive comments by your client, you decide not to breach confidentiality or inform third parties, then your notes need to be detailed and provide factual support. I recommend incorporating quotations in the chart. Other red flags requiring detailed documentation include clients who resist signing forms or following treatment advice, have multiple prior therapists over a short period, express dissatisfaction with treatment, have personality disorders or histories of suicide attempts or violence, are litigious, consistently fail to keep appointments, fail to pay bills, manifest transference, initiate boundary crossings, express frequently feeling wronged, and when unexpected adverse outcomes occur or there are custody battles.
Documentation needs to be accurate and timely. If your diagnosis or treatment plan changes, update your records. Remember that third-party payers which credentialed you to treat your clients have the right to audit your charts. Read your provider manuals. I have represented clinicians who failed to do so and faced audits. Your insurance policy does not cover attorneys’ fees related to audits.
Some providers fail to inform their insurance carriers when they receive notice of a board complaint (or when they are served with a summons and complaint). This can jeopardize your insurance coverage. Why pay premiums for insurance if you do not use it? Sometimes providers act impulsively out of fear or anger. They may believe that it is such a frivolous complaint they do not need an attorney. They are wrong. Providers should always retain an attorney to defend them in these matters. In fact, most insurance carriers permit providers to select their own attorneys for board defense, unlike lawsuits where most carriers assign counsel from an approved panel of attorneys. Make certain that you choose an attorney whose practice concentrates in this type of representation. Skilled legal representation of behavioral health professionals requires specialized knowledge.
The problem with going it alone, i.e., pro se (a Latin phrase which means “for oneself”), is that as someone who lacks legal training, you do not know what to write in a response to the board complaint, and, more importantly, you do not know what not to write. Such providers may inadvertently expand the scope of the board complaint or make unnecessary fatal admissions of liability. A carefully written response to a complaint, with the assistance of a skilled attorney, can have a profound effect on the outcome.
Know what your state and profession requires.
Every state regulates the conduct of licensed behavioral health providers. As unpleasant as it may sound, I urge you to read the statutes and regulations which govern your practice. Usually these are posted on licensing boards’ websites. How else would you know what the state requires you to do or not to do. You will learn what conduct constitutes grounds for discipline. You may learn that there are documentation requirements. You also should review the websites of your state’s equivalent of the Department of Health and your licensing board or additional information governing your practice. You may find helpful board advisories or guidelines. Other important sources include your professional code of ethics (mental health counselors have three codes!), professional organization guidelines or standards and employer policies. Please remember that reading them once, perhaps years ago, does not count because they often are amended or new documents emerge. For example, the National Association of Social Workers (NASW) Code of Ethics was substantially amended in 2017 and in 2017, the NASW, along with other national social work organizations, published Standards for Technology in Social Work Practice. Not knowing the content of these documents increases the risk that you will fail to comply with them and be sued or face a board complaint. Put more positively, knowing the ground rules helps to minimize the likelihood of a lawsuit or board complaint.
Use encrypted emails, texts and audio and video platforms.
HIPAA requires use of encrypted electronic communications of Protected Health Information (PHI), which includes emails, texts, audio and video chats, video conferences and other remote communications technologies. In March 2020, the federal Office for Civil Rights, which enforces HIPAA and other federal laws, stated it would not impose penalties on providers using non-HIPAA compliant remote communications technologies for telehealth during the Covid-19 national emergency. However, I have always recommended using HIPAA compliant technology. It is best practice to do so. While the US Department of Health and Human Services has renewed the declaration of a public health emergency due to Covid-19 every 90 days since 2020, it likely will not continue to do so indefinitely. Providers need to be prepared for the foreseeable time when the non-enforcement notice expires.
Providers often mistakenly believe that if texts or emails are sent for administrative purposes then they do not need to use encryption. However, all electronic transmissions of PHI should be encrypted; the names and email addresses of clients are considered individually identifiable information which cannot be transmitted electronically without encryption. Put simply, whether the email mentions cancelling an appointment or the substantive content of therapy makes no difference for this purpose.
This is too broad a topic to cover fully, but a few key points merit emphasis. Unfortunately, despite the fact that we have been in the Covid-19 pandemic for about three years, some providers do not understand that generally, subject to local law stating otherwise, they must be licensed in both the jurisdiction where the providers and clients are physically located at the time of the telehealth session. The client’s legal address does not matter. For example, let’s suppose a provider is licensed to practice in Rhode Island. Before Covid-19, the provider could see clients in his or her Rhode Island office no matter if the client lived in Rhode Island or nearby Massachusetts. During the pandemic, if the client is physically in Massachusetts and the provider is physically in Rhode Island, the provider must be licensed in Massachusetts to conduct the session. The result is the same if the client lives in Rhode Island but happens to be in Massachusetts during the session. There may be exceptions if this is an emergency or done for a very limited period. Similarly, if the provider is temporarily in another state where s/he is not licensed (for example, on vacation), conducting a telehealth session involves risk even if the client is in Rhode Island at the time. Providers need to consult the laws of the states involved to avoid problems. Some states do not require non-licensed providers to apply for temporary or permanent licensure while others mandate such steps. Keep in mind that these laws often change over time.
In addition, telehealth entails unique risks for which a separate telehealth consent form should be used. For example, there are risks of interception/hacking and breach of confidentiality that need to be disclosed. Clients should be informed about the risks of using public WiFi networks, technical failures, and the need for back-up and safety plans. Clients should agree not to use telehealth when they are not located in the provider’s licensed jurisdiction and not to record sessions. Steps need to be taken to verify the identity of the client. Providers should inform clients that telehealth may be limited to the extent that the provider cannot see and interpret the client’s body language and because in-person or higher levels of care may be needed if circumstances change.
When providers encounter challenging ethical or legal issues, they should consult knowledgeable supervisors or peers. This advice applies to veteran providers as well because the purpose is not simply to learn how others may respond, but also to establish for risk management purposes that the provider acted reasonably. The key is to document the consultation in the chart. For example, assume a provider believes a client likely will not attempt suicide but recognizes that if s/he is wrong, legal consequences may ensue. In addition to thoroughly documenting the provider’s clinical rationale, imagine the impact of a jury seeing written contemporaneous proof that the provider took the time to consult with two other professionals who both agreed with the treatment plan. For particularly thorny issues, the provider also should consider also consulting with an ethics expert and a risk management attorney and documenting those discussions as well. It can be helpful to cite to relevant statutes, regulations, codes of ethics, agency policies or other sources. Some professional associations offer ethics consultation to members. On some occasions, it may be helpful to contact ethics committees (for example, sponsored by a practitioner’s employer). Collectively, this provides powerful evidence that the clinician acted reasonably. In fact, even if the advice is wrong, reasonable reliance on advice can be a strong defense, provided that the advice is not obviously wrong on its face.
Use practice policies and consent forms.
Providers should have well drafted practice policies and consent forms. Remember that informed consent is a process, not just a form. You need to discuss the content. Having the client sign a document stating that s/he has read, understands and agrees with the information and has had an opportunity to ask questions gives you strong evidence for future use if needed. These documents should address many issues, including confidentiality, and its exceptions, access to records, minor’s rights, collateral individuals who meet or confer with the clinician, fees, billing, contact information, electronic communications, social media, telehealth, and returning to in-person services after a period that included telehealth (for example, during a pandemic).
Be aware of key statutes and regulations.
Providers need to be familiar with key federal statutes and regulations, including HIPAA, the 21st Century Cures Act, which requires providers to provide clients with prompt access to their electronic records, subject to various exceptions, the No Surprises Act, which requires providers to provide self-pay and uninsured clients with good faith estimates of fees and to inform clients of their rights, and 42 CFR Part 2, relating to confidentiality of substance use disorder patient records. Clinicians employed by schools should be familiar with the federal Family Educational Rights and Privacy Act (FERPA). Providers should also be familiar with relevant state statutes and regulations.
The following suggestions are best practices and can help minimize risk:
- Copy and save substantive e-mails, texts, telephone messages, audio/video files and voicemails in the chart
- Respond in a timely manner to calls, emails, and requests for records
- Keep records secure
- Do not respond to online reviews of your services
- Avoid dual relationships, including conducting both therapy and child custody evaluations
- Retain records in accordance with best practices
- Do not sue clients for unpaid fees or use collection agencies
- Use strong firewalls
- Keep security software up to date
- Never bill for services that have not actually been provided
- Prepare a professional will
- Avoid criticism of other providers, including online posts
- Make sure you have client consent before responding to subpoenas or you will need to file a motion to quash the subpoena
Grounds for lawsuits and board complaints.
There are numerous bases for lawsuits and board complaints. Here are the common ones:
- Breach of confidentiality and privacy
- Lack of informed consent
- Failure to maintain appropriate boundaries (both in-person and online), including sexual misconduct and poorly managed transference
- Lack of or improper documentation
- Client abandonment
- Fraudulent billing
- Suicide and homicide
- Failure to diagnose or misdiagnosis
- Failure to obtain or negligent supervision
- Impairment of provider
This last bullet point requires brief explanation. Even though supervisors may have no client contact, nonetheless, they may be held liable for the negligence of their supervisees based on a legal concept known as vicarious liability or respondeat superior (a Latin phrase which means “that the master must answer”). I recommend using supervision agreements to define the responsibilities of both the supervisor and supervisee. Similarly, employers are deemed to be liable for the negligence of their employees, provided that they acted within the scope of their employment. This highlights the importance of hiring competent employees and providing appropriate supervision and training.
The scope of this article is ambitious, and it only provides an overview of a complex topic. You can find sample forms and summaries of key laws on the internet. I recommend reviewing the websites of your professional organizations. While this may seem overwhelming, I am confident that applying the risk management toolkit described above should substantially help control a provider’s risk.
Robert P. Landau
Roberts, Carroll, Feldstein & Peirce, Inc.
10 Weybosset Street, Suite 800
Providence, RI 02903
This article is not intended to and should not be construed as legal advice. Laws vary in jurisdictions and different fact patterns can affect legal analyses. This article is for general informational purposes only and may not constitute the most up-to-date legal or other information. Readers should contact their attorney to obtain advice with respect to any particular legal matter. No reader should act or refrain from acting on the basis of information in this article without first seeking legal advice from counsel in the relevant jurisdiction. Use of or reliance on any information contained in this article does not create an attorney-client relationship between the reader and the author.
We welcome guest columnist, Robert Landau, J.D.. Robert is one of the expert instructors for "Ethics and Risk Management", a self-study course from TCI that offers 3 Ethics CEs.
You can find details about this course here.
About Robert Landau, J.D.:
Robert (Bob) Landau is an attorney with Roberts, Carroll, Feldstein & Peirce Incorporated and was selected for inclusion on the 2019, 2018, 2017, 2016, 2015 and 2012 Rhode Island Super Lawyers list. He is a seasoned litigator who focuses his practice on defending hospitals, physicians, nurses, dentists, social workers, psychologists and other health care providers in malpractice lawsuits and disciplinary proceedings. He has successfully represented clients in the state and federal courts of Rhode Island and Massachusetts.
Bob has had numerous jury trials with a significant number of defense verdicts. In addition to trying cases to juries, Bob handles any appellate issues that arise from his matters. He has appeared regularly before the Rhode Island Supreme Court and has a number of reported decisions. In those instances where a trial is not the best course of action, Bob has extensive experience in alternative dispute resolution. His presentations to mediators and arbitrators help clients resolve cases on favorable terms.
In addition to health care matters, Bob represents clients in general insurance defense litigation and has had significant commercial litigation experience.
Read more about Robert P. Landau here..