Should I report this therapist?

Briefly.. I just recently began seeing a new T. I recently called to reschedule an appt and instead of just typing in her extension, I hit # (pound) then her extension. I wasnt really thinking when I did it.. that's the way I access my own office vmail from outside the office, and it was just out of habit. I was shocked when this one mistake brought me into her voicemail and left for her from her other clients began playing! In order words, her voicemail isnt password protected, and simply hitting # before her extension accesses it. I called back and left a message about the rescheduling and also informed her of what happened, imagining it was just a fluke in the system. She didnt call back for 5 days, and then only after I called a second time.. said she didnt realize I'd expected a return call about that. (I was supposed to call the front desk for scheduling, which I didnt realize, so she figured I'd already scheduled through them to address that issue.. even though I specifically asked her to call me back. Eh). She admitted to being aware of the issue with the vmail and was clearly not too concerned. I returned her call again yesterday (Mon) and told her how unacceptable I thought this was.. HIPAA and confidentiality issue.. and that I wouldnt be returning. As of today (Tues), the vmail is still totally accessible without a password. I have NOT listened to even a snippet of any vmail since the first time, when I didnt know what was happening.. but it's insane to me that she doesnt care about this apparently. I left a message for the office secretary yesterday evening asking for a return call with the name of the clinical director, or a call from him/her themselves, to complain about this issue.. and no one called back today. I dont suspect they will. SO... I'm considering reporting this T to the social work board, but I'm not sure if I should. Seems to be like a very basic breach of ethics and confidentiality. What do you all think? Should I report her? Or what else should I do?

Oh my god, YES.
She should be worried about that because it is a breach of confidentiality. No should be able to access a ts voicemail and listen to their messages, its absurd and for her to not even care. She should absolutely be reported- its unacceptable.
I can understand if she didn't know the situation and you were informing her for the first time but for her to just shrug it off and be so blaise about it sneds up the red flags to me.

Make one more attempt with the office secretary, informing her you're planning on reporting the office and its clinical management if you don't receive a call back immediately.

If no reply, they clearly don't care or aren't processing the problem, and by all means I'd file a complaint. They are fortunate you were scrupulous enough to inform them, rather than being a person who either didn't care or abused the knowledge. If you have the energy for it, climb on that white horse and charge on!

I just googled this. I don't think voicemail is secure, period. And I don't think ts can be held responsible for information you initiate. For example, if you dont want your h to know you're seeing a t, don't leave a message on a ts voicemail? Idk.

question......why call her voicemail a second time? even if it was just to check to see if she fixed the problem not to scare you or anything here where I live and work its a crime to break into someone private mail, email and voice mail. not to mention breaching other peoples confidentiality. even more so now that you know how to do it and repeating it.

that said...depending on the phone service/company it may not be possible for the problem to be fixed. example upstate from where I am theres only one phone company that services the whole county. and very few of these towns even have cell phone towers yet. which means no matter what these people get what they get and thats it. everyone has the same process to get in to their messages and yea sometimes a person ends up in another persons voicemail/answering machine especially if the other persons pin to retrieve is something as simple as 123 pound lol (teens around that county enjoy trying to hack in other peoples messages and sometimes succeeds.)

but what can they do. if they want phone service they have only one option. and they are lucky if they are able to have a non party line (thats where 2,3, most times 4 and 5 families are on the same telephone line, yes you read right...line ....out along the street.. there are light poles, electrical poles and telephone poles/telephone wires)

imagine talking to your doctor and in the middle of the conversation you hear a click, hello and you say back hi, Im using the phone right now, and the person who picked up says sorry and hangs up and you finish your phone call with your doctor. Im not kidding you people in the mountains and some towns and cities in NY still live this way..

and theres nothing treatment providers, or phone companies can do about this. and it does not breach any HIPPA nor HIPAA laws. it isnt like the treatment providers are calling people telling other clients about each other. its not the treatment providers fault someone accidentally dials (or purposely after they know it happened and how they did it) the treatment providers voice mail /answering machines.

I would report her. If she has the ability to password protect it and hasn't, or hasn't got a machine instead, that is outrageous.

yes! You took all the proper steps to let her know and she does nothing!!

Thank you everyone for your feedback of all sorts. After speaking to a physician (MD) about this situation, I have decided to proceed with the report.

I do want to note one thing. I do NOT apologize for checking to see if the voicemail issue had been resolved. I did not listen to any voicemails by any clients (or anyone else), even for a second, and hung up immediately after it was clear a password was not yet set. Had she resolved this situation in a timely manner, I would have no interest in reporting her as glitches in technology do happen. I believe it is the only moral thing to do for me to report this concern to protect the confidentality of her other clients and ensure the ethical issues in her practice are addressed. In fact, as a mental health professional myself, I have an obligation to do so.. but this obligation honrstly isnt the greatest motivator for my report.

amandalouise, I think that if you read the ethical guidelines for psychotherapists/psychologists of most types (phd, lcsw, lpc, etc), and in the vast majority of states, you will find that there is indeed a very clear expectation that client's privacy be protected whenever it is possible to do so, by whatever steps are necessary. I think we all know that voicemail/answer machine systems with password protection exist.. I bet most of us here have this on a cell, home, or office phone of our own. The fact that she has chosen not to obtain such a machine OR chosen not to take the time to set it up correctly is not an excuse that justifies failure to protect confidentality. I suppose you may be right that there are extremely rural areas in the country and world where phone service is more limited, but that certainly does not describe my area, and even if it did, I'm pretty certain the licensing board for any therapist would still expect that therapist to make all reasonable attempts to ensure confidentiality, not just say "oh well" and let it go. I do appreciate your thoughts and questions though, and I did think on your points before making my decision to report.

Thank you again everyone.

um no not everyone has answering machines and voicemails that are password protected.

my own therapist right now is using an answering machine hooked to her home phone. its the kind where you turn the button on and you can hear it say my therapists name and her message and a beep and then as the person calling is leaving a message those in the room with the machine can hear the person who is leaving the message. it isnt a digital one this one has a cassette inside of it.

my wife doesnt have a password protected digital answering machine either.

my medical doctor doesnt have a password protected voicemail serice system either.

Im glad that those around you are able to afford digitalized password protected voicemails but many people here in NY state still do not have that option. they have a box that plugs in to their wall or desk phone the box has a recordable cassette inside. the phone rings, the box turns on the cassette turns and records what the person on the phone is saying. I screen my phone calls by letting phone calls go first to the answering machine. if the voice is someone I know and want to talk to I pick up the phone, and turn off the box answering machine.

Im glad your area isnt like this and your phone system is covered by privacy laws though

I think this is why the wording on hipaa documents specifies, "information we COLLECT from you." If you just throw the information at them when they weren't looking, it's not covered under hipaa, why should it be? If you google this, you will see that some drs advertise having secure voicemail service - that makes me think it's not mandated, it's an extra. But I'm looking at this as a computer analyst would - to me, it's not in the specifications. As a client, if you're not comfortable, then leave. But I don't think it's actionable. I could be wrong - there's a first time for everything

Thanks everyone for your thoughts. I adamantly but respectfully disagree, based on my own personal and professional experiences in therapy/the field, but I suppose I could be wrong. I will let the board make their own decision on this situation.

I feel like I've gotten a little bit of a tone of "what are you, stupid?" for even asking this though, which doesn't feel really great as a brand new poster on this board.. but it is what it is. I appreciate the thoughts regardless. Thanks everyone!

I think the issue in this case is the therapist's blasé attitude and lack of concern in this matter. She clearly was not aware that her voicemail was unprotected and, rather than either saying (1) I will fix that right away or (2) it's not possible to fix due to technology constraints, she simply ignored the matter and never ever bothered to call back the OP-- who, at the time of the first message, was a concerned, paying client. The situation would be different if the OP lived in a town like the one Amandalouise describes, but she does not. Clearly, lack of funds or lack of available technology is not the issue in this case, with this T.

I agree with FeelTheBurn. Tell the therapist that if she chooses to ignore the problem, then you will report her so that the appropriate governing body can decide whether or not it violates any ethics laws. It's not the OP's job to determine whether or not the T is violating those laws; she can simply make the report and let the governing body decide. Clearly, the T did not warn the OP up front: "My voicemail is not secure; be careful when leaving a message." I'm sure the T's other clients would be surprised to know that their voicemails can be heard by anyone with T's phone number. I highly doubt they are aware of this concern. For most of us in the US, it's a "given" that voicemail is digital and password protected.

I just back from my grandma's funeral in a very, very, small, very, very rural town, of mostly low-income families (population 80! nearest "big" town 4 hours away!) and even there, everyone has cell phones with private, password protected voicemail. In 2013, a basic, $50 cell phone is not a "luxury" for the well-to-do. It's a basic requirement for most jobs and, quite frankly, it's a safety device. What if your car breaks down in the winter? How do you get help? My 86-year-old grandma, living on social security in a town of 80 people, had a (basic, inexpensive) cell phone simply so she could call for help, should she need to. I guess I learned something today-- that not every town in the US has access to these basic things. However, most do, and I think the expectation for those of us who live in other places wouldn't even think twice about voicemail being unsecure. I know I wouldn't. If I left a voicemail for my T, I would be shocked to discover that it was not password protected! I feel that is something she would NEED to tell me, since it is so far out of the norm for Ts practicing in my area (which is also fairly rural!)

I thought it was a very interesting question. This was the kind of thing I loved to research when I worked. The answer seems so obvious, and yet? It was very hard to find anything in hipaa directly covering this. Usually tiny rabbit and I agree on stuff, and here we are on opposite sides, but it's completely okay. That is also so cool! And I loved amanda Louise's explanation, she is always so practical. No I think it's really intriguing. I think they know it's a huge hole and they were hoping nobody would notice. Pc uncovers hipaa security loophole, the next big security scandal! I hope you dont have to run off to Russia to hide!

Eta: was that positive? I meant it to be positive. I really enjoyed this thread. Esp the blase t. What a nerve! She could at least have explained. She probably didnt know herself.

It's not a violation. I went over this in VERY much detail with my therapist and this is what she told me. Phone is not a method of secure communication and ts run the risk if they use this method to keep in touch with clients. If they choose to use phone, the client can say whatever they want, and they are supposed to be informed that anything they say isn't necessarily confidential. It's what the t says back to the client that would be an ethical violation. Technically, if they address anything over phone that isn't about scheduling, its a breach of boundaries.

That last part simply is not true. My T conducts paid, full-length therapy sessions over the phone. I travel a lot for work and, if I'm travelling on therapy day, we have our session over the phone. I've also called her between sessions before and left voicemails for her. Whenever I leave a voicemail, her answering machine says: "You have reached the confidential voicemail box of T." Her voicemail is password protected and as secure as just about any other mode of communication. Honestly, it's probably more secure than talking in her office. If there is someone in the waiting room, there's a greater risk of that person overhearing our conversation than there is of a hacker getting into T's voicemail and caring enough to listen to her messages. In contrast, T's e-mail has a disclaimer at the bottom that says "e-mail is not a secure form of communication." Thus, I know there's a risk that my e-mail might not be confidential... but, again, that would involve someone maliciously hacking into her e-mail or T making an unlikely mistake like forwarding my e-mail to her whole contacts list. Those types of scenarios will probably never occur. They're completely different than having an unprotected voicemail that can be accessed by anyone with T's phone number.

I have had therapy sessions over the phone as well. It's still protected. However, what's on a voicemail may not be. I simply do not know.

What I do know is that when a client expresses some concern over a practice, then I do think the therapist should say *something* about it. Either "I can't change it" or *something*.

It may turn out that voicemail is an unusual case that isn't covered by HIPAA, I don't know, but some response, I think, should come from the therapist.

Sorry you feel that way. My impression was that people were reacting to the therapist, not you.

Personally, I think it's not just about whether it's technically a violation, but about the T's attitude. If they know they can put a passcode on, but they don't bother to, even though they know it's an issue? That suggests a lack of concern for clients.