Fallen Soldiers March®

Site Name

Fallen Soldiers March® 501 (c) (3) non-profit

Site Name

Fallen Soldiers March®

Tagline

A 501 (c) (3) Non-Profit Dedicated to
Providing Biblical Counseling,
Service Dogs, and Veteran Advocacy

Protecting and Fine Tuning Your Biblical Counseling Ministry

Protecting and Fine Tuning Your Biblical Counseling Ministry

by Dr. Bob Olender

Protecting and Fine Tuning Your Biblical Counseling Ministry

In early May 2020 I was contacted by Fallen Soldier’s March (FSM). They explained their ministry’s vision and how they were impacting the lives of veterans with the love of Christ. They said they needed a secure system to help them manage their counseling ministry.

Their situation was unique. They had dozens of biblical counselors who were trained, ready, and eager to help provide counsel, but they lacked a way of connecting the counselors and counselees. They needed a means of maintaining oversight of their expanding ministry and wanted to ensure that none of the veterans would fall through the cracks. All the counselors who had volunteered to help them were involved in their own ministry with their own internal processes. What was needed was a means of pulling all this together. BibliCare, the organization I founded and direct, was designed for churches, private practices, and counseling centers, but FSM was needing to take things to another level.

About a month after BibliCare partnered with FSM, I was asked to join the FSM advisory board to advise them and help them to establish new practices, processes, and systems for tracking various facets of the ministry. Since that time, nearly every day for the past six months, Julie Olender, our support coordinator, has personally talked with and worked to train every counselor in FSM’s counselor network in the use of BibliCare. During these conversations we’ve learned a lot about how they are providing care, what their challenges are, and what their best practices are, as well as some of the potential dangers we see facing their ministries—especially with respect to privacy, security, and emerging threats involving big tech and big brother.

The reality is that the world has changed. Information is being censored, platforms are restricting their use, and local governments are monitoring church activities. In many cases, what was considered unthinkable is now reality, and what one would think impossible now seems probable.

I was recently asked by FSM to submit an article addressing some of the concerns I see facing biblical counselors, specifically in their use of systems, and to provide some practical ways they can protect themselves and their counselees. This article endeavors to do just that.

COVID-19

The COVID-19 outbreak has caused all of us to change how we do ministry. We are now doing more things electronically than before—video conferencing, file sharing, email. Over the past few months, we have spoken with dozens of counselors who until recently have been accustomed to meeting in person with their clients and filling out their paperwork in the office. If you are a counselor, in many cases, you may have had to learn to adapt and improvise because your doors have been closed.

But some of these changes may have introduced your ministry to some vulnerabilities that you may need to be aware of. The purpose of this article is to inform you about some potential dangers and also to provide you with a set of best practices for securely conducting your ministry. Your goal should be to minimize any possibility of embarrassment or even litigation as a result of the accidental disclosure of your counselees’ confidential information.

While no two counseling ministries are the same, each counseling session involves common steps and processes that need to be evaluated to ensure that proper safeguards are in place to protect your clients’ confidentiality. These include the initial point of contact, the assignment of a counselor, the setting of appointments, the collection of information from the counselee, and the documentation of your session notes.

While the hacking of a datacenter will always make national headlines, the most common reason confidentiality is broken involves some form of human error, negligence, or ignorance. Therefore, it is critical to establish protocols for all forms of communication within your counseling process.

Protecting Your Counselee’s Identity in Your Communications

First, when communicating with your counselees, be sure to avoid scheduling appointments in such a way that reveals any personally identifiable information—such as with an online calendar or a shared church calendar where the client’s name can be revealed. One doctor was recently sued after he accidentally published appointments that included his patients’ names using an online scheduling website.

If you are scheduling appointments with other counselors on a shared calendar, verify that your counselors are not sharing their personal calendars with other people. This happens all the time— sharing calendars is a common practice for couples and families with busy schedules. If you are setting appointments by name on a shared calendar, keep in mind that these names may be appearing on somebody else’s cell phone.

Second, avoid the collection of PDIs, intake forms, homework assignments, and journal entries through the use of unsecured email accounts or websites. While your email account may be secure, your counselee may be using a free unsecured email account. Free email providers like Gmail, Outlook, and Yahoo have been known to scan the contents of emails and collect information to develop profiles. Likewise, if you email counselees at their place of business, keep in mind that company email is the property of the company and may be monitored. Also, avoid the use of family email accounts because these emails may be read by another family member.

Third, be careful when collecting or sharing files with your counselees by using a cloud-based file storing and sharing service—especially if others have access to your account. Keep in mind that some of these free services like Dropbox, Evernote, and Google Hangout may scan the contents of your documents for "marketing" purposes. For this reason, consider researching the terms and conditions and privacy statements of these providers prior to using them for counseling purposes.

There is also the danger of accidentally sharing a wrong link with a client. The last thing you want to do is accidentally share the wrong file with your client or share their information with the church.

Best Practices for Communicating with or about Your Client.

What are some best practices you can put into place regarding the confidentiality of your ministry’s communications?

First, your counseling ministry should develop its own written policies regarding what types of information can be communicated and in what format that communication should take place—think it through and be very specific. Larger counseling ministries should appoint a security and confidentiality champion who focuses on security standards and oversees how your staff handles counseling information.

Second, regardless of your counseling ministry’s size, you should develop an up-to-date training program to address how confidential information is communicated, transmitted, and stored. Be sure to document when this training has taken place and who attended. You’ll be glad you did in the event that you need to demonstrate that you took all the necessary precautions to protect your clients’ confidentiality and that you were not being negligent.

Finally, insist that all staff and volunteers comply with the standards of confidentiality established by the ministry in order to serve in a counselling capacity. It’s wonderful that you have people who want to volunteer, but they are of no help to you if they are putting your ministry at risk.

Defining and Securing Your Systems

In the broadest sense, your tools and systems can be classified as either primarily a paper or an electronic system (or for most of us, a combination of both). In a simple paper system, you handwrite your notes, put them in a folder, and lock them in a drawer. In an electronic system, you type or dictate your notes, save them to a file, and hopefully store them in a secure location. How you or others retrieve this information, how you access it, and how you interact with it are all components of your system. Each system (electronic or paper) has benefits, and each has its own risks.

The Pros and Cons of Paper Systems

For those of you who primarily use a paper system, there are many advantages. It is simple and easy to use—pen and paper are timeless classics. It can be easy to secure records in a locked filing cabinet and in a locked room. And there is no danger of hacking or data breaches—the theft of a file cabinet is very unlikely. Generally, this type of system is inexpensive to implement and considered secure by older counselors.

But there are a few drawbacks to paper systems. First, if you work with younger counselors, they will probably type or dictate notes and then print them out. This means that these records in reality may be stored in multiple locations—on their computer or device and also on paper in the filing cabinet. While you may have a secure filing cabinet, their devices may not be secure.

A second drawback is that you have no way of retrieving your records if you lose your notebook or you have a fire.

Finally, you must ask yourself what happens when you die. While you may have prayed the sinner’s prayer and have your eternal destiny covered, keep in mind that whoever is left behind will inherit your notes, which could make for very interesting reading. I recently spoke with a seventy-eight-year-old counselor who told me this was one of his greatest concerns—so be sure to have a plan.

Best Practices for Paper Systems

If you work in a shared office environment, designate a secure room with a dedicated printer. This can prevent you from accidentally printing from a network printer to another location. If your counselors want to take notes electronically, consider the use of dedicated computers or tablets that remain on the premises with no outside email or Internet access. In that way, there is no chance of hacking or any other form of electronic transfer. Likewise, if you haven’t done so already, purchase a file shredder to dispose of any handwritten notes that are later typed and printed out. Also, be sure to identify a list of authorized users who can retrieve and store files and a logbook to record any access to counselee files. Finally, when locking up, be sure the keys to your secure room and file cabinets are stored off the premises or in a secured lock box or safe.

Pros and Cons of Electronic Systems

There are many ways you can store counseling records electronically, and there are some practical benefits to using these types of systems. First, electronic systems can be convenient, simple, and easy to use. Second, these systems are very intuitive for younger counselors and counselees who grew up with electronics. Third, it is possible to secure and encrypt electronic records, and, depending on your system, you may be able to access your records from anywhere. As a result, there is little need to maintain paper copies. Also, the analysis of counseling trends is possible.

However, with all these benefits, there are some drawbacks. Most notably, some counselors are uneasy about having their counseling records stored electronically. The reality is that datacenters can be breached, computers can have viruses, passwords can be hacked, and laptops can be stolen. These concerns are legitimate; there is no such thing as a 100 percent full-proof system.

Second, depending on the complexity of the system, managing your own security can be expensive, and your organization may lack the skills to implement such a system.

Another often-overlooked problem may be the ability to access files offsite. While this can be convenient, it may violate your policy of maintaining all records on the premises.

Finally, if you are not careful about what services you are using, email and cloud document storage services may be scanned for meta data and your privacy rules violated.

Best Practices for Electronic Systems

If your ministry has multiple counselors, consider requiring that all users who access your systems from outside your network affirm they will connect only with devices utilizing up-to-date antivirus and anti-malware programs. This may also be something you wish to document on paper.

Second, ensure that the storage of any counseling records be maintained in an encrypted form on a secure server residing in a secure datacenter or network; do not just store them on one of your ministry’s network drives.

Similarly, if you are storing them on the premises or on your own computer, be sure backups of your counseling records are done daily and stored off site and in an encrypted form.

With regard to access, maintain logs of who is accessing the data and restrict access to confidential information to as few people as possible. Conduct background checks on users who are authorized to maintain secure files and networks.

In addition, you will want to establish a security policy for your system administrators and counselors to sign and keep records of any training events. Be sure to deactivate the accounts of former counselors to prevent their access. If data is stored on the premises, ensure that the servers are secured and in locked locations. If your church has a network, consider having it penetration tested.

Finally, consider purchasing a cyber insurance policy to protect your ministry against costs associated with data breaches and remediation.

Five Practices to Avoid

We speak with counselors every day who are doing the best they can with the resources and skills they have. There are five practices we routinely see that we advise against.

First, do not use homemade web pages for PDIs and intake forms that collect sensitive information and then email them to you or store them in an unencrypted format. This is a very common occurrence. Many of the platforms used to generate these tools are prone to known exploits. Over 90 percent of websites hacked in 2019 were using WordPress plugins.

Second, as much as possible, try to avoid sending and receiving emails from counselees that contain confidential information. When it comes to email, less is more.

Third, do not store counseling notes in your church’s accounting software unless it can be secured and its access restricted. Accounting software programs are not designed to manage counseling records, but people will often try to leverage these types of products for purposes they were never intended for.

Fourth—and this may seem obvious—do not allow the sharing or borrowing of passwords.

Finally, avoid using free services like Dropbox, OneDrive, Zoho, Facebook, and others to store confidential documents—with free, you get what you pay for. If you must use one of these, consider asking them to sign a HIPAA business agreement with you. But before you do that, consider the legal implications of that relationship.

The key thing to remember is that everything related to your counselees’ identity and records is a part of your overall system. In a perfect world, the best thing you can do is have a wholistic system that manages everything. There are several programs on the market today that address many of the security concerns we have addressed. But in most cases, these are HIPAA compliant ERH programs that were developed for secular therapists—not biblical counselors or churches. While they do have some secure note-taking capabilities, their main purpose is to provide a platform for coding invoices and billing insurance companies. And unfortunately, their pricing structures make them cost prohibitive for most ministries.

If you feel you need a secure system designed specifically for biblical counselors, you may want to try Biblicare. Or you may just need some advice on how you can better protect the systems you currently have. Either way, we’d love to talk with you and help in any way we can—please feel free to contact us at support@biblicare.net if you’d like to ask us any security-related questions.

Whatever system you choose to use—paper, electronic, or a program such as Biblicare—I encourage you to use some of the  many opportunities available to better protect your counseling ministry.

Dr. Bob Olender is also a member of the Fallen Solders March Advisory Board, learn more below:

FSM Advisory Board

. . . . .
 
If you are Veterans or a friend/family member of a Veteran and would like request our counseling, please use the link below:

Request Biblical Counseling

If you are a counselor and would like to join our network, please use the link below:

Join the FSM Biblical Counselor Network

If you like what you've read , sign up to receive quarterly newsletter articles and updates via email!

Email Newsletter Signup Form

This entry was posted on Tuesday, December 8th, 2020 at 9:53 am and is filed under Featured, Newsletter, Spotlight. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.



Comments are closed.



© 2020-2021 Fallen Soldiers March®. All Rights Reserved • Website Design by Visionary Design Group