Risk Assessment Tools for Working Online

As therapists we are very used to assessing our clients as part of our clinical work. We are less used to the idea of business risks and practical risks, two equally important dimensions of risk for the private practitioner to consider. The online private practitioner will need to consider the business, practical and clinical risks that arise within their own practice, before beginning clinical work, as well as continuing to review each of these risk factors on a continuous basis. It is this ongoing review that keeps our practice healthy.

What do we mean by practical risks? These sit between business and clinical risks and might often have a “wing” in one or both of these. For example, have you ever considered whether someone can see your screen from outside a window? Have you established a social media policy? Where do you store your passwords – if you have any? How do you ensure that any mail you send goes only to your client and cannot under any circumstance be intercepted by a family member or friend or work colleague? Does your family have access to your computer?

What do we mean by business risks? This could include any aspect of a business nature, for example ensuring that any staff are fully trained to understand confidentiality; or it might be ensuring that you have a business associate agreement with your suppliers (computer maintenance company, accountant, just as examples).

What do we mean by clinical risks? This is an area that we will have been trained in as part of our professional training. For the online practitioner it involves not only doing assessment at the outset, but continuing assessment throughout.

If you have any doubt about any area of these three risk areas, then we’d suggest the following possible actions:

FIRST Read  the “PWT INFORMATION SHEET Confidentiality, Security and Jurisdiction”  (May 2015) (see link below to download the PDF)

SECONDLY select one or more of the risk assessment tools below and complete it. It’s most important that you make a note of anything that concerns you. We’d suggest ranking each of the risks as LOW, MEDIUM or HIGH risk. Once you’ve worked out the risk level for each topic then start working to reduce your risks, first of all, tackling the high risk areas.

These tools are long and comprehensive, not necessarily written with a counsellor or psychotherapist in mind, and some of the language is quite “business focussed”, but that doesn’t mean that the items involved are any less important. We’d suggest taking a section as a time and mastering that section before moving onto the next section. It may be “work in progress” for a while, but should you ever have a complaint against you involving a breach of confidentiality or security, you will be able to demonstrate is that you are, on a continuing basis, improving the security and confidentiality of your private practice.

Whilst you are doing this risk assessment, if you feel at any stage out of your depth at all, then we’d advise you to take one or all of the following actions:

  1. Speak to your supervisor who ideally will be qualified as an online supervisor and ask them to complete this risk assessment with you as part of your supervision.
  2. Speak to your insurer, they are there to give you advice.
  3. Speak to your professional membership organisation.
  4. Ask PWT to mentor you through the process.

If you aren’t sure why you might need to do this risk assessment you might wish to read the “PWT INFORMATION SHEET Confidentiality, Security and Jurisdiction” (May 2015)

Adobe Acrobat document [934.3 KB]

We include three risk management tools here. Choose the one that seems to work the best for you. They are in PDF format, but if you would like the Excel or Word format we’re very happy to send these to you. That way you can word directly in the file and there’s no need to print anything.

We are using cookies on our website

Please confirm, if you accept our tracking cookies. You can also decline the tracking, so you can continue to visit our website without any data sent to third party services.