Taking A Mental Health Day: The Importance of Self Care

Madalyn Parker is a software engineer for a company called Olark. She’s struggled with depression and anxiety and has been open about her experiences. Recently, she took a mental health day and tweeted her CEO’s response to her Out Of Office email, since it was so supportive.


The tweet went viral and has sparked a conversation about mental health in the workplace, company policies, whether you should just take vacation time, whether mental health is the same as physical health, etc. Unfortunately, many of the comments have been individuals sharing how they’ve not experienced the same level of support in their jobs or from their supervisors.

Mental health has long lagged behind physical health in terms of public understanding, medical coverage, and even treatment quality. As the economy is shifting to a more “knowledge-based” one, employers are increasingly realizing that it’s critical for employees to be mentally well in order to perform at their best. This means providing benefits such as counseling or employee assistance programs, access to gyms or yoga classes for stress relief, or simply being understanding when someone needs a few days off for self care. In addition to helping keep employees performing at their best, a positive work environment like this can help attract and retain top-quality employees.

Last year, a series of articles in Huffington Post covered different aspects of mental health in the workplace, and highlighted the fact that employers respond to employees’ disclosures of mental health struggles in a variety of ways. Some positive outcomes include the employer offering paid time off, temporarily or permanently adjusting the employee’s responsibilities, or simply opening lines of communication about the workplace environment. Unfortunately, there are also many possible negative outcomes, such as the supervisor tacitly supporting the employee while gradually preparing to terminate them. One person reported that their boss spread rumors about them. Increasing attention on the importance of mental well-being and awareness of the economic costs of absenteeism and lost productivity has shed further light on this issue and the need for employers to be supportive. Even if an employer can make an argument that they have an organization to run and/or can’t employ unproductive individuals, the fact is that we as a society will have a long-term benefit from companies being more inclusive and looking at individuals holistically, encouraging self care, and supporting healthy work-life balance, including employees’ mental health.

In addition to government regulation to mandate parity for mental health treatment or time off, employees will also benefit from prioritizing their own self care. Keeping close tabs on one’s health behaviors such as sleep, alcohol or caffeine intake, or stress levels can help. Individuals often forget that sometimes taking a little time off to, for example, attend a yoga class or therapist appointment, while it might cut into work time in the short-run, could ultimately mean better performance and presence at work in the long-run. Reducing burn-out and increasing employee motivation to perform can have immeasurable benefits to a company in the long run.

For more tips on how to manage work-related stress, check out a previous blog post here.

HIPAA Compliance for Mental Health Clinicians

Note: This blog post is not a substitute for legal advice. It’s just a blog post.

You’ve decided that you want to start using technology in your practice, whether it’s using an EHR, offering teletherapy, or even emailing with clients. Great! Your clients will thank you for it! But first, you need to be familiar with HIPAA, the Federal Law which establishes national standards for electronic health care transactions and identifiers for providers, health insurance plans, and employers.


What is a Business Associate Agreement (BAA)?

The BAA is an assurance from a service provider (business associate) that they will safeguard your clients’ data in the same ways you as a clinician (covered entity) are required to. It also clarifies and limits how service providers use and disclose protected health information (PHI). Finally, it highlights the appropriate safeguards necessary to prevent unauthorized use or disclosure of PHI. If a company will not sign a BAA with your organization or practice, then you should not trust them with your clients’ PHI.

Why do I need a BAA?

Because HIPAA says so. Every covered entity must have a written agreement with each of its business associates, or else it is not compliant with HIPAA regulations. Your “business associates” are all the various service providers who interact (“create, receive, maintain, or transmit”) with your clients’ data: email, video, records, texts, etc.

Yeah but what will really happen if I’m not compliant? I’m just a small practice.

It’s not worth the risk, and your organization’s size doesn’t matter. The federal government has the latitude to impose both civil monetary fines and criminal punishments upon individuals and organizations that violate HIPAA. Under the current omnibus HIPAA rules, each violation can incur a penalty of up to $50,000, with repeat violations of the same provision costing as much as $1.5 million per year. In the first seven months of 2016 alone, HHS recorded close to $15 million in HIPAA violation settlement payments.

I don’t have a BAA with Google and use Gmail. Is it enough to simply ask my clients to not email me sensitive information?

Probably not. Even a simple emailed appointment reminder can be considered ePHI. In order to be in compliance, you’ll want to use a provider with whom you can sign a BAA, such as by using G Suite (Google). It’s important to note that in the case of G Suite, your data will be encrypted on Google’s servers, but may not be fully encrypted while in transit. Given that, it’s advisable to document that your clients have provided informed consent to communicate via email.

There are services that are designed to provide fully-encrypted email solutions to providers. Some examples are Hushmail, or Protonmail. Remember you NEED A BAA between yourself and the company to be compliant! Simply signing up for a service from a provider who claims to be HIPAA compliant is not enough.

Can’t I just use FaceTime or Skype for teletherapy? My client says they’re OK with it.

No. Your service provider must sign a BAA with you to be compliant. To the best of my knowledge, Apple currently does not sign BAAs with FaceTime users. Microsoft (who owns Skype) will enter BAAs, but not for Skype. What about Google Hangouts? No. Google will sign BAAs for email (see above re: G Suite), but not for Hangouts. It’s not enough for your client to be OK with using one of these services, and therapists would be well-advised to remember that just because a client says they’re not worried about the privacy of their data today doesn’t mean they won’t sue you in the future.

Can I use something like SurveyMonkey or Google Forms to administer assessments?

Yes, if you sign a BAA with either SurveyMonkey or G Suite (Google) to do this. 

So do I have to sign a whole bunch of BAAs to be HIPAA compliant?!?

Yes, if you are using multiple different types of services. Alternatively you could opt for the simplicity of having a provider that offers a number of services in one platform. Pacifica offers HIPAA-compliant teletherapy, assessments, and access to a large library of CBT- and mindfulness- based therapeutic content. Learn more here.