Click here to read part two in this series.

Many of us in private practice have expressed the desire for a paperless office, although this dream has become a possibility only in recent years. Completing all of our work via a laptop or tablet is a panacea that saves time, hassle and, usually, money. One of the major pieces of the paperless office puzzle is the cloud-based practice management system.

Most counselors know that a practice management system handles features such as scheduling, notes, billing and claims filing. Until recently, these packages required “traditional” software, installed on a computer or server. But an explosion of cloud-based solutions has since taken place. In this two-part series, I will provide an overview of these solutions, as well as considerations when evaluating them for use in private practice.

Cloud computing

Cloud computing is the delivery of software or storage over the Internet to a group of end users. Facebook, Dropbox and QuickBooks Online are well-known cloud solutions. These solutions exist on a server and are accessible via any device that can connect to the Internet. A more specific term for practice management solutions delivered via the cloud is “Software as a Solution” (SaaS).

With traditional software, there is typically a significant up-front cost that involves the purchase of both the software and the hardware (computer/server) to run it. Then there is the absorption of the cost of maintenance and support. Typically, these software solutions are accessible only via a local network, and additional users or upgrades to the software normally increase that cost.

With cloud-based solutions, the software is already installed on an Internet server owned by someone else (the vendor). These solutions require only an Internet connection and a web browser for access. This approach allows entry and viewing of data from multiple offices and multiple devices. Typically, little up-front cost is involved; instead, there is a monthly fee.

Although the long-term costs of a cloud solution eventually can approach the costs of a traditional software solution, a couple of factors mitigate this. Costs associated with a cloud solution cover not only maintenance and storage but also ongoing development that includes new features and upgrades.

Now is a great time to find a cloud-based practice management system. Dozens of companies are developing solutions and competing for business. Because this is a new and developing technology, many of these companies are open to user feedback and are developing their systems rapidly. With this new trend, expect regular updates and new features.


One of the first considerations when evaluating a cloud-based system is security. Mental health care professionals are well aware of the importance of complying with the Health Insurance Portability and Accountability Act (HIPAA). The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 clarified rules regarding electronic communication and storage of protected health information (PHI). At this writing, when it comes to software, two core components must be in place for HIPAA compliance:

  • The software and vendor policies and practices must adhere to HIPAA regulations.
  • The clinician and software vendor must enter into a business associate agreement.

The first step is easy and somewhat meaningless. Most vendors marketing this kind of software will report that they are HIPAA compliant. To truly seal the deal, they should be willing to enter into a business associate agreement. This contract is a legal document that clearly states how the vendor is in compliance with HIPAA and what steps it is responsible for taking to ensure continued compliance.

HITECH added new provisions requiring that all electronic PHI be encrypted to be considered secure. The question of whether PHI is secure becomes relevant when considering the new Breach Notification Rule. According to the HITECH Act, a breach is defined as “an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information such that the use or disclosure poses a significant risk of financial, reputational or other harm to the affected individual.”

Should such a breach occur, the covered entity is required to notify all individuals affected by the breach and report the breach to the U.S. Department of Health and Human Services. Further, if the breach affects 500 or more individuals, or if current contact data for 10 or more of those individuals are not accurate, the media must also be alerted. If the covered entity is using qualified encryption techniques, however, it is possible to bypass the Breach Notification Rule. It is important to note that the HITECH law defines very specific qualified encryption techniques, and most of the affordable solutions available do not utilize these techniques. For that reason, it is important that plans for handling a potential breach are addressed within the business associate agreement as well as in a practice’s HIPAA privacy statement.

With electronic applications, HIPAA is complex. Consult with a qualified attorney regarding the implications of using any electronic system for storage and transmission of PHI.


Notes are an integral part of the work of counselors. Maintaining good clinical notes allows a provider to recall information more readily, focus on targeted goals, track progress and fulfill insurance company requirements. Other notes kept may include psychotherapy/process notes, contact notes, appointment cancellation notes, termination notes, assessments and more.

In software solutions, notes are typically attached to a client record, sortable and accessible with a click or two. Compared with locating a specific note in a file folder in a locked filing cabinet, the time savings are obvious. With cloud-based systems, the ability to access these notes from any Internet device is invaluable.

There are many features to consider when evaluating an electronic note-taking solution. In many cases, what must be included in a note is driven by insurance company requirements. There is often some discretion in how notes meet these requirements. However, a well-organized, full-featured notation system makes it easier not to miss anything.

It is important to also consider two key pieces of HIPAA when evaluating a software solution for notes. First, HIPAA specifically requires that psychotherapy or process notes be kept separately from the medical record. Most systems implement this by keeping clinical and process notes in separate fields and by not including the process notes in any printing of the clinical record. To be extra safe, consider not entering process notes into the software at all.

The second facet of HIPAA to consider concerns security. Electronic records containing PHI must be protected from improper alteration or destruction. This means the system must possess safeguards ensuring an unauthorized party cannot make changes or destroy the electronic record. In addition, for the record to be legally admissible, it must be locked and signed in a way that can be authenticated. This means the solution must provide an audit trail noting who signed the note.

HIPAA doesn’t specify how this must take place in an electronic record, so solutions are addressing this requirement in different ways. Consulting with an experienced HIPAA expert or attorney to ensure compliance is recommended.

Among additional features to look for and evaluate regarding notes:

  • Types of notes: These include intake, contact, appointment cancellation, discharge and assessment/evaluation notes.
  • Integrated treatment plans: A good system allows for creation of a treatment plan that is integrated into notes and documentation.
  • Prepopulation: Some systems will allow information to be pulled from previous notes and other client data into a new note.
  • Multiaxial diagnosis: This feature allows users to quickly enter diagnostic codes by using an auto-complete, search or pull-down menu system.
  • Clinical note styles: Some systems allow for multiple note styles, including SOAP (subjective, objective, assessment and plan) and narrative. A select few even allow creation of custom templates.
  • Required fields: It is important to note which fields must be filled out prior to saving. This can be very helpful in ensuring compliance with insurance and agency requirements.
  • Attachments: Having completed a written activity with a client, it is helpful to be able to upload a copy or scan of the activity to the client’s note.


Regarding clients, practitioners need to at least track names and contact information. If filing claims, other data points such as insurance ID, date of birth and referring doctor’s National Provider Identifier number become important. Practitioners who accept insurance may benefit from additional functionality such as the ability to track copays, deductibles and the number of approved sessions remaining. Any client information tracked beyond that point is a personal or business preference.

Different solutions may store specific client data in separate parts of their systems. For example, one solution might track the medications a client is taking directly in the client record. Other solutions require entering such information into an intake note. When evaluating a cloud-based solution, it is important to consider what data to track as well as how it should be organized.

Some additional features to look for and evaluate regarding clients:

  • Contacts: Counselors will need to track contact information for the client and for at least one emergency contact for the client. Ideally, practice management systems should be able to track alternative phone numbers and email addresses, and indicate if a client allows messages to be left at each contact point. The ability to add several related contacts for the client can be important, especially when working with children and/or blended families.
  • Integration: Providers should be able to quickly access data related to a client. Within a click or two, or even directly on the client page, a user should be able to view an individual client’s appointments, notes, insurance claims and billing.
  • Insurance tracking: Counselors who accept insurance need to be able to track information required to file a claim, including insurance identification
  • numbers, preauthorization codes and referring doctors.
  • Billing information: It is important to be able to quickly access a client’s fee and balance owed.
  • Attachments: In the quest to go paperless, the ability to upload intake forms, assessments and copies or images of insurance cards is essential.
  • Forms: Some solutions offer web-based forms that the counselor and/or client can complete. A select few solutions even allow creation of custom forms and incorporate electronic signatures, eliminating the need for paper forms altogether.
  • Custom fields: This feature allows the naming of fields and the tracking of information that doesn’t come standard with the product.
  • Search/reports: Being able to search and run reports on multiple criteria (name, date of birth, referral source, insurance company and so on) allows for more efficient use of the database.


Unless a counselor is gifted with perfect memory, a tool for keeping track of appointments is necessary. An appointment book still offers two distinct advantages over a traditional software solution: 1) counselors can retain possession of it at all times (portability) and 2) they do not need to be at the computer with calendar software running (access). The combination of cloud computing and mobile technology offers these same conveniences via laptop, tablet or smartphone — and throws in data backup to boot. Now, opening an appointment book can be as easy as powering on a mobile device.

As is the case with notes, appointment scheduling is a core feature of all cloud-based practice management systems on the market. A scheduling module should allow users to create appointments that include a date, time and client name or initials. Most systems link client data to appointments, allow creation of other types of appointments (meetings, lunches and so on) and display appointments both in daily and weekly formats. Other features are less universal, such as the ability to create recurring appointments, send appointment reminders to clients and give clients the ability to see their appointment schedules online.

Some additional features to look for and evaluate regarding scheduling:

  • Flexible views: This includes daily, weekly and monthly views of the calendar.
  • Client integration: It is important to be able to set an appointment with one click while viewing the client’s data screen. Similarly, it is nice to be able to access client data from his or her appointment on the calendar.
  • Additional integration: It saves time when appointments are also integrated with billing and electronic claims modules.
  • Recurring appointments: In counseling, recurring appointments are the norm, making the ability to create appointments that automatically repeat on a daily, weekly, biweekly or monthly basis especially valuable.
  • Customize availability: This feature allows counselors to enter the hours they are available for appointments, which cuts down on scheduling errors.
  • Client reminders: Appointment reminders decrease no-show and cancellation rates. Having a system that automatically sends these reminders via email, text and/or phone is a boon.
  • Track cancellations: The ability to track missed and canceled sessions is important.
  • Exportable: Exporting appointments to another calendar (typically in iCal format) allows users to integrate with their personal calendars, for example. Be sure to consider the privacy concerns that follow, however.
  • Privacy: Some systems provide preference settings for how to display client information on the calendar: full name, partial name or initials.
  • Client accessible: Some systems allow clients to log in and view their upcoming appointments.

In the second half of this two-part series, I will cover billing, electronic claim filing, client portal and miscellaneous features, and list the current products on the market.

This article and the article to follow in March are distilled from a 12-part series that the author originally published at

HIPAA and mental health professionals

Most counselors are well-acquainted with the Health Insurance Portability and Accountability Act (HIPAA) regulations regarding privacy. Many professionals, however, have only a basic knowledge of the security facets of HIPAA. With the recent release of the HIPAA Final Rule, it has become even more important that counselors are aware of their responsibilities when it comes to security electronic PHI (protected health information). In an upcoming article for his new Counseling Today column, Rob Reinhardt will be exploring where counselors are now, where they need to be and how they can get there. Please help him tackle the first part of his article by completing a brief survey about mental health professionals and HIPAA at

Rob Reinhardt, a licensed professional counselor and ACA member, is a private practice and business consultant. Before becoming a professional counselor, he worked as a software developer and director of information technology. Contact him at

Letters to the editor:



Comments are closed.