Ethics Risk Management in Social Work: A Primer

Abstract

Contemporary social workers typically receive in-depth education on the subject of professional ethics. Common topics include social work values, challenging ethical dilemmas, and ethical decision-making. Much less common is comprehensive education on ethics-related risk management. Ethics risk management in social work includes steps practitioners can take to help protect clients and prevent lawsuits, licensing board complaints, and criminal charges associated with ethical decisions and misconduct. This article introduces the concept of risk management; provides an overview of key risk areas in social work; and presents practical protocols and strategies to protect clients and social workers.

Keywords

ethics/values ethical decision-making liability malpractice risk management

Relatively few social workers engage in egregious ethical misconduct, are named as defendants in lawsuits, or named as respondents in licensing board complaints (Barsky, 2019; Hartsell & Bernstein, 2013; Reamer, 2015). The vast majority of social workers practice ethically and competently, adhering to widely embraced standards of ethics and social work practice designed to protect clients.

Sadly, some social workers—a distinct minority—cross the proverbial ethics line, thus posing significant risk to clients and to their own careers (Hartsell & Bernstein, 2013; Reamer, 2015). These practitioners are much more likely to have lawsuits and licensing board complaints filed against them. Chase (2015) notes that in a sample of ethics complaints filed against social workers, more than seventy-five percent were found to have at least one element of the complaint determined to be valid. And even the most conscientious, principled, earnest, and ethical social workers run the risk that disgruntled clients or third parties will file complaints against them, even when no evidence of wrongdoing exists. Here are several examples of complaints and charges filed against social workers based on actual cases:

• An Illinois jury ordered a private, statewide agency that provided foster care and other social services to pay $45 million to the family of a toddler who authorities say was killed by his mother. The jury found that agency staffers, including social workers, should be held responsible for sending the boy back to his mother with no further oversight or follow-up (Reiland, 2018).

• The Massachusetts Attorney General’s Office reached a $25 million agreement with a large behavioral health agency that employed social workers to settle claims that the organization and staffers defrauded the state’s Medicaid program. The behavioral health agency was alleged to have submitted fraudulent claims to the state’s Medicaid program for mental health care services provided to clients by unlicensed, unqualified, and improperly supervised staff members (Linton, 2021).

• A social worker employed in a Michigan program serving individuals with trauma histories pled guilty to engaging in sexual relationships with multiple clients. The social worker was sentenced to serve up to 10 years in prison, surrendered his license, and was sued in civil court (Aisner, 2008).

• A Utah social worker surrendered his license and was imprisoned for having a sexual relationship with a teenage client. The social worker, who had been employed at a mental health center for seven years, admitted to having sex with his sixteen-year-old client (Romero, 2016).

• A 15-year-old girl who endured sexual abuse as a child in her California home at the hands of her mother and four men living with them was awarded $45.4 million in her lawsuit against Los Angeles County, which alleged social workers had reasonable suspicions the child was being molested but failed to inform authorities. The jury apportioned the county’s liability at 45 percent, or about $20.6 million. The jury delegated another 45 percent responsibility to the child’s mother and 10 percent collectively to the four male perpetrators (Abused girl who lived in El Monte, 2018).

Contemporary social workers typically receive in-depth education on the subject of professional ethics (Banks, 2020; Reamer, 2018). Common topics include social work values, challenging ethical dilemmas, and ethical decision-making. However, much less common is comprehensive education on ethics-related risk management (Congress et al., 2009). It is vitally important for social workers to be knowledgeable about the nature of risk management in social work and the practical steps that they can take to protect clients and prevent lawsuits, licensing board complaints, and, in extreme cases, criminal charges. The primary purpose of this article is to provide social workers with a primer on the subject of ethics risk management. The author draws on his extensive experience as an ethics consultant and expert witness in many court and licensing board cases in which social workers are named as defendants (lawsuits and criminal court cases) or respondents (licensing board cases) (Reamer, 2015).

Risk Management

Risk management is a broad term that refers to efforts to protect clients, practitioners, supervisors, and employers (Carroll, 2011; Kavaler & Alexander, 2014). Risk management primarily includes the prevention of lawsuits and licensing board complaints. Risk management also includes prevention of ethics complaints filed with national professional associations, such as the National Association of Social Workers (NASW). In a small percentage of cases, risk includes prevention of criminal charges filed against social workers.

Lawsuits allege professional malpractice; licensing board complaints allege violation of standards of practice set forth in licensing laws and regulations. Ethics complaints filed with professional associations, such as NASW allege violation of their respective codes of conduct.

Lawsuits can result in monetary judgments against practitioners; licensing board complaints can result in fines, public notice of findings, revocation or suspension of a professional license, probation, mandated supervision and continuing education, reprimand, or censure. Complaints filed against NASW members can result in various types of corrective action or sanctions. Corrective action can include training, supervision, consultation censure, restitution, or compensation, among other options. Sanctions can include a reprimand, public notice of findings, membership suspension, membership termination, and notification of licensing boards and malpractice insurers, among other options.

Professional malpractice is generally considered a form of negligence. Negligence applies to professionals who are required to perform in a manner consistent with the legal concept of the standard of care in the profession, which is generally defined as the way a reasonable and prudent professional should have acted under the same or similar circumstances (Hartsell & Bernstein, 2013). Malpractice in social work usually is the result of a practitioner’s active violation of a client’s rights (in legal terms, acts of commission, misfeasance, or malfeasance) or a practitioner’s failure to perform certain duties (known as acts of omission or nonfeasance).

Some malpractice claims in social work result from genuine mistakes, for example, practitioners’ inadvertent breaches of confidentiality (e.g., a social worker uploads a sensitive electronic file containing confidential information and sends it inadvertently to the wrong recipient, a social worker neglects to get a parent’s consent to the delivery of services to a minor client as required by law, or a social worker neglects to have a client sign a consent-to-treat document specifically designed for distance counseling). Other claims arise from social workers’ deliberate ethical decisions arising out of a conflict of professional duties (e.g., a social worker decides to divulge confidential information about a client to a law enforcement official, without the client’s consent, to protect a third party from harm, or seek psychiatric hospitalization of a vulnerable client who refuses to cooperate). A social worker’s unethical behavior or misconduct (such as sexual contact with a client, billing for services fraudulently, or abandoning a vulnerable client) can also trigger formal complaints and claims.

In general malpractice occurs when evidence exists that

At the time of the alleged malpractice, the social worker had a legal duty to the client (e.g., to protect client confidentiality).

The social worker was derelict in that duty, either through omission (the failure to perform a duty) or commission (e.g., disclosing confidential information without the client’s consent).

The client suffered some harm or injury as a result of the social worker’s actions or failure to act (e.g., the client was arrested as a result of the social worker’s disclosure of confidential information and suffered emotional harm in addition to loss of liberty).

The social worker’s dereliction of duty was the direct and proximate cause of the harm or injury (Hartsell & Bernstein, 2013).

In contrast, in making their decisions social work licensing boards need not require evidence that practitioners’ actions (commission) or inactions (omission) caused harm. Rather, in licensing board cases, social workers can be sanctioned based simply on evidence that their conduct violated standards contained in state licensing statutes and regulations, without any evidence of harm. Professional associations that process ethics complaints filed against members can be sanctioned based simply on evidence that their conduct violated standards in the association’s code of conduct or code of ethics (Reamer, 2015).

Key Concepts in Risk Management

Formal complaints filed against social workers that allege commission fall into two broad groups: alleged misfeasance and malfeasance. Misfeasance is ordinarily defined as the commission of a proper act in a wrongful or injurious manner or the improper performance of an act that might have been performed lawfully. Examples include social workers’ use of flawed informed consent procedures to provide telehealth services to clients or inadvertent disclosure of confidential information. Malfeasance is ordinarily defined as the commission of a wrongful or unlawful act. Examples include social workers’ sexual contact with a client, falsification of client records, and fraudulent billing.

Examples of acts of omission or nonfeasance include social workers’ failure to conduct a comprehensive biopsychosocial assessment, failure to prevent a client’s suicide, failure to supervise a client properly, failure to protect third parties from harm, failure to treat a client successfully or at all (sometimes known as failure to cure—poor results), failure to properly obtain a client’s consent for treatment, failure to refer a client for consultation for specialized treatment, and failure to terminate services properly.

Not all claims filed against social workers have merit. Some are frivolous or lack evidence of professional malpractice or misconduct. However, many claims do have merit. In the case of litigation, complaints may settle out of court or proceed to trial; statistically, most settle pretrial, although after what lawyers call discovery, during which each party learns about the evidence that the other party may present (Hartsell & Bernstein, 2013). Discovery typically includes formal interrogatories and depositions. Interrogatories include written questions posed by one party to the other; responses are provided under oath. An oral deposition is a witness’s sworn out-of-court testimony. It is used to gather information as part of the discovery process and, in some circumstances, may be used at trial.

Many licensing board complaints filed against social workers settle with consent orders or agreements; others proceed to a full hearing. Some complaints filed with professional associations are settled through mediation and some proceed to full hearings.

Lawsuits filed against social workers that allege malpractice are civil suits (in contrast to criminal proceedings). Ordinarily, civil suits are based on tort or contract law, with plaintiffs (the individuals bringing the suit) seeking some form of redress for injuries that they claim to have incurred. These injuries may be economic (e.g., a client’s lost wages or the cost involved in seeking psychiatric care), physical (e.g., resulting from a suicide attempt or a social worker’s sexual assault of a client), or emotional (e.g., a client’s depression or anxiety brought about by the inappropriate disclosure of confidential information). Although this allegation is much less common, a plaintiff may also allege denial of constitutional rights (e.g., clients hospitalized against their wishes may allege abridgement of their rights to liberty and due process or social workers who claim violation of their free speech rights in the workplace).

As in criminal trials, defendants in civil suits are presumed blameless until proved otherwise. In ordinary civil suits, the standard of proof required to find defendants liable for their actions is preponderance of the evidence. This is in contrast to the stricter standard of proof beyond a reasonable doubt used in criminal proceedings.

Most legal actions against social workers involve tort law, or law involving private or civil wrongs or injuries resulting from a breach of a legal duty (as opposed to contract or criminal law). Torts may be unintentional (negligent) or intentional. Unintentional torts concern allegations that the social worker’s performance fell below the standard of care for the profession. Intentional torts—such as defamation of character or assault and battery—do not require evidence of negligence.

Tort law entails rules allowing injured parties to seek compensation through the courts from those allegedly responsible for the harm. In principle, tort law performs three important functions in society. First, it deters behavior that causes injuries, in that it exacts a price for injuring another party. Second, tort law provides opportunity for retribution against those responsible for the injury. Finally, tort law provides a mechanism for compensating the injured party (Hartsell & Bernstein, 2013).

Most tort claims against social workers allege some form of malpractice (unintentional torts). The malpractice suit has its origins in early English common law. In fact, mention of physicians’ professional liability dates to the 13th century (Hogan, 1979). Since then, a number of landmark court cases have clarified the nature of malpractice. In a classic 18th-century case involving medical malpractice, for instance, the King’s Bench stated in Slater v. Baker and Stapleton (1767),

He who acts rashly acts ignorantly; and although the defendants in general may be as skillful in their respective professions as any two gentlemen in England, yet the Court cannot help saying that in this particular case they have acted ignorantly and unskillfully, contrary to the known rule and usage of surgeons. (Hogan, 1979, p. 8)

The first malpractice case on record in the United States was Cross v. Guthry in 1794. In this case, a physician was found liable in a negligence case related to surgery performed on a woman who later died (Hogan, 1979).

The Concept of Standard of Care

Determining whether a social worker was somehow derelict in the performance of her or his duty—a key element in negligence lawsuits—is complex. Here, questions ordinarily arise concerning the prevailing standard of care in social work. The standard of care requires the practitioner to do what a reasonable person of ordinary prudence would do in the practitioner’s place (Gifis, 2010; Michaud, 2014).

For many years, courts defined standard of care by comparing a practitioner’s actions with those of similarly trained professionals in the same community—what is generally known as the locality rule. The assumption here was that levels of expertise and training varied from community to community, as a function of local training programs and access to technology and treatment techniques. One practical consequence of the locality rule was that expert witnesses in a malpractice case usually came from the local community. Expert witnesses are social workers and other professionals retained by legal counsel whose specialized knowledge, skill, and experience may help a judge or jury make sense of the factual evidence of a case.

Over time, however, jurisdictions have generally overturned the locality rule, either by judicial decision or legislation. The rationale has been that changes in modern communication (especially the advent of the internet), transportation, and education have provided practitioners with much greater access to current and updated information about developments in their profession. Consequently, courts now typically permit out-of-state expert witnesses to testify in malpractice cases. That is, the standard of care tends to be based on national, rather than local, norms in a profession.

Some departures from the standard of care in social work are relatively easy to show. A social worker who engages in a sexual relationship with a client or bills a client for services that were not provided has clearly departed from the profession’s standard of care. A practitioner in a residential program for adolescents who fails to call protective services when a staffer has physically abused a child clearly departed from the standard of care.

Far more common, however, are those cases in which reasonable social workers may disagree about the appropriateness of the practitioner’s actions, that is, whether they in fact constituted a departure from the standard of care. Thoughtful, reasonable social workers may disagree, for example, about when it is appropriate for practitioners to share personal information about their lives with clients—allegedly for therapeutic purposes—or share confidential information disclosed by a minor client to the client’s parents without the client’s consent, allegedly for the client’s own good.

Furthermore, it is not hard to imagine that expert witnesses might disagree. Expert witnesses sometimes offer diametrically opposite views about a social worker’s actions in a particular case (Hartsell & Bernstein, 2013).

Courts recognize that professionals subscribe to various, sometimes competing, schools of thought. The idea that different schools of thought are permissible emerged in the 19th century, when physicians subscribed to different philosophies of practice, or schools, each with its own assumptions, principal concepts, and standards (Hogan, 1979). Rather than try to determine which school of thought is most appropriate, courts have generally acknowledged the legitimacy of different schools, so long as they are supported by at least a respectable minority of the profession. When it is difficult to determine whether a respectable minority of a profession endorses a particular school of thought, courts are likely to explore whether relevant standards of practice and ethical guidelines exist (e.g., those found in the NASW Code of Ethics and various sets of practice standards formally adopted by NASW).

This is a profoundly important observation, in that it suggests that reasonable minds may differ with regard to the most appropriate social work intervention or course of action. What matters is whether a social worker’s conclusion in particular circumstances was a reasonable decision in light of the relevant information available at that time, recognizing that some colleagues may have reached a different conclusion.

Two Views of the Standard of Care: Process and Outcome

Some malpractice cases in social work are relatively clear cut. A social worker in a substance use disorders treatment program who simply forgot to enter into the record that a client displayed evidence of suicidal ideation may clearly be liable if staffers on the next shift, unaware of the suicide risk, consequently failed to monitor the resident closely, and the client was injured seriously or died in an actual suicide attempt. Similarly, a social worker in independent (private) practice who neglects to discuss informed consent with a client, fails to have the client sign a consent-to-release form, and then discloses diagnostic information to the client’s employer without the client’s consent may be liable if the employer then fires the client. In these instances, malpractice and negligence may be relatively easy to establish.

In other cases, however, a judge or jury can find it quite difficult to determine what, exactly, constitutes the standard of care in social work with regard to a practitioner’s actual decision and actions. The same holds for licensing board cases, where board members may have difficulty reaching consensus about whether a social worker violated the board’s legal standards and code of conduct. Attorneys and expert witnesses often present strong arguments in conflicting directions. Attorneys sometimes refer to this as the battle of the experts.

What can happen, however—and this is a remarkably important point for social workers to grasp—is that debate about the standard of care may shift away from the practitioner’s actual decision and actions related to the substantive issue at hand or the outcome of the decision and toward the process and procedures that the practitioner followed to make the decision. That is, the line of questioning may focus instead on the steps that the practitioner took (or should have taken but did not take) to make a sound decision.

This so-called procedural standard of care—the steps a reasonable and prudent social worker should take to make a sound decision in complex circumstances that may lead reasonable practitioners to reach different conclusions—includes eight key elements:

Consult colleagues. Social workers who face difficult or complicated decisions should consult with colleagues who have specialized knowledge or expertise related to the issues at hand. Practitioners in independent (private) practice should participate in peer consultation groups. Social workers employed in settings that have ethics committees (committees that provide staff with a forum for consultation on difficult cases) should take advantage of this form of consultation when they face complicated ethical issues.

NASW members can consult with the national Office of Ethics and Professional Review or their local NASW chapter’s ethics resources. In some instances, social workers’ malpractice insurers may provide valuable consultation. Social workers who are sued or who have licensing board complaints filed against them can help demonstrate their competent decision-making skills by showing that they sought consultation.

Obtain appropriate supervision. Social workers who have access to a supervisor should take full advantage of this opportunity. Supervisors may be able to help practitioners navigate complicated ethics-related circumstances. And social workers who are sued can help demonstrate their competent decision-making skills by showing that they sought supervision.

Review relevant ethical standards. It is vitally important that social workers become familiar with and consult relevant codes of ethics and conduct, especially the NASW (2021) Code of Ethics and those embedded in their licensing laws. Contemporary codes provide extensive guidelines concerning ethical issues that often form the basis for malpractice claims and lawsuits, for example, confidentiality, informed consent, conflicts of interest, boundary issues and dual relationships, client records, defamation of character, termination of services, and use of technology to deliver services and communicate with clients. Social workers should thoroughly familiarize themselves with code of ethics updates.

Review relevant regulations, laws, and policies. Social workers who make difficult judgments that have legal implications should always consider relevant federal, state, and local regulations and laws. Many regulations and laws have direct relevance to social work ethics; prominent examples concern the confidentiality of substance use disorder treatment records, the confidentiality of students’ educational records (pertaining to school-based counseling), and the confidentiality of health care and mental health treatment records. In addition to state laws, key federal laws and regulations may be relevant to practitioners’ ethical decisions (such as the federal regulation Confidentiality of Substance Use Disorder Patient Records, the Health Insurance Portability and Accountability Act, better known as HIPAA, and the Family Educational Rights and Privacy Act, better known as FERPA).

Social workers employed in military settings must be cognizant of confidentiality provisions in the Military Rules of Evidence and Uniform Code of Military Justice, which include important provisions related to the limits of client confidentiality. Social workers employed by the U.S. Veterans Administration must be familiar with unique legal regulations pertaining to management of confidential information, especially pertaining to substance abuse and HIV.

Review-relevant practice standards. National professional associations—such as NASW—periodically adopt formal practice standards developed by task forces. Examples include national social work standards pertaining to the use of technology to serve clients, standards and indicators for cultural competence, treatment of adolescent clients, school-based services, military-based services, and supervision, among others. These prominent standards may be introduced as evidence in litigation and licensing board cases.

Review-relevant literature. Social workers should always keep current with their professional literature, especially prominent publications pertaining to their specialty areas and key ethics topics, such as management of professional boundaries and client confidentiality. When faced with challenging ethics decisions, practitioners should make every reasonable effort to consult pertinent literature to determine what authorities in the field say about the issues and whether they agree or disagree. Such consultation can provide useful guidance and also provides compelling evidence that a social worker made a conscientious attempt to comply with current standards in the field. This can be very helpful when defending a complaint. In addition, social workers can expect that opposing lawyers will conduct their own comprehensive review of relevant literature in an effort to locate authoritative publications that support their legal arguments. Lawyers often submit as evidence copies of publications that, in their opinion, buttress their legal case. Lawyers may use the authors of influential publications as expert witnesses.

Obtain legal consultation when necessary. Social workers often make decisions that have legal implications (although many ethical decisions do not require legal consultation, e.g., whether to accept a modest gift from a client or accept the client’s invitation to attend the client’s wedding). This is particularly true with respect to a number of ethical decisions where statutes, regulations, and court decisions may address complex legal issues related to confidentiality, privileged communication, informed consent, conflicts of interest, remote delivery of services, and termination of services. In addition, a social worker’s taking the time to obtain legal consultation provides additional evidence of having made conscientious, diligent efforts to handle the situation professionally. Consultation with skilled lawyers familiar with behavioral health care law and risk management, as opposed to lawyers who are general practitioners or who specialize in other areas of the law, can be extraordinarily helpful.

Document decision-making steps. Careful and thorough documentation enhances the quality of social work services provided to clients. Comprehensive records are necessary to assess clients’ circumstances; plan and deliver services appropriately; facilitate supervision; provide proper accountability to clients, other service providers, funding agencies, insurers, utilization review staff, and the courts; evaluate services provided; and ensure continuity in the delivery of future services. Thorough documentation also helps to ensure quality care if a client’s primary social worker becomes unavailable because of illness, incapacitation, vacation, employment termination, or death; colleagues who provide coverage will have the benefit of up-to-date information.

In addition thorough documentation can help protect social workers who are named in ethics complaints and lawsuits. For example, documentation can provide evidence that a practitioner obtained consultation, consulted relevant codes of ethics and ethical standards, referred a high-risk client for specialized services, obtained a client’s informed consent for release of confidential information, or competently managed complex boundary issues or a client’s suicide risk.

Social Work Ethics Audits

Conducting a comprehensive ethics-based risk management audit can identify potential ethics risks and lead to effective preventive measures (Reamer, 2001). The primary purpose of an ethics audit is to provide social workers with a practical way to: identify pertinent ethical issues in their practice settings; review and assess the adequacy of their current practices; design a practical strategy to modify current practices as needed; and monitor the implementation of this quality assurance strategy.

A comprehensive ethics audit includes a number of steps:

In agency settings, a staff member should assume the role of chair of the ethics audit committee. Members should be appointed to the committee based on their demonstrated interest in the agency’s ethics-related policies, practices, and procedures. Ideally, the chair would have obtained formal education or training related to professional ethics. Independent practitioners may want to consult with knowledgeable colleagues or a peer consultation group.

The audit committee should identify specific ethics-related issues on which to focus. In some settings, the committee may decide to conduct a comprehensive ethics audit. In other agencies, the committee may focus on specific ethical issues that are especially important in those settings.

The ethics audit committee should decide what kind of information it will need to conduct the audit. Data may be gathered from documents (e.g., informed consent forms, confidentiality guidelines, client rights statements, technology use guidelines) and interviews conducted with agency staff that address specific ethical issues. The committee should also review-relevant codes of ethics and federal and state statutes and regulations.

Once the necessary data are gathered and reviewed, the audit committee should assess the risk level associated with each issue. Each issue should be assessed with respect to relevant agency policies and the procedures staffers follow. Policies may be codified in formal agency documents or memoranda. Procedures entail social workers’ and other staffers’ actual handling of ethical issues in their relationships with clients, colleagues, and third parties. Each topic can be assessed as no risk, minimal risk, moderate risk, or high risk based on specified criteria.

Once an ethics audit has been completed, social workers need to take steps to make use of its findings. Social workers should develop an action plan for each risk area that warrants attention, beginning with high-risk issues, then moving on to moderate- and minimal-risk issues. The action plans should spell out specific measures that need to be taken to address the identified problem areas. Examples include updating confidentiality policies to reflect current laws and code of ethics standards, revising informed consent procedures and forms related to remote delivery of services, and developing dual-relationship and social media guidelines. In today’s digital environment, it is critically important for social workers to have a comprehensive social media policy that informs clients about how they conduct themselves online, especially related to interactions with clients on social networking websites and electronic messaging platforms.

The committee should identify which staff will be responsible for the various tasks and establish a timetable for completion of each and a mechanism to follow up on each task to ensure its completion and monitor its implementation.

The committee should document the complete audit process to demonstrate its good-faith effort to assess ethics-related policies and procedures. This documentation may be helpful in the event that someone raises questions about the adequacy of the agency’s ethics-related practices.

Conducting a Privacy Security Risk Assessment

Federal law now requires many human services agencies to conduct more narrowly focused security risk assessments. The Security Management Process standard in the HIPAA Security Rule requires organizations to “[i]mplement policies and procedures to prevent, detect, contain, and correct security violations” (45 C.F.R. §164.308(a)(1)).

Conducting a security risk analysis is consistent with standard 1.07 (m) in the NASW Code of Ethics, which was added in 2017 to address complex technology-related issues that have emerged in recent years:

Social workers should take reasonable steps to protect the confidentiality of electronic communications, including information prov-ided to clients or third parties. Social workers should use applicable safeguards (such as encryption, firewalls, and passwords) when using electronic communications such as e-mail, online posts, online chat sessions, mobile communication, and text messages.

Furthermore, conducting a privacy risk analysis is also consistent with provisions in Standards for Technology in Social Work Practice (NASW, et al., 2017), which was jointly adopted by NASW, Association of Social Work Boards, Council on Social Work Education, and Clinical Social Work Association.

A number of best practices have emerged in recent years that social workers can use as a guide to conducting a security risk assessment, some of which were developed by the National Institute of Standards and Technology (NIST). Experts advise that organizations and practitioners that undertake a security risk assessment ask several key questions, including

• Have you identified the electronic-protected health information (e-PHI) within your organization? This includes e-PHI that you create, receive, maintain, or transmit.

• What are the external sources of e-PHI? For example, do vendors or consultants create, receive, maintain, or transmit e-PHI?

• What are the human, natural, and environmental threats to information systems that contain e-PHI?

Social work organizations can use the results of their security risk assessment to design appropriate personnel screening processes, identify what data to back up and how, decide whether and how to use encryption, address what data must be authenticated in particular situations to protect data integrity, and determine the appropriate manner of protecting health information transmissions.

According to NIST, risks to be aware of include unauthorized (malicious or accidental) disclosure, modification, or destruction of e-PHI; unintentional errors and omissions; disruptions to information technology due to natural or human-made disasters; and failure to exercise due care and diligence in the implementation and operation of the agency’s information technology system.

Ideally, a comprehensive security risk assessment focuses on two key issues: vulnerability and threat. According to NIST, vulnerability is a flaw or weakness in system security procedures, design, implementation, or internal controls that could be exercised (accidentally triggered or intentionally exploited) and result in a security breach or a violation of the system’s security policy. Vulnerabilities may be grouped into two general categories: nontechnical and technical. Nontechnical vulnerabilities may include ineffective or nonexistent policies, procedures, standards, or guidelines to protect e-PHI. Technical vulnerabilities may include holes, flaws, or weaknesses in the development of information systems or incorrectly implemented and/or configured information systems.

NIST further states that e-PHI threats entail the potential for a person or some external entity to exercise (accidentally trigger or intentionally exploit) a specific vulnerability. Threats may be grouped into general categories, such as natural (e.g., floods, tornadoes), human (e.g., computer network attacks, malicious software upload), and environmental (e.g., power failures).

The federal Office for Civil Rights, which is responsible for issuing annual guidance on the provisions in the HIPAA Security Rule, suggests that a comprehensive risk assessment should examine the potential risks and vulnerabilities to the confidentiality, availability, and integrity of all e-PHI that an organization creates, receives, maintains, and transmits (Herold & Beaver, 2021). This includes e-PHI in all forms of electronic media that exist in typical health and human service agencies, such as hard drives, CDs, DVDs, smart cards, flash drives, and other storage devices. It also pertains to personal digital assistants, transmission media, and portable electronic media including a single workstation as well as complex networks connected between multiple locations. Therefore, a social service or human service organization’s risk analysis should consider all of its e-PHI, regardless of the particular electronic medium in which it is created, received, maintained, or transmitted or the source or location of its e-PHI.

Implications for Practice

Fortunately, liability claims and lawsuits filed against social workers are relatively rare. Nonetheless, professionals must have a keen understanding of legal concepts related to malpractice, negligence, and liability. Statistically, licensing board complaints filed against practitioners are more common, although most practitioners will complete their careers without being named in one (Hartsell & Bernstein, 2013; Reamer, 2015).

Social workers can take a number of steps to help prevent lawsuits and licensing board complaints. Comprehensive ethics-related risk includes becoming familiar with the concepts of malpractice, negligence, liability, and standard of care. Furthermore, when faced with ethics risk and decisions, social workers should take steps to consult with colleagues; obtain competent supervision; review-relevant ethics standards, regulations, statutes, and policies; review-relevant literature; obtain legal consultation, when warranted; and document one’s decision-making steps. Conducting a comprehensive privacy risk assessment and ethics-based risk management audit can identify potential ethics risks and lead to effective preventive measures.

As a practical step, it is critically important for social workers to obtain comprehensive liability insurance that offers legal defense coverage and indemnifies practitioners against liability (Hartsell & Bernstein, 2013; Reamer, 2015). Policies are available that cover individual practitioners, employing agencies, corporations, students, and educational programs. These liability policies typically contain options with regard to the amount of coverage (e.g., the amount of coverage for each wrongful act, or series of related wrongful acts, and the amount of aggregate coverage during a given policy period, such as a year), coverage during extended reporting periods (i.e., coverage for claims filed against a practitioner after the end of the policy period), and coverage of employees (as in a private group practice).

A typical policy is known as a claims-made policy, which means that the coverage is limited to liability for only those claims that are first made against the policy holder and reported to the company during the period the policy is in force. Social workers who also want to be insured for claims made after terminating the policy need to pay an additional premium for extended reporting period protection unless it is included in the policy; this is known as “tail coverage.”

Some insurers also offer what is known as “nose coverage” (also known as prior acts coverage). A basic claims-made policy will only cover claims associated with services that were provided while the policy is in effect. Nose coverage is a supplement to an expiring claims-made malpractice insurance policy that may be purchased from a new insurance carrier when a social worker changes carriers and had claims-made coverage with a previous carrier. Nose coverage will provide protection under the new policy if claims are reported in the future for treatment dates going back to the previous policy’s inception date.

Social workers also have the option to purchase so-called occurrence coverage. An occurrence policy has lifetime coverage for the incidents that occur during a policy period, regardless of when the claim is reported. A claims-made policy typically is less expensive initially than an occurrence policy; the premium usually matures over a number of years (e.g., 5 years).

With dramatic increases in social workers’ use of digital and other technology to provide services to clients remotely, communicate with clients, and store sensitive information electronically, it is important to have what is known as cyber-liability coverage. This policy provides coverage in the event of a data breach on a social worker’s computer, smartphone, or in electronic client records. A data breach or security incident occurs when confidential client data, such as electronic records or personal financial data, are taken, copied, transmitted, viewed, stolen, or used by any individual unauthorized to handle the information. Even if social workers use a third-party company, such as a warehouse, a mover, or data storage provider, practitioners can be held responsible for data breaches caused by them.

Professional liability policies typically contain certain exclusions. Many policies exclude coverage for any dishonest, criminal, fraudulent, or malicious act or omission; fee disputes; a variety of wrongful acts of a managerial or administrative nature; any claim arising from any business relationship or venture with a former or current client; and a number of other specific activities enumerated in the policy. In addition, most policies contain a special provision regarding coverage for sexual misconduct. Under this policy, the insurance company places a ceiling on the amount that it will pay for damages arising from actual or alleged sexual misconduct.

Even social workers employed in settings that provide group liability coverage should seriously consider obtaining their own individual coverage. When a liability claim names both the social worker and the worker’s employer, the employer could argue that the practitioner, and not the employing agency, was negligent. This can create a conflict of interest. Individual coverage would thus protect social workers who find themselves at odds with their employers in relation to a liability claim, particularly if the employer is not willing to retain separate legal counsel for the practitioner.

Also, individual policies typically include a provision that will cover legal expenses if a social worker retains an attorney to assist in responding to a complaint filed with a state licensing board. An employer’s policy may not provide coverage for this critically important legal representation. Social workers who respond to licensing board complaints on their own, without skilled legal advice, do so at their own peril.

Furthermore, individual coverage protects individual social workers if claims against their employer’s insurance policy exceed that policy’s limits (e.g., if a case involving client suicide leads to a US$5.75 million settlement or judgment against an employer’s insurance policy that has a US$3 million limit). Finally, individual coverage offers protection to social workers who leave their employment setting before a lawsuit is filed that alleges the practitioner was negligent during the time of employment.

The risk that social workers will be named as a defendant in a lawsuit or a respondent in a licensing board complaint is a reality of professional practice. Comprehensive risk-management steps—including becoming familiar with the concepts of malpractice, negligence, liability, and standard of care and obtaining comprehensive malpractice insurance—greatly enhance the likelihood that social workers will simultaneously protect their clients and themselves. In the final analysis, cultivating good social work habits, consistent with the profession’s core values and standards, is the most effective preventive measure.

Footnotes

Disposition editor: Cristina Mogro-Wilson

Declaration of Conflicting Interests

The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding

The author(s) received no financial support for the research, authorship, and/or publication of this article.

ORCID iD

Frederic G. Reamer

References

Abused girl who lived in El Monte wins $45.4 million in lawsuit that blamed LA County social workers. (2018). https://www.sgvtribune.com/2018/07/26/abused-girl-who-lived-in-el-monte-wins-45-4-million-in-lawsuit-that-blamed-la-county-social-workers/

Aisner

(2008, January 29). Ex-therapist faces prison for assaulting patients. Ann Arbor News. https://www.mlive.com/annarbornews/2008/01/extherapist_faces_prison_for_a.html

Banks

(2020). Ethics and values in social work (5th ed.). Bloomsbury Academic.

Barsky

(2019). Ethics and values in social work: An integrated approach for a comprehensive curriculum (2nd ed.). Oxford University Press.

Carroll

(Ed.) (2011). Risk management handbook for healthcare organizations. John F. Wiley & Sons.

Chase

(2015). Professional ethics: Complex issues for the social work profession. Journal of Human Behavior in the Social Environment, 25, 766–773.

Congress

Black

Strom-Gottfried

(2009). Teaching social work values and ethics: A curriculum resource. Council on Social Work Education.

Gifis

(2010). Law dictionary (6th ed.). Barron’s.

Hartsell

Bernstein

(2013). The portable lawyer for mental health professionals: An A-Z guide to protecting your clients, your practice, and yourself (3rd ed.). John Wiley & Sons.

10.

Herold

Beaver

(2021). The practical guide to HIPAA privacy and security compliance (2nd ed.). Taylor & Francis.

11.

Hogan

(1979). The regulation of psychotherapists: Volume I—A study in the philosophy and practice of professional regulation. Ballinger.

12.

Kavaler

Alexander

(2014). Risk management in healthcare institutions: Limiting liability and enhancing care. Jones & Bartlett.

13.

Linton

(2021, October 14). AG reaches $25 million settlement of fraud claims against mental health company with Attleboro clinic. The Sun Chronicle. https://www.thesunchronicle.com/news/local_news/ag-reaches-25m-settlement-of-fraud-claims-against-mental-health-company-with-attleboro-clinic/article_f57c9440-b793-5478-b315-ff2bc46869ef.html

14.

Michaud

(2014). Tort law: Concepts and applications (2nd ed.). Pearson.

15.

National Association of Social Workers. (2021). NASW code of ethics. Author.

16.

National Association of Social Workers, Association of Social Work Boards, Council on Social Work Education, & Clinical Social Work Association. (2017). Standards for technology in social work practice. National Association of Social Workers.

17.

Reamer

(2001). The social work ethics audit: A risk management tool. NASW Press.

18.

Reamer

(2015). Risk management in social work: Preventing professional malpractice, liability, and disciplinary action. Columbia University Press.

19.

Reamer

(2018). Ethical standards in social work: A review of the NASW code of ethics (3rd ed.). NASW Press.

20.

Reiland

(2018, March 28). $45 million verdict for child beating death. Chicago Daily Law Bulletin. https://www.chicagolawbulletin.com/archives/2018/03/28/45m-verdict-fatal-child-abuse-3-28-18

21.

Romero

(2016, April 25). Ex-social worker sentence to prison for sex with teen client. https://www.ksl.com/article/39502030/ex-social-worker-sentenced-to-prison-for-sex-with-teen-client