Is Your Mental Health EHR Sabotaging Your Practice?

My EHR Was Stealing My Client’s Data and Soliciting Feedback!

While combing through the dense legalese of my EHR provider’s Terms of Service, I stumbled upon a troubling section about feedback. The language essentially gave them carte blanche to do whatever they wanted with any feedback they collected related to my practice. At first, this didn’t set off alarms, but then I connected the dots. 

My practice, Growing Self, has received multiple awards—things like “Best Online Marriage Counseling Platform” for various years. I’d received emails about these accolades, congratulating us and pointing to a page showcasing our achievements. 

It all seemed flattering until I noticed a peculiar claim: these reviews were based on feedback from a hundred current or former clients of my practice. That stopped me cold. How did they know who my clients were? How did they even contact them?

As I read deeper into the agreement, I realized the implications. It appeared my client data, which I trusted this system to keep private, had been shared or sold to third parties. These third parties then used this information to generate content—content that included paid advertisements for competing providers. 

Imagine the betrayal: the very platform I paid thousands of dollars to each year was potentially exploiting my data to drive traffic and dollars to other businesses. It was a sobering realization and one that made me question everything about their business model.

Here’s a photo from their site depicting the survey of 100 Growing Self clients:

How to Protect Your Practice

If this sounds like a nightmare, don’t worry. There’s hope. Here’s what I’ve learned through this painful but eye-opening experience:

1. Read the Fine Print: I know it’s tempting to skim and sign (been there!), but these agreements can hide all kinds of unpleasant surprises. Dedicate time to read every clause. Highlight anything that raises a red flag, no matter how small it seems.
2. Ask Tough Questions: When evaluating or renewing with an EHR provider, ask direct questions like:
   • How do you make money?
   • Are you selling or de-identifying my client data?
   • Are you placing ads on my website or marketing to my clients?

If they can’t or won’t give you clear answers, it’s a huge red flag.

3. Test the System: Sign up as a fake client and book an appointment. Pay close attention to any follow-up emails or communications. Check your website in incognito mode to see if hidden ads or pop-ups appear.
4. Consult an Attorney: If you’re unsure about the legal language, invest in a professional review. My attorney flagged issues I’d never even considered, saving me from potentially disastrous consequences.
5. Share What You Learn: Knowledge is power. The more we talk about these issues, the more we can hold providers accountable and protect our collective interests.

Finding a Better EHR

After months of research, discovery calls, and attorney consultations, I finally found an EHR with a non-shady Terms of Service agreement. Transitioning was painful (hello, data migration), but worth it. My practice is now safer, and I’m paying a third of what I used to.

The process of finding a new provider wasn’t easy. I kissed a lot of frogs and ran into other EHR systems with troubling security and privacy issues. But with persistence and the help of my team, we found a provider that aligned with our values. The hard work was worth it to protect my therapeutic code of ethics. If you’re considering making a change, take your time, ask questions, and don’t settle for less than full transparency.

Let’s Keep Your Practice Safe

Thank you so much for joining me on this episode. If you’re feeling ready to uncover even more of the hidden hazards of being a private practice therapist check out my free resource: 8 Scams Targeting Therapists. And I apologize in advance if some of this is triggering and/or troubling. But virtually all of these have happened to me personally, and other therapists I know, and the only way we can protect ourselves is by sharing information. So please check it out, and spread the word.

If you’re active on LinkedIn, let’s connect! I regularly share professional insights, industry updates, and practical tips to help therapists navigate the ever-changing mental health landscape. Plus, it’s a great way to network and share ideas. Find me at Dr. Lisa Marie Bobby. Don’t hesitate to send me a message—I’d love to hear from you!

Until next time, stay informed, stay protected, and keep growing. We’re in this together, and I’m here to support you every step of the way

Xoxo

Dr. Lisa Marie Bobby

P.S. Know a fellow therapist who could use this advice? Share this article with them. We’re all in this together, and knowledge is power. Let’s protect our practices and thrive as a community. ❤️

Resources:

Vanderhook, S., & Abraham, J. (2017). Unintended Consequences of EHR Systems: A Narrative Review. Proceedings of the International Symposium on Human Factors and Ergonomics in Health Care, 6(1), 218-225. https://doi.org/10.1177/2327857917061048

Van der Linden, H., Kalra, D., Hasman, A., & Talmon, J. (2009). Inter-organizational future proof EHR systems: A review of the security and privacy related issues. International journal of medical informatics, 78(3), 141-160. https://www.sciencedirect.com/science/article/pii/S1386505608001081

MULUKUNTLA, S. (2015). EHRs in Mental Health: Addressing the Unique Challenges of Digital Records in Behavioral Care. EPH-International Journal of Medical and Health Science, 1(2), 47-53.https://doi.org/10.53555/eijmhs.v1i2.216