Health Insurance Portability Accounting Act

Documentation protocols must comply with federal privacy laws, specifically H1PAA, for clients seeking mental health services. The purpose of H1PAA is to protect an individual’s health information while permitting the exchange of needed health information, and encourage ‘’high quality health care and protect the public’s health and wellbeing” and “[strike] a balance that permits important uses of information, while protecting the privacy of people who seek care and healing” (U.S. Department of Health and Human Services, 2003, p. 1). Even though H1PAA promotes the sharing of health information, minimal disclosure is an explicit and central principle to be adhered to. The U.S. Department of Health and Human Services (n.d.) describes HIPAA in the following way:

The HIPAA Security Rule establishes national standards to protect individuals' electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.

(para. 1)

Family Education Rights and Privacy Act

For supervisors working with art therapy students, FERPA applies as well. FERPA is

a federal law that affords parents the right to have access to their children’s education records, the right to seek to have the records amended, and the right to have some control over the disclosure of personally identifiable information from the education records.

(U.S. Department of Education, n.d., para. 1)

Once an individual turns 18 years of age or enrolls in a postsecondary institution, the parents are no longer entitled to their child’s FERPA rights, as the rights transfer to the student. FERPA covers supervisees currently matriculated in a postsecondary institution and determines confidentiality of student records.


Regardless of the format, all client information, including artwork, reproductions of the artwork, case records, etc., must be secure. Secure storage can be locked filing cabinets, locked offices, and password-protected computers and websites. Supervisors must instruct supervisees in these practices and verify all security measures are adhered to.

Documentation is often done in a chart dedicated to the client. Charts can be a paper file or electronic. In hospitals and other locations where multiple services or people work with the same client, the chart may be accessed and read by multiple providers. Documentation of the art therapy session can take narrative form, or it can be more structured. In either case, the art therapist writes the significant points of what occurred in session.


If you have unlimited storage space, original artworks can be kept in locked cabinets or rooms, similar to how paper charts are stored. However, this is not the case for many art therapists, especially when working with three-dimensional materials, which take up significantly more space than works on paper that can be stored in flat files or portfolios. Furthermore, art therapists may work with individuals or groups to create an installation, an environmental or site-specific piece, or even a mural on an outdoor wall -none of these are possible to store in the traditional sense of the word. When art is created in a group setting, whether with supervisees or clients, ownership should be addressed (Deaver & Shiflett, 2011).

In the case where original artworks cannot be stored, the art therapist can photograph the artwork. Since digital photography is now widely available, artworks can easily be photographed, and then either printed to be put in a physical paper chart, stored electronically in the client’s electronic file, or otherwise stored in an encrypted manner. In the case of electronic art documentation, it is important to note the size and materials of the works created. Also consider photographing artworks from multiple angles and include detailed (i.e., close-up) shots to ensure that nuances such as materials, pressure, etc., are recorded.


Smart phones, laptop computers, USB flash drives, notebook computers, and digital cameras have adeptly transformed how we store and transfer protected client data. However, technology can complicate confidentiality - electronic case records must be carefully secured. Supervisors are tasked with guiding supervisees on best practices for maximizing confidentiality and minimizing risk. Encryption is one critical method that restricts the reading of a message solely to the sender and the intended recipient. Encryption protects the data from being viewed when inadvertent acts of disclosure, such as accidently sending a file to the wrong email address, or calculated threats such as robbery and theft, occur.

< Prev   CONTENTS   Source   Next >