#DueDiligence

Ten years after Steve jobs introduced the world to iPhone, security is as bigger concern than ever

It has been ten years now since Steve Jobs first introduced the iPhone to the world in January 2007. Literally billions of smartphones have been sold since then, ushering in new – and often ironic – ideas about what it means to be connected. This dramatic rise in technology brings new realities with which we must contend. Suddenly, in the therapy room, we are processing what it means for a client to communicate with their partner via text message. Clients often see no issue with wanting to be our friend on Facebook. In contrast, our ethics remain firm about the protection of our clients regardless of how we interact with them. It can be overwhelming, but we often are forced to hold convenience and duty in a delicate balance.

As counselors, we have a duty to protect a client’s confidentiality and to disclose any circumstances when that might not be completely possible. With this in mind, let’s imagine a scenario. A college student wishes to begin therapy. So, she goes to her local coffee shop, opens her laptop, and finds your website. After reading your bio, she decides to make an appointment and fills out the online contact form. Later that day, between sessions, you open your email and send her a quick reply to schedule an intake. After she begins therapy, she asks if she can communicate with you about her appointments via text. You explain that you’d feel more comfortable using email since it requires a password.

Did you spot the risks? For many therapists, this might seem like a pretty typical – and safe – interaction. Unfortunately, there are several ways that the client’s personal information may have been in danger. Does the coffee shop have an open or secured Wi-Fi? Do you know if your own website encrypts information that users submit? If not, then it is possible for your client’s information to be intercepted. How did you receive the email? If it came to your laptop, is your hard drive encrypted to protect the data in case the computer is stolen? Maybe you received it on your phone. Do you have a strong passcode? Do you allow you children to play with your phone while you’re at home? Then there is the decision to use email rather than text messaging for communication. From a security standpoint, services like Apple’s iMessage allow significantly more secure communication than email which is fundamentally insecure even with the strongest of passwords.

And with all of this, what are our responsibilities as therapists, tasked with ensuring the security and confidentiality of our communication, and providing information to those we serve about the limits of the technology we use? There are many possible solutions and no single correct answer; truly, this is an ethical dilemma. However, I wonder if our interaction with the legal system provides a model from which we can learn. Few of us are experts in the law and best practice when faced with legal questions is to consult a lawyer; we would never assume our interpretation of the law to be sufficient. We consult attorneys often and are more than comfortable with that process.

Our relationship to technology is very similar. There are dozens of scenarios like the one above that require careful and deliberate thought. Refraining from technology, for most of us, is not a viable option; becoming experts in technology is equally as unlikely. However, using technology responsibly is often beneficial for our clients as well as for our practice. As we continue to explore the use of these helpful tools, doing our due diligence may include finding a trusted digital expert to consult with us, to audit the mechanisms that we use to collect and share information, and to help us understand the tools that we use every day.

Finding these individuals can be difficult. There isn’t a single hub to from which to choose the digital consultant that best fits with our personality. You might begin by searching online for “network security consultants” or “small business security consultants” in your area. You might also look to contact local Information Technology professionals who work in the health care field. Finally, requesting referrals from peers and colleagues might lead you to someone who has experience working with practices similar to yours.

This conversation can feel overwhelming. It helps to realize that these new problems require new versions of solutions we have been implementing for years. To keep phone conversations private, we ensure we are out of earshot of others. To protect our conversation in our therapy room, we might place a white-noise machine outside our door. In much the same way, there are precautions that we can put in place to ensure that our digital conversations remain confidential as well.

This article first was first published in the February 2017 newsletter for the North Carolina Association for Marriage and Family Therapy.