could be threatened and culpable for damages.”
“I am willing to spend an additional hour per week to
secure this individual’s client records on an external, air-gapped
In general, APA’s Ethics Code and the “Record Keeping
Guidelines” emphasize stronger protections. By asking these five
questions, practitioners can reduce accidental and/or targeted
attacks on client information.
Encrypt everything: If possible, every client record and
communication should be encrypted. When mobile devices
are used for client contact, it is important to consider the
phone’s encryption capabilities. Currently, iPhones, with a
good password, can be encrypted and protected from password
attacks for about 5. 5 years (Apple Inc., 2014b). It is also possible
for iPhones to encrypt iMessages (text messages between
iPhones), which would only be accessible between sender and
recipient. Older phones cannot generally encrypt messages.
The APA Practice Organization (2014) separated computer
encryption into three parts: (a) full-disk encryption, (b)
virtual-disk encryption and (c) file/folder encryption. Full-disk
encryption provides protection for an entire system, but once a
password is used, the entire file system is accessible. Virtual-disk
encryption is an encrypted container that acts like a digital flash
drive and is protected from access through encryption. These
containers require a password after logging into the computer.
The file/folder encryption option regards individual files. For
instance, a Microsoft Office Word file can be password protected.
By using all three of these methods, a stolen computer would
be protected at multiple levels and virtually inaccessible.
The chief technology officer of the Freedom of the Press
Foundation and technologist for The Intercept suggests disk
encryption, firewalls, strong passwords (never renew or use
the same) and cryptology to communicate when possible.
For example, Apple computers come with built-in full-disk encryption via FileVault. In addition, by using a strong,
8- to 10-character password with special symbols, varied
capitalization and avoidance of dictionary words, practitioners
can have an encrypted and well-protected computer.
Use HIPAA-compliant cloud providers: Any provider that
stores protected health information should publicly document
For instance, Google Apps uses various standardized
security certificates to ensure data safety and retention. Even if
practitioners choose to be responsible and HIPAA compliant,
files should still be encrypted. Devereaux and Gottlieb (2012)
recommend that if cloud providers encrypt data, this process
should meet the need for “reasonable conduct” and protection
This argument is predicated on trust. A cloud provider that
encrypts data but still has access to encryption keys would be
forced to decrypt this information if compelled by the federal
government. Likewise, if a private employee or contractor was
given the key, they could potentially decrypt data unlawfully.
Any cloud storage used should be backed up locally and
completely encrypted prior to upload. There are a variety of
encryption software packages available; one example, a cross-platform option, is TrueCrypt.
Use two-factor authentication: This authentication
method requires psychologists to first enter a password
and then a six- to eight-digit “token” to log onto a site. If a
password were lost or stolen, an attacker would still need
access to the token to log in. Without the token, a stolen
password would be of no use. Mobile devices can often
receive two-factor tokens via text message. Google, Dropbox
and Twitter are all examples of companies that offer such
Work with air-gapped computers: Psychologists who are
working with the most sensitive cases and clients may need
greater data protection. Similar to locked and local file cabinets,
an air-gapped computer is separated from networked data
and Internet access — Ethernet cables and Wi-Fi antennas are
disabled or removed. This would likely necessitate a practitioner
to purchase a separate computer that would stay permanently
disconnected from the Internet and only provide access to
files. To share files with another computer, the psychologist
would need to manually move them via USB-based external
drives, thus lessening the risk of data leaks. Using an air-gapped computer, however, does present a different risk: If
the computer’s hard drive fails, the data is not backed up on a
network, so data loss is more likely.
Modify informed consent: APA’s Ethics Code states that
informed consent should incorporate a method for securing,
protecting and handling data. As Devereaux and Gottlieb
(2012) suggest, it is important that an informed consent
document properly explain, justify and present accurate risks
of data storage and communication. If psychologists agree
with their clients that they may use phone, text and/or email
communication, the psychologist should inform the client
about the increased risk of confidentiality breaches and about
ways to reduce such leaks. In the interest of client privacy and
autonomy, it may be appropriate to suggest pen and paper if
worries about privacy concerns are present.
More than ever, practitioners are considering digital means
for client records and communication. But with technological
advances, there are greater threats to client confidentiality.