Who Do You Want Listening In?

Personal Online privacy has become a major issue. You, the consumer of free Online services, have become the product companies sell to advertisers. The value comes from the enormous amount of personal data you provide. The European Union has responded with the strict GDRP rules enacted in 2018, but there have already been HIPAA and other regulations that outline steps health-care providers must take to protect clients.

Who Do You Want Listening In?

Imagine searching for office space for your private practice. You would never rent an office that allowed strangers to look in on sessions, and you would also stay away from a landlord that put cameras and microphones in your space. That sounds crazy, but every day many therapists are "virtually" doing the same thing by utilizing just any software for Online therapy.

Claims of "Secure" and "Private" Are Empty

Every software company claims security and privacy are important. For this reason, you must look deeper. If the service blatantly says that it is non HIPAA-compliant, there is NO reason to go further, even if your therapy company doesn't technically fall under HIPAA. If you can't find that language anywhere on their website, contact them to make sure.

In my sixteen years in IT and software development I have seen technology become more complicated. Despite that, many of us will read through the HIPAA rules which were written in the 90's and try to determine by ourself if a service is secure and private enough. We look for terms like "end-to-end encryption". Now, don't get me wrong, you should read the rules and look for these things, but there is more to consider.

Privacy & Security are Secondary among Free Software

How can companies like Apple (Face Time), Microsoft (Skype), and Zoom give us access to a service for free that costs them millions to create and maintain? Some of them take a loss on free offerings in order to lure you into paid options. Others collect and sell data about you and your behavior using their service. Many do a combination. Their security and privacy claims are important but that does not equate to the level of privacy you should be seeking for your clients.

How likely is your telehealth program to experience technical problems? Get Your Telehealth Tech Success Probability Score.

Even if video calls are private that does not mean the software company has made a commitment to keep meta data about the call private. Email addresses, phone numbers, addresses, names, and even IP addresses are sold every day to data aggregators. You won't find specific (understandable) guidelines about these practices in HIPAA, making it almost impossible for a non-tech person to know if Skype or any other software is going to sell meta data about their video calls

It's one thing to take risks with your personal information, and quite another to risk your client's privacy. Use software and services that will make a commitment in writing (BAA) to you that they will follow HIPAA and any other regulations.

HIPAA Protects More Than Hinders Providers

When my wife and I started our speech clinic we needed several Online software subscriptions and "HIPAA-compliant" seemed to be an obstacle. But I was looking at things the wrong way. The fact that software companies offer HIPAA-compliant options makes it much easier for health providers to ensure privacy for their clients.

"Before HIPAA was enacted in 1996, the Hippocratic Oath made some of the first mentions of patient privacy — in roughly 400 B.C."^Ref. In modern times, before HIPAA, every provider followed local law and the ethics rules of their discipline's association (e.g. ASHA). Technology changed everything allowing easy transmission of patient data, but also created major privacy issues. HIPAA isn't perfect, but it was a permissive force for providers because it gave legal guidelines they could follow, which would hold up in U.S. court.

Put Yourself in Your Client's Shoes

Data breaches, hacking, companies selling users' data; These are realities we all personally must deal with. Today, we put devices in our homes like Amazon's Alexa that are recording our conversations 24/7 ^Ref. Not every modern technology poses a risk, and certainty not all the time, but typically, we as consumers have to play catch-up after finding out an Online service we use was taking advantage of our trust all along.

As a provider of health or even academic services, you must store personal information about your clients. You are a steward of that data, much of which is sensitive. Put yourself in your client's or your client's parent's shoes. What attitude would you want your kid's therapist to take toward Online security and privacy?