2010 Student Ethics Essay Award - 1st Place
The False Security of Technology and Its Impact on Protecting Client Confidentiality
By Keith Hosokawa
Northwestern University
Evanston, Illinois
NSSLHA Chapter Advisor: Tracy Cafferty
Imagine for a minute being an adult with lisp. For this adult, lisp was a source of torment and ridicule throughout his school days. He endured frequent teasing from his peers and was called derogatory names as a result of his lisp. As a teenager, this man was diagnosed with a major depressive disorder stemming from issues with his lisp. He was prescribed anti-depressants by a psychiatrist, which he still takes to this day.
Now imagine this man finally deciding to seek the help of a speech-language pathologist. He finds a SLP who is reputed to be one of the most skilled in the field. After a thorough evaluation process, this man is elated to find out that his lisp can be treated. The SLP assures him that she will do everything she can to help him. At the front door of the clinic, she also assures the man that all of his health information will be secured and protected according to the ASHA Code of Ethics. The man sees her as being sincere and trustworthy. They shake hands and go their separate ways. As the new client walks away, he turns back around and notices something disconcerting. He sees the SLP walking away with his identified evaluation forms held loosely in her hands. As the SLP walks past a group of strangers, the sheets of paper containing information on the man's psychiatric history flutter in the wind. In one moment, he no longer sees the SLP as being trustworthy or skilled. He now sees her as being just plain careless and irresponsible.
Finally, replay that scenario but this time substitute the sheets of paper that are fluttering in the wind with a laptop. In this scenario, the SLP has typed out the identified evaluation report, which still contains the same medical history information, and has it saved on the hard drive of her laptop. She does not worry about breaking ASHA standards, for the information is saved on her laptop, which she has snuggly placed in a "secure" tote bag with a zipper. Later that night at a coffee shop, her laptop is stolen, and unfortunately for her, she never deleted the identified evaluation forms off her hard drive. Now, a stranger has access to the man's medical history information. The above scenario begs the question if any client would be assured with potentially confidential information being carried around to coffee shops. But more importantly, the above scenario is a commentary on the carelessness and false sense of security that technology has brought to protecting confidential information.
Newer technology has no doubt enhanced the ease and efficiency of information exchange. If someone has a question about therapy ideas, he or she can send a message in a Gmail chat and receive a list of activity ideas in less than a minute. But that same ease can also lull people into a false sense of security. Laptops are stolen all the time, USB flash drives are small and can easily be dropped, and the wireless networks that people use often are never 100% secure. At my school, most students use a wireless network that incorporates WPA2 encryption security. This security is purported to be highly protective from hackers, but doing a quick Google search of "How to hack a WPA2 wireless network" will yield results and even YouTube videos of people trying and being successful in doing so. Thus, even within the walls of my school's clinic, where students may be typing out identified progress reports while reading emails on the internet, there still lurks the danger of hackers accessing confidential information. The chances of that happening may be low, but even a 1% chance still warrants concerns on how careful we are being.
Carefulness is another aspect of client confidentiality that technology compromises. That SLP who Gmail chats or text messages his friend about therapy ideas may be only using the client's initials in identifying the client. But, if he is doing so in a public place like a café where people are constantly walking past him, he is showing disregard for confidentiality. By definition, confidentiality ensures that information can only be accessed by those who have the authority to do so. If a client walked into that same café and saw his therapist typing in his initials and the specifics of his case type on a chat, that client would probably feel his health information was not being protected competently. In a sense, even if the therapist never directly types in the client's name, the therapist is still leaving supposedly secure information open to anyone who walks by and glances at the therapist's computer screen.
Ultimately, is the therapist who carelessly carried around the client's evaluation forms in the first scenario really any different from a therapist who carries around the same sort of information on a laptop? The SLP who carries around a hard copy of sensitive client information in public would surely be reprimanded, but what of the SLP who carries around client information on a laptop? People think that the moment they turn off their laptops or stow them away, that the information is safe. Yet, that confidential information is still one theft away from being accessed by someone who should not have it.
To assure that our field maintains the integrity that is outlined in the ASHA Code of Ethics, stricter regulations regarding the use of technology in practice need to be implemented. If a client does not believe a clinician is being careful with his or her clinical information, then the trust that lends credibility to our field will be broken. Clients have a right to feel that their welfare is in the hands of someone competent enough to protect their privacy and personal information with the utmost care.