2010 Student Ethics Essay Award – 2nd Place
Safety in Numbers: Technology's Impact on Privacy, Confidentiality, and Security
By Amelia S. Rachal
Louisiana State University Health Sciences Center
NSSLHA Chapter Advisor: Merrie Pendergrass
For years, our mothers have told us that there is safety in numbers; that by being part of a larger number, one is less likely to become the victim of mishap. In fact, many animals travel in groups to lessen the risk of detriment but more recently, this phenomenon in nature has generalized to a much different context. Many people take comfort in the use of electronic data, trusting that the ones and zeros on which they rely are working to keep them safe. However, research shows, and people are increasingly becoming aware of the potential dangers that technology brings to confidentiality, privacy, and security. According to Erickson and Howard (2007), approximately "1.9 billion records were reported compromised by government agencies, firms, hospitals, universities, and the military" between 1980 and 2006, with a quite substantial increase in 2000 (p. 8).
Over the past 20 years, technology has increasingly affected all facets of the modern professional. From most professional communication being done through email to major professional journals moving away from printed formats to being exclusively online, the use of technology in the professional setting has become a major part of everyday life. Because nearly all information is stored electronically, we are becoming increasingly more reliant upon technology to competently perform in a professional environment. The use of technology has increased the speed of communication, therefore increasing the capacity of information that can be easily exchanged. Although this increased ease in exchange of information is a great advantage to working professionals like speech-language pathologists, it also has great potential for violation of some of the Codes of Ethics set forth by the American Speech-Language Hearing Association (ASHA).
According to Yasnoff (2008), privacy is "the right of individuals to hold information about themselves in secret, free from the knowledge of others" (p. 3). "Electronic personal records [...] could include individuals' personal credit histories, banking information such as credit card numbers or account numbers, medical records, social security numbers, and grades earned at school" (Erickson & Howard, 2007, p. 7). The increased use of technology and data exchange has greatly increased the risk of violating this right. If clients choose to share personal information with clinicians, they have the right to keep this information private or to choose with whom the clinician can share it. Once the clinician has obtained private information about a client, it is the responsibility of the clinician to keep it confidential.
Confidentiality is "the assurance that information about identifiable persons, the release of which would constitute an invasion of privacy for any individual, will not be disclosed without consent except as allowed by law" (Yasnoff, 2008, p. 4). Principle I rule N of the Code of Ethics states that "individuals shall not reveal, without authorization, any professional or personal information about identified persons served professionally or identified participants involved in research and scholarly activities unless doing so is to protect the welfare of the person or the community or is otherwise required by law" (ASHA, 2010, p. 3). Many records may become compromised as a result of organizational mismanagements (lost USB flash drives, backed-up files, or laptops) and poor record-keeping practices. To avoid this, printed documents should be shredded, files saved to computers and/or flash drives should be saved securely using password-protection, and up-to-date computer virus and firewall software should be installed on all computers.
Because much of the information stored electronically is confidential, most facilities take great measures to protect it. Security is "the mechanisms by which confidentiality policies are implemented in computer systems, including provisions for access control, integrity and availability" (Yasnoff, 2008, p. 5). Principle I Rule M of the Code of Ethics states that "individuals shall adequately maintain appropriately secure records of professional services rendered, research and scholarly activities conducted, and products dispensed, and they shall allow access to these records only when authorized or when required by law" (ASHA, 2010, p. 3). According to Yasnoff (2008), electronically securing files requires the use of authentication, encryption, and firewalls. Authentication means verifying the identity of a user logging onto a network. The most common way authentication is acquired is through the use of passwords. Encryption is the process of converting information into a format that is not readable to those without access. Firewalls block unauthorized access to a computer or network and permit authorized communications. With these security measures, SLPs can reduce the risk of exposing electronic files.
Technology has also increased the accessibility of treatment. The Code of Ethics, principle I rule L, states that "individuals may practice by telecommunication (e.g., telehealth/e-health), where not prohibited by law" (ASHA, 2010, p. 3). In this case, SLPs can use technology to give access to those living in rural areas that may not have been provided ease of access. However, because technology is ever changing, it is important that SLPs maintain a level of competence and provide the best care available to the client. As principle II rule B of the Code of Ethics states, "individuals shall engage in only those aspects of the professions that are within the scope of their professional practice and competence, considering their level of education, training, and experience" (ASHA, 2010, p. 4). If one is not competent in current or new practices that technological advances have provided, it is his or her duty to seek "lifelong learning to maintain and enhance professional competence and performance" (p. 4).
Technology has added both innovation and ease to the field of speech language pathology but with this ease has come the risk of exposing delicate information that by the code of ethics, we are bound to keep private, confidential, and secure. Our mothers may have told us that there is safety in numbers, but where technology is concerned, there is a jungle of ones and zeros where the safety is left up to those bound to protect it. If we all take the necessary precautions to protect the privacy of our clients, then and only then can our clients begin to feel safety in numbers.
America Speech-Language-Hearing Association. (2010). Code of ethics. Retrieved on 16 March 2010, from http://www.asha.org/policy.
Erickson, K., & Howard, P. (2007). A case of mistaken identify? News accounts of hacker, consumer, and organizational responsibility for compromised digital records. Journal of Computer-Mediated Communication, 12(4), 1–17. Retrieved on 22 February 2010, from http://jcmc.indiana.edu/vol12/issue4/erickson.html.
Yasnoff, W. A. (2008). Confidentiality, privacy, and security. Informatics training for CDC public health advisors, p. 1–37. Retrieved on 23 February 2010, from http://faculty.washington.edu/ocarroll/infrmatc/database/confiden.