How do we protect the privacy of individuals with disabilities when we provide vocational rehabilitation services remotely? This article from the American Psychological Association gives an overview of current record keeping and communication regulations and guidelines, looks at new threats to client data, discusses the ethical considerations service providers face, and advocates the foundation of best practices to prevent breaches of client data.
It’s worth a full read to fully understand how to implement their suggested best practices to reduce the risk of security breaches when providing remote services. Their suggested best practices include:
- Develop a threat model to assess risks to each client and the agency.
- Encrypt every client record and communication, if possible.
- Use HIPAA-compliant cloud providers that publicly document privacy policies, terms of service, and information-handling restrictions.
- Use two-factor authentication that requires service providers to first enter a password and then a six- to eight-digit “token” to log onto a site.
- When working with the most sensitive cases that need greater data protection, use an air-gapped computer separated from networked data and internet access.
- Modify informed consent to include the increased risk of confidentiality breaches and ways to reduce risk when using phone, text and/or email communication.