Running head: GOVERNMENTAL SURVEILLANCE CLIENT PRIVACY 1

Size: px
Start display at page:

Download "Running head: GOVERNMENTAL SURVEILLANCE CLIENT PRIVACY 1"

Transcription

1 Running head: GOVERNMENTAL SURVEILLANCE CLIENT PRIVACY 1 Governmental surveillance threatens client privacy Samuel D. Lustgarten The University of Iowa Author Note Samuel D. Lustgarten, Counseling Psychology, Department of Psychological and Quantitative Foundations, The University of Iowa. Corresponding Author: Samuel D. Lustgarten, Counseling Psychology, Department of Psychological and Quantitative Foundations, The University of Iowa, 361 Lindquist Center, Iowa City, Iowa, , USA.

2 GOVERNMENTAL SURVEILLANCE CLIENT PRIVACY 2 Lee. Acknowledgements: Dr. Elizabeth Altmaier, Dr. Stewart Ehly, Daniel Elchert, and Micah

3 GOVERNMENTAL SURVEILLANCE CLIENT PRIVACY 3 Governmental surveillance threatens client privacy Over the last two decades, the field of psychology has appreciated from technological progress. Practitioners are using text messaging (Norcross, Pfund, & Prochaska, 2013) and (Shapiro & Schulman, 1996) for extended client care. Colbow (2013) found that psychologists and helpers are showing growing interest in telemental health therapy (remote therapy), which necessitate teleconferencing programs (i.e., Skype or Google Hangouts). Each program and technology has consequences for client privacy and confidentiality. To manage risk associated with maintaining digital records and communication with clients, the American Psychological Association (APA) issued two documents: the Ethical Principles of Psychologists and Code of Conduct (2010; hereafter referred to as, Ethics Code ) and Record Keeping Guidelines (2007). These documents place responsibility for confidential record management with psychologists. Unfortunately, the ability for psychologists to maintain privacy and confidentiality in the twenty-first century is threatened. The evolution of technology combined with governmental surveillance and policy has led to vulnerabilities in digital maintenance of client records. This article reviews the current governmental threats to privacy and provides 5 best practices for securing information. The NSA, Cloud Storage, and Electronic Communications Various national agencies conduct surveillance in the service of state interests. Relevant to the current article is the National Security Agency (NSA; 2011), which is primarily tasked

4 GOVERNMENTAL SURVEILLANCE CLIENT PRIVACY 4 with collecting signals intelligence (from foreign sources). Until recently, it was believed that domestic surveillance was considered unlawful. In June 2013, Glenn Greenwald took possession of top-secret documents from governmental whistleblower, Edward Snowden (Greenwald, 2014). The articles, known as The NSA Files, catalogued covert surveillance operations that extended into the U.S. (Greenwald, 2013). With the help of Snowden and other journalists, Greenwald (2013) first published evidence that the NSA was demanding and receiving records of millions of Verizon customers daily. One program MUSCULAR allowed NSA analysts to access cloud storage networks of companies such as Google and Yahoo (Gellman & Soltani, 2013). This enabled the NSA to download and retrieve private information of U.S. citizens using cloud-based services (i.e., Gmail, Google Drive, and Yahoo Mail). It is possible the NSA could have retrieved private health information (PHI), notes, and work logs. If a provider and client ed back and forth, the NSA could have accessed this information. These policies hinder psychologists ability to uphold the APA Ethics Code (2010), which states, Psychologists have a primary obligation and take reasonable precautions to protect confidential information obtained through or stores in any medium. Top-secret programs are only one type of governmental threat to privacy. The Stored Communications Act of 1986 (18 U.S. Code 2703) allows the federal government to access cloud-based when left on servers over 180 days. When the Act was signed, the popular method for was to download messages to local computers removing it from servers. Now, people tend to archive messages, rather than downloading or deleting (Google, 2014). With

5 GOVERNMENTAL SURVEILLANCE CLIENT PRIVACY 5 corporations providing high-capacity cloud services, communications with clients that are saved, archived, and/or left on servers are vulnerable to government data requests. Governmental surveillance and access to communications is easier at public institutions. Anyone can make Freedom of Information Act requests (FOIA; 5 U.S. Code 552), and ask for the s of faculty and staff. For instance, while communications between practitioners and clients is considered privileged information, s between other practitioners and in indirect support of clients may not be protected (University of Iowa, 2013). Lastly, mental health providers have a duty to explain to clients about requests for confidential information (ethics code citation). The Federal Bureau of Investigation (FBI) may have the authority to issue National Security Letters (NSLs) to request client records (18 U.S. Code 2709). NSLs may necessitate that the recipient not notify persons involved, thus limiting the ability for practitioners to share about investigations affecting clients. Best Practices for Client Confidentiality The APA Ethics Code (2010) suggests that failure to maintain confidentiality and related ethical standards may result in legal consequences (Benefield, Ashkanazi, & Rozensky, 2006; Glosoff, Herlihy, Herlihy, & Spence, 1997). While the APA (2007; 2010) provides standards and guidelines for the use of data, best practices are absent. Despite the aforementioned threats to client privacy and confidentiality, there are methods to manage risk of unintended disclosures. The following section outlines 5 best practices for maintaining client confidentiality. 1. Create a threat model Practitioners should anticipate security threats. While challenging to predict every concern, practitioners can develop threat models (Barrows & Clayton, 1996; Lee, 2013).

6 GOVERNMENTAL SURVEILLANCE CLIENT PRIVACY 6 Threat models consider client populations (i.e., low, moderate, and high risk). By grouping clients into different risk categories, practitioners can create greater protections when necessary (i.e., LGBT-identified clients, dissidents, politicians, and celebrities). Practitioners threat models should be inversely related to risk: high-risk populations met with lower-tech mediums. 2. Encrypt everything Practitioners should research encryption software to protect welfare. The APA Practice Organization (2014) catalogued three different types of options for client records: full-disk, virtual-disk, and file encryption. Full-disk encryption provides protection for the entire file system, and prevents organizations from files. If providers are interested in backing up and storing client records on HIPAA-compliant cloud-storage servers, files should be encrypted prior to uploading via virtual-disk encryption. Micah Lee (personal communication, September 28, 2014), technologist for The Intercept, provided four suggestions: disk encryption, firewalls, strong passwords (unique per account), and cryptology in communication (i.e., encrypted text messages). 3. Turn on two-factor authentication Cloud-based websites usually require usernames and passwords. Government agencies need additional information to circumvent this process. One method of further account security is two-factor authentication. This feature utilizes time-based tokens that change every 30 seconds. When activated, two-factor authentication is required after correctly providing username and password credentials. If a password were stolen, the encrypted token would still be necessary. 4. Buy an air-gapped computer

7 GOVERNMENTAL SURVEILLANCE CLIENT PRIVACY 7 The Electronic Frontier Foundation (EFF; 2014) suggests that with more sensitive information, an air-gapped computer should be used. Air-gapped computers have all Internet capabilities disabled or forcibly removed. The NSA (2010) recommends that Mac users have an Apple-certified technician remove wireless cards. For high-risk clients, notes and information would be maintained, but need to be moved via external device (i.e., USB flash drive). 5. Modify informed consent process The APA Ethics Code (2010) asks that informed consent be given at the outset of treatment. If client and practitioners express an interest in digital technologies to enhance treatment, informed consent should properly explain, justify, and present risks to communication methods (Devereaux & Gottlieb, 2012). If clients express concern during informed consent, and in the interest of autonomy and privacy, practitioners should consider more basic methods (i.e., pen and paper). Conclusion Clients (Rubanowitz, 1987; VandeCreek, Miars, & Herzog, 1987) and psychologists have agreed that confidentiality is imperative for provision of care (Donner, VandeCreek, Gonsiorek, & Fisher, 2008; Fisher, 2008; Glosoff et al., 1997). Additionally, the U.S. Supreme Court reasserted psychotherapeutic privilege for client confidentiality in the 1996 case, Jaffee v. Redmond. Despite this historical precedence, government policies have threatened privacy. Each technological innovation provides greater flexibility and accessibility for care. Unfortunately, as Baker and Bufka (2011) suggest, psychologists are engaging with technologies that have legal and ethical ramifications for clients, research participants, and third-party providers. While the APA has created guidelines and standards for interacting with technology,

8 GOVERNMENTAL SURVEILLANCE CLIENT PRIVACY 8 there are risks to certain communication and storage mediums, especially when using cloudbased providers. Now more than ever, practitioners should be circumspect to new technologies related to the communication and storage of client data. By adopting the best practices listed within this article, practitioners will be taking a stand for client and human rights.

9 GOVERNMENTAL SURVEILLANCE CLIENT PRIVACY 9 References American Psychological Association. (2007). Record keeping guidelines. The American Psychologist, 62, doi: / X American Psychological Association. (2010). Ethical principles of psychologists and code of conduct. Washington, DC: Author. Retrieved from principles.pdf APA Practice Organization. (2014). ABCs and 123s of encryption. Good Practice, Spring/ Summer. Baker, D. C., & Bufka, L. F. (2011). Preparing for the telehealth world: Navigating legal, regulatory, reimbursement, and ethical issues in an electronic age. Professional Psychology: Research and Practice, 42, doi: /a Barrows, R. C., & Clayton, P. D. (1996). Privacy, confidentiality, and electronic medical records. Journal of the American Medical Informatics Association, 3, doi: /jamia Benefield, H., Ashkanazi, G., Rozensky, R. H. (2006). Communication and records: HIPPA issues when working in health care settings. Professional Psychology: Research and Practice, 37, doi: / Colbow, A. J. (2013). Looking to the future: Integrating telemental health therapy into psychologist training. Training and Education in Professional Psychology, 7, doi: /a Counterintelligence access to telephone toll and transactional records. 18 U.S. Code 2709.

10 GOVERNMENTAL SURVEILLANCE CLIENT PRIVACY 10 Devereaux, R. L., & Gottlieb, M. C. (2012). Record keeping in the cloud: Ethical considerations. Professional Psychology: Research and Practice, 43, doi: /a Donner, M. B., VandeCreek, L., Gonsiorek, J. C., & Fisher, C. B. (2008). Balancing confidentiality: Protecting privacy and protecting the public. Professional Psychology: Research and Practice, 39, doi: / Electronic Frontier Foundation. (2014). Keeping Your Data Safe. Retrieved from https:// ssd.eff.org/en/module/keeping-your-data-safe Freedom of Information Act of 1966, 5 U.S. Code 552. Gellman, B., & Soltani, A. (2013). NSA infiltrates links to Yahoo, Google data centers worldwide, Snowden says. The Washington Post. Retrieved from google-datacenters-worldwide-snowden-documents-say/2013/10/30/e51d661e e3-8b74- d89d714ca4dd_story.html Glosoff, H. L., Herlihy, S. B., Herlihy, B., & Spence, E. B. (1997). Privileged communication in the psychologist-client relationship. Professional Psychology: Research and Practice, 28, doi: /j tb01929.x Google. (2014a). Archive messages. Retrieved from https://support.google.com/mail/answer/ 6576?hl=en Greenwald, G. (2013). NSA collecting phone records of millions of Verizon customers daily. The Guardian. Retrieved from nsa phone-records-verizon-court-order

11 GOVERNMENTAL SURVEILLANCE CLIENT PRIVACY 11 Greenwald, G. (2014). No place to hide: Edward Snowden, the NSA, and the U.S. surveillance state. New York, NY: Penguin Group. Jaffee v. Redmond, 518 U.S. 1 (1996). Lee, M. (2013). Encryption works: How to protect your privacy in the age of NSA surveillance. Freedom of the Press Foundation. Retrieved from https://freedom.press/sites/ default/files/encryption_works.pdf National Security Agency. (2010). Hardening tips for Mac OS X 10.6 Snow Leopard. Retrieved from https://www.nsa.gov/ia/_files/factsheets/macosx_10_6_hardeningtips.pdf National Security Agency. (2011). Mission. Retrieved from https://www.nsa.gov/about/mission/ index.shtml Norcross, J. C., Pfund, R. A., & Prochaska, J. O. (2013). Psychotherapy in 2022: A Delphi Poll on its future. Professional Psychology: Research and Practice, 44, doi: /a Rubanowitz, D. E. (1987). Public attitudes toward psychotherapy-client confidentiality. Professional Psychology: Research and Practice, 18, doi: / Shapiro, D. E., & Schulman, C. E. (1996). Ethical and legal issues in therapy. Ethics & Behavior, 6, doi: /s eb0602_3 Stored Communications Act of 1986, 18 U.S. Code University of Iowa. (2013). Chapter 19: Acceptable use of information technology resources. Retrieved from

12 GOVERNMENTAL SURVEILLANCE CLIENT PRIVACY 12 VandeCreek, L., Miars, R. D., & Herzog, C. E. (1987). Client anticipations and preferences for confidentiality of records. Journal of Counseling Psychology, 34, doi: /

Email Data Security. The dominant business communication tool

Email Data Security. The dominant business communication tool Email Data Security Jim Brashear General Counsel Zix Corporation Dallas Business Uses Email The dominant business communication tool Time spent on email exceeds time spent on all other communication tools

More information

Electronic Communication In Your Practice. How To Use Email & Mobile Devices While Maintaining Compliance & Security

Electronic Communication In Your Practice. How To Use Email & Mobile Devices While Maintaining Compliance & Security Electronic Communication In Your Practice How To Use Email & Mobile Devices While Maintaining Compliance & Security Agenda 1 HIPAA and Electronic Communication 2 3 4 Using Email In Your Practice Mobile

More information

Data Protection Act 1998. Bring your own device (BYOD)

Data Protection Act 1998. Bring your own device (BYOD) Data Protection Act 1998 Bring your own device (BYOD) Contents Introduction... 3 Overview... 3 What the DPA says... 3 What is BYOD?... 4 What are the risks?... 4 What are the benefits?... 5 What to consider?...

More information

Jeff M. Bauman, Psy.D. P.A. and Associates FLORIDA-HIPAA PRIVACY NOTICE FORM

Jeff M. Bauman, Psy.D. P.A. and Associates FLORIDA-HIPAA PRIVACY NOTICE FORM Jeff M. Bauman, Psy.D. P.A. and Associates FLORIDA-HIPAA PRIVACY NOTICE FORM Notice of Psychologists Policies and Practices to Protect the Privacy of Your Health Information THIS NOTICE DESCRIBES HOW PSYCHOLOGICAL

More information

NSA Surveillance, National Security and Privacy

NSA Surveillance, National Security and Privacy NSA Surveillance, National Security and Privacy Ir Roy Ko Former HKCERT Manager 20 August 2014 HKIE Veneree Club 1 Agenda Background Edward Snowden National Security Agency (NSA) What NSA has done PRISM

More information

ELECTRONIC PSYCHOLOGICAL RECORD KEEPING: MEETING THE ETHICAL AND LEGAL STANDARD OF CARE

ELECTRONIC PSYCHOLOGICAL RECORD KEEPING: MEETING THE ETHICAL AND LEGAL STANDARD OF CARE ELECTRONIC PSYCHOLOGICAL RECORD KEEPING: MEETING THE ETHICAL AND LEGAL STANDARD OF CARE Jeffrey N. Younggren, Ph.D. Clinical Professor UCLA David Geffen School of Medicine EHR s or THE PURSUIT OF EFFICIENCY

More information

Federal Bureau of Prisons

Federal Bureau of Prisons Federal Bureau of Prisons Privacy Impact Assessment for the Forensic Laboratory Issued by: Sonya D. Thompson, Senior Component Official for Privacy, Sr. Deputy Assistant Director/CIO Approved by: Erika

More information

THE SECURITY OF HOSTED EXCHANGE FOR SMBs

THE SECURITY OF HOSTED EXCHANGE FOR SMBs THE SECURITY OF HOSTED EXCHANGE FOR SMBs In the interest of security and cost-efficiency, many businesses are turning to hosted Microsoft Exchange for the scalability, ease of use and accessibility available

More information

Technology Standard. Electronic Communications Standard PURPOSE SCOPE APPLICABILITY

Technology Standard. Electronic Communications Standard PURPOSE SCOPE APPLICABILITY Technology Standard Electronic Communications Standard Version: 2.0 Status: Approved 06/17/09 Contact: Director, Technology Services PURPOSE The Virginia Community College System is committed to using

More information

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A

More information

LAWYERING IN THE CLOUD CRIB NOTES 2012 Charles F. Luce, Jr. coloradolegalethics.com/ (alpha release)

LAWYERING IN THE CLOUD CRIB NOTES 2012 Charles F. Luce, Jr. coloradolegalethics.com/ (alpha release) CHARLES LUCE S LAWYERING IN THE CLOUD CRIB NOTES 2012 Charles F. Luce, Jr. coloradolegalethics.com/ (alpha release) A. Cloud Computing Defined: n. A loosely defined term for any system providing access

More information

DSHS CA Security For Providers

DSHS CA Security For Providers DSHS CA Security For Providers Pablo F Matute DSHS Children's Information Security Officer 7/21/2015 1 Data Categories: An Overview All DSHS-owned data falls into one of four categories: Category 1 - Public

More information

Privacy Best Practices

Privacy Best Practices Privacy Best Practices Mount Royal University Electronic Collection/Storage/Transmission of Personal (Google Drive/Forms/Docs) Google Suite: Document, Presentation, Spreadsheet, Form, Drawing Overview

More information

DiamondStream Data Security Policy Summary

DiamondStream Data Security Policy Summary DiamondStream Data Security Policy Summary Overview This document describes DiamondStream s standard security policy for accessing and interacting with proprietary and third-party client data. This covers

More information

This notice describes how psychological and medical information about you may be used and disclosed and how you can get access to this information.

This notice describes how psychological and medical information about you may be used and disclosed and how you can get access to this information. Page 1 of 5 HIPAA Notification Policies and Practices to Protect the Privacy of Your Heath Information This notice describes how psychological and medical information about you may be used and disclosed

More information

Privacy Policy Version 1.0, 1 st of May 2016

Privacy Policy Version 1.0, 1 st of May 2016 Privacy Policy Version 1.0, 1 st of May 2016 THIS PRIVACY POLICY APPLIES TO PERSONAL INFORMATION COLLECTED BY GOCIETY SOLUTIONS FROM USERS OF THE GOCIETY SOLUTIONS APPLICATIONS (GoLivePhone and GoLiveAssist)

More information

Office Policies, Informed Consent for Treatment, and Protecting the Privacy of Your Health Record

Office Policies, Informed Consent for Treatment, and Protecting the Privacy of Your Health Record Office Policies, Informed Consent for Treatment, and Protecting the Privacy of Your Health Record Welcome to my office! Below is some information you may wish to read before your first appointment. Included

More information

Research Information Security Guideline

Research Information Security Guideline Research Information Security Guideline Introduction This document provides general information security guidelines when working with research data. The items in this guideline are divided into two different

More information

Microsoft s cybersecurity commitment

Microsoft s cybersecurity commitment Microsoft s cybersecurity commitment Published January 2015 At Microsoft, we take the security and privacy of our customers data seriously. This focus has been core to our culture for more than a decade

More information

Kiran Mishra, Ph.D. Licensed Clinical Psychologist. Sugar Land, TX 77478 (832) 876-3232 TEXAS NOTICE FORM

Kiran Mishra, Ph.D. Licensed Clinical Psychologist. Sugar Land, TX 77478 (832) 876-3232 TEXAS NOTICE FORM Kiran Mishra, Ph.D. Licensed Clinical Psychologist 1111 Highway 6, Suite 235 Sugar Land, TX 77478 (832) 876-3232 TEXAS NOTICE FORM Notice of Psychologists Policies and Practices to Protect the Privacy

More information

ETHICAL ELECTRIC PRIVACY POLICY. Last Revised: December 15, 2015

ETHICAL ELECTRIC PRIVACY POLICY. Last Revised: December 15, 2015 ETHICAL ELECTRIC PRIVACY POLICY Last Revised: December 15, 2015 This policy ("Policy") covers the privacy practices that Ethical Electric, Inc. ("Ethical Electric", "we" or "us") employs with respect to

More information

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Computer and Network Security Policy Policy Number: 04.72.12 Effective Date: November 4, 2003 Issuing Authority: Office of the Vice President for

More information

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0 Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features

More information

Data Processing Agreement for Oracle Cloud Services

Data Processing Agreement for Oracle Cloud Services Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services

More information

POLICIES AND REGULATIONS Policy #78

POLICIES AND REGULATIONS Policy #78 Peel District School Board POLICIES AND REGULATIONS Policy #78 DIGITAL CITIZENSHIP Digital Citizenship Digital citizenship is defined as the norms of responsible behaviour related to the appropriate use

More information

DATA AND PAYMENT SECURITY PART 1

DATA AND PAYMENT SECURITY PART 1 STAR has teamed up with Prevention of Fraud in Travel (PROFiT) and the Fraud Intelligence Network (FIN) to offer our members the best advice about fraud prevention. We recognise the increasing threat of

More information

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Risks to Health Information Risks vary based on the mobile device and its use. Some risks include:

More information

details, and numerous other data points. Enough information is often collected that even 2

details, and numerous other data points. Enough information is often collected that even 2 Big Data Study Office of Science and Technology Policy Eisenhower Executive Office Building 650 Pennsylvania Avenue, NW Washington, D.C. 050 VIA E MAIL bigdata@ostp.gov March, 04 Re: Big Data Study, Document

More information

Android Developer Applications

Android Developer Applications Android Developer Applications January 31, 2013 Contact Departmental Privacy Office U.S. Department of the Interior 1849 C Street NW Mail Stop MIB-7456 Washington, DC 20240 202-208-1605 DOI_Privacy@ios.doi.gov

More information

Office Policies, Informed Consent for Treatment, and Protecting the Privacy of Your Health Record

Office Policies, Informed Consent for Treatment, and Protecting the Privacy of Your Health Record Office Policies, Informed Consent for Treatment, and Protecting the Privacy of Your Health Record Welcome to my office! Below is some information you may wish to read before your first appointment. Included

More information

Matrix Technical Support Mailer - 72 Procedure for Image Upload through Email Server in SATATYA DVR,NVR & HVR

Matrix Technical Support Mailer - 72 Procedure for Image Upload through Email Server in SATATYA DVR,NVR & HVR Matrix Technical Support Mailer - 72 Procedure for Image Upload through Email Server in SATATYA DVR,NVR & HVR Dear Friends, This mailer will help you configure Email Notification in SATATYA Web Client

More information

The Department of Health and Human Services Privacy Awareness Training. Fiscal Year 2015

The Department of Health and Human Services Privacy Awareness Training. Fiscal Year 2015 The Department of Health and Human Services Privacy Awareness Training Fiscal Year 2015 Course Objectives At the end of the course, you will be able to: Define privacy and explain its importance. Identify

More information

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Risks to to Health Mobile Information Devices: Risks to Health Information Risks vary based on the

More information

Montclair State University. HIPAA Security Policy

Montclair State University. HIPAA Security Policy Montclair State University HIPAA Security Policy Effective: June 25, 2015 HIPAA Security Policy and Procedures Montclair State University is a hybrid entity and has designated Healthcare Components that

More information

I ve been breached! Now what?

I ve been breached! Now what? I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have

More information

COURTNEE A. PELTON, PSY.D.

COURTNEE A. PELTON, PSY.D. 1 COURTNEE A. PELTON, PSY.D. 703-343-0849 CPELTON.PSYCH@GMAIL.COM Outpatient Services Contract Welcome to my practice. This agreement contains important information about my professional services and office

More information

Cloud Computing. Chapter 5 Identity as a Service (IDaaS)

Cloud Computing. Chapter 5 Identity as a Service (IDaaS) Cloud Computing Chapter 5 Identity as a Service (IDaaS) Learning Objectives Describe challenges related to ID management. Describe and discuss single sign-on (SSO) capabilities. List the advantages of

More information

The Ethical Implications of NSA Surveillance for Lawyers. David G. Ries Clark Hill Thorp Reed

The Ethical Implications of NSA Surveillance for Lawyers. David G. Ries Clark Hill Thorp Reed The Ethical Implications of NSA Surveillance for Lawyers David G. Ries Clark Hill Thorp Reed 2 3 The June 2013 Headlines: NSA collecting phone records of millions of Verizon customers daily The Guardian,

More information

Paxata Security Overview

Paxata Security Overview Paxata Security Overview Ensuring your most trusted data remains secure Nenshad Bardoliwalla Co-Founder and Vice President of Products nenshad@paxata.com Table of Contents: Introduction...3 Secure Data

More information

VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security, and HIPAA Compliance

VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security, and HIPAA Compliance VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security, and HIPAA Compliance Valerie J.M. Watzlaf, PhD, RHIA, FAHIMA, Sohrab Moeini, MS, and Patti Firouzan, MS, RHIA Department of Health Information

More information

Notice of Privacy Practices

Notice of Privacy Practices SHANNON LERACH, Ph.D. Licensed Clinical Psychologist PSY23705 243 N. Highway 101, Suite 16, Solana Beach, CA 92075 Telephone: (619) 817.5320 Fax: (858) 481.1674 Notice of Privacy Practices This Notice

More information

Department of the Interior Privacy Impact Assessment

Department of the Interior Privacy Impact Assessment Department of the Interior August 15, 2014 Name of Project: email Enterprise Records and Document Management System (eerdms) Bureau: Office of the Secretary Project s Unique ID: Not Applicable A. CONTACT

More information

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225

More information

Student Email Service Improvements Executive Background Brief

Student Email Service Improvements Executive Background Brief Student Email Service Improvements Executive Background Brief Executive Summary Despite the ubiquity of consumer email services and the fact that virtually all students coming to York have been using electronic

More information

Table of Contents. Acknowledgement

Table of Contents. Acknowledgement OPA Communications and Member Services Committee February 2015 Table of Contents Preamble... 3 General Information... 3 Risks of Using Email... 4 Use of Smartphones and Other Mobile Devices... 5 Guidelines...

More information

Counseling Intake Form (Each person attending therapy should complete a form)

Counseling Intake Form (Each person attending therapy should complete a form) Counseling Intake Form (Each person attending therapy should complete a form) Name Male Female Mailing Address Date of Birth Home Phone Work Email How would you like to be contacted? Home Work Email Okay

More information

Understanding Psychological Assessment and Informed Consent

Understanding Psychological Assessment and Informed Consent Understanding Psychological Assessment and Informed Consent You have taken the first step to feel more successful and empowered in your life by choosing to participate in a Psychological Assessment. Thank

More information

Brenda Diller, MHR, CHT, HTP www.brendadiller.com Brenda@BrendaDiller.com BrendaDiller@hipaamail.us Office: 970-422-6102 Secure Fax: 970-422-7096

Brenda Diller, MHR, CHT, HTP www.brendadiller.com Brenda@BrendaDiller.com BrendaDiller@hipaamail.us Office: 970-422-6102 Secure Fax: 970-422-7096 Brenda Diller, MHR, CHT, HTP www.brendadiller.com Brenda@BrendaDiller.com BrendaDiller@hipaamail.us Office: 970-422-6102 Secure Fax: 970-422-7096 Durango Office: Colorado Springs Office: 150 E 9 th Street,

More information

Electronic Messaging Policy. 1. Document Status. Security Classification. Level 4 - PUBLIC. Version 1.0. Approval. Review By June 2012

Electronic Messaging Policy. 1. Document Status. Security Classification. Level 4 - PUBLIC. Version 1.0. Approval. Review By June 2012 Electronic Messaging Policy 1. Document Status Security Classification Level 4 - PUBLIC Version 1.0 Status DRAFT Approval Life 3 Years Review By June 2012 Owner Secure Research Database Analyst Retention

More information

Cloud Computing TODAY S TOPICS WHAT IS CLOUD COMPUTING? ICAC Webinar Cloud Computing September 4, 2012. What Cloud Computing is and How it Works

Cloud Computing TODAY S TOPICS WHAT IS CLOUD COMPUTING? ICAC Webinar Cloud Computing September 4, 2012. What Cloud Computing is and How it Works Cloud Computing TODAY S TOPICS What Cloud Computing is and How it Works Security & Privacy Issues Investigative Challenges WHAT IS CLOUD COMPUTING? Cloud computing refers to software or processes offered

More information

PINAL COUNTY POLICY AND PROCEDURE 2.50 ELECTRONIC MAIL AND SCHEDULING SYSTEM

PINAL COUNTY POLICY AND PROCEDURE 2.50 ELECTRONIC MAIL AND SCHEDULING SYSTEM PINAL COUNTY POLICY AND PROCEDURE 2.50 Subject: ELECTRONIC MAIL AND SCHEDULING SYSTEM Date: November 18, 2009 Pages: 1 of 5 Replaces Policy Dated: April 10, 2007 PURPOSE: The purpose of this policy is

More information

Technology Plan. Beaufort County Community College Washington, North Carolina 27889 2013-2014

Technology Plan. Beaufort County Community College Washington, North Carolina 27889 2013-2014 1 Technology Plan Beaufort County Community College Washington, North Carolina 27889 2013-2014 For more information, contact: Arthur Richard Director of Information Technology (252) 940-6210 arthurr@beaufortccc.edu

More information

Policy # Related Policies: Computer, Electronic Communications, and Internet Usage Policy

Policy # Related Policies: Computer, Electronic Communications, and Internet Usage Policy Policy # Related Policies: Computer, Electronic Communications, and Internet Usage Policy This policy is for internal use only and does not enlarge an employee s civil liability in any way. The policy

More information

HIPAA Notice of Privacy Practices HAND & MICROSURGERY ASSOCIATES, INC.

HIPAA Notice of Privacy Practices HAND & MICROSURGERY ASSOCIATES, INC. HIPAA Notice of Privacy Practices HAND & MICROSURGERY ASSOCIATES, INC. THIS NOTICE OF PRIVACY PRACTICES (THE NOTICE ) DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN

More information

PSYCHOTHERAPY CONTRACT

PSYCHOTHERAPY CONTRACT Aaron J. Dodini, Ph.D. Licensed Clinical Psychologist Licensed Marriage & Family Therapist PSYCHOTHERAPY CONTRACT Welcome to my practice. This document contains important information about my professional

More information

Who Controls Your Information in the Cloud?

Who Controls Your Information in the Cloud? Who Controls Your Information in the Cloud? threat protection compliance archiving & governance secure communication Contents Who Controls Your Information in the Cloud?...3 How Common Are Information

More information

WHITE PAPER NEXSAN TRANSPORTER PRODUCT SECURITY AN IN-DEPTH REVIEW

WHITE PAPER NEXSAN TRANSPORTER PRODUCT SECURITY AN IN-DEPTH REVIEW NEXSAN TRANSPORTER PRODUCT SECURITY AN IN-DEPTH REVIEW INTRODUCTION As businesses adopt new technologies that touch or leverage critical company data, maintaining the highest level of security is their

More information

Xerox Mobile Print Cloud

Xerox Mobile Print Cloud September 2012 702P00860 Xerox Mobile Print Cloud Information Assurance Disclosure 2012 Xerox Corporation. All rights reserved. Xerox and Xerox and Design are trademarks of Xerox Corporation in the United

More information

Network Security Policy

Network Security Policy Network Security Policy I. PURPOSE Attacks and security incidents constitute a risk to the University's academic mission. The loss or corruption of data or unauthorized disclosure of information on campus

More information

INFORMATION SECURITY GUIDE. Cloud Computing Outsourcing. Information Security Unit. Information Technology Services (ITS) July 2013

INFORMATION SECURITY GUIDE. Cloud Computing Outsourcing. Information Security Unit. Information Technology Services (ITS) July 2013 INFORMATION SECURITY GUIDE Cloud Computing Outsourcing Information Security Unit Information Technology Services (ITS) July 2013 CONTENTS 1. Background...2 2. Legislative and Policy Requirements...3 3.

More information

Cloud Computing. Security Practices for General User. Examples of Popular Cloud Service Providers

Cloud Computing. Security Practices for General User. Examples of Popular Cloud Service Providers Cloud Computing Security Practices for General User T he cloud is composed of an extensive bulk of computers owned by a third-party in remote location(s). The Internet provides a bridge between personal

More information

Jerry M. Ruhl Ph.D. Clinical Psychologist (Texas #34359) 5200 Montrose Blvd. Houston, TX 77006

Jerry M. Ruhl Ph.D. Clinical Psychologist (Texas #34359) 5200 Montrose Blvd. Houston, TX 77006 Jerry M. Ruhl Ph.D. Clinical Psychologist (Texas #34359) 5200 Montrose Blvd. Houston, TX 77006 CELL (937) 684-7746 PLEASE USE THIS NUMBER TO SCHEDULE OR CHANGE APPOINTMENTS INFORMED CONSENT FOR TREATMENT

More information

ELECTRONIC COMMUNICATION & INFORMATION SYSTEMS POLICY

ELECTRONIC COMMUNICATION & INFORMATION SYSTEMS POLICY ELECTRONIC COMMUNICATION & INFORMATION SYSTEMS POLICY I. ELECTRONIC COMMUNICATION A. PURPOSE To better serve our citizens and give our workforce the best tools to do their jobs, the Common Council of the

More information

The Ministry of Information & Communication Technology MICT

The Ministry of Information & Communication Technology MICT The Ministry of Information & Communication Technology MICT Document Reference: ISGSN2012-10-01-Ver 1.0 Published Date: March 2014 1 P a g e Table of Contents Table of Contents... 2 Definitions... 3 1.

More information

The Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training

The Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training The Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training Introduction The HIPAA Security Rule specifically requires training of all members of the workforce.

More information

Earth-Life Science Institute Tokyo Institute of Technology. Operating Guidelines for Information Security

Earth-Life Science Institute Tokyo Institute of Technology. Operating Guidelines for Information Security Earth-Life Science Institute Tokyo Institute of Technology Operating Guidelines for Information Security 2013 1. Purpose The Operating Guidelines for Information Security (hereinafter, the Operating Guidelines

More information

CORPORATE. Tab Authority Subject Related Policies POLICY STATEMENT PURPOSE

CORPORATE. Tab Authority Subject Related Policies POLICY STATEMENT PURPOSE POLICY AND PAGE 1 of 7 OCTOBER 25, 2007 Tab Authority Subject Related Policies Corporate Services Information Technology Services Responsible Computing Corporate IT Guiding Principles Policy, Harassment

More information

NOTICE OF PSYCHOLOGIST S POLICIES AND PRACTICES TO PROTECT THE PRIVACY OF YOUR HEALTH INFORMATION

NOTICE OF PSYCHOLOGIST S POLICIES AND PRACTICES TO PROTECT THE PRIVACY OF YOUR HEALTH INFORMATION Effective Date: 09/23/2013 Paul Beljan, PsyD, ABPdN, ABN Alison E.F. Reuter, PhD, ABPdN Laura Wingers, PsyD Kate Bree, PsyD Vanessa Berens, PhD Jacob Boney, PsyD, BCBA-D 9835 E. Bell Rd., Ste. 140 Scottsdale,

More information

HIPAA POLICIES & PROCEDURES AND ADMINISTRATIVE FORMS TABLE OF CONTENTS

HIPAA POLICIES & PROCEDURES AND ADMINISTRATIVE FORMS TABLE OF CONTENTS HIPAA POLICIES & PROCEDURES AND ADMINISTRATIVE FORMS TABLE OF CONTENTS 1. HIPAA Privacy Policies & Procedures Overview (Policy & Procedure) 2. HIPAA Privacy Officer (Policy & Procedure) 3. Notice of Privacy

More information

Betsy Mencher, Ph.D. Licensed Clinical Psychologist 1350 Connecticut Avenue, NW Suite 602 Washington, DC 20036

Betsy Mencher, Ph.D. Licensed Clinical Psychologist 1350 Connecticut Avenue, NW Suite 602 Washington, DC 20036 Betsy Mencher, Ph.D. Licensed Clinical Psychologist 1350 Connecticut Avenue, NW Suite 602 Washington, DC 20036 PSYCHOLOGIST-CLIENT SERVICES AGREEMENT Welcome to my practice. This document (the Agreement)

More information

Data Breach and Senior Living Communities May 29, 2015

Data Breach and Senior Living Communities May 29, 2015 Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs

More information

Reliance Bank Fraud Prevention Best Practices

Reliance Bank Fraud Prevention Best Practices Reliance Bank Fraud Prevention Best Practices May 2013 User ID and Password Guidelines Create a strong password with at least 8 characters that includes a combination of mixed case letters and numbers.

More information

Federal Trade Commission Privacy Impact Assessment for:

Federal Trade Commission Privacy Impact Assessment for: Federal Trade Commission Privacy Impact Assessment for: DCBE Websites and Blogs Consumer.ftc.gov, Consumidor.ftc.gov, OnGuardOnline, AlertaenLinea, Consumer.gov, Consumidor.gov and the BCP Business Center

More information

Advanced Diagnostics Limited ( We ) are committed to protecting and respecting your privacy.

Advanced Diagnostics Limited ( We ) are committed to protecting and respecting your privacy. MOBILE APPLICATION PRIVACY POLICY Advanced Diagnostics Limited ( We ) are committed to protecting and respecting your privacy. SCOPE OF POLICY This policy (together with our end-user licence agreement

More information

The Anti-Corruption Compliance Platform

The Anti-Corruption Compliance Platform The Anti-Corruption Compliance Platform DATA COLLECTION RISK IDENTIFICATION SCREENING INTEGRITY DUE DILIGENCE CERTIFICATIONS GIFTS, TRAVEL AND ENTERTAINMENT TRACKING SECURITY AND DATA PROTECTION The ComplianceDesktop

More information

APPLETREE PEDIATRICS, PA NOTICE OF PRIVACY PRACTICES

APPLETREE PEDIATRICS, PA NOTICE OF PRIVACY PRACTICES APPLETREE PEDIATRICS, PA NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

More information

STANDARDS FOR TECHNOLOGY USE IN SOCIAL WORK PRACTICE

STANDARDS FOR TECHNOLOGY USE IN SOCIAL WORK PRACTICE STANDARDS FOR TECHNOLOGY USE IN SOCIAL WORK PRACTICE Adopted February 3, 2012 TABLE OF CONTENTS Introduction 1 Standards for Technology Use in Social Work Practice 2 Definitions 3 Rationale 4 Standards

More information

The HIPAA Security Rule Primer Compliance Date: April 20, 2005

The HIPAA Security Rule Primer Compliance Date: April 20, 2005 AMERICAN PSYCHOLOGICAL ASSOCIATION PRACTICE ORGANIZATION Practice Working for You The HIPAA Security Rule Primer Compliance Date: April 20, 2005 Printer-friendly PDF 1 Contents Click on any title below

More information

Defense Media Activity Guide To Keeping Your Social Media Accounts Secure

Defense Media Activity Guide To Keeping Your Social Media Accounts Secure Guide To Keeping Your Social Media Accounts Secure Social media is an integral part of the strategic communications and public affairs missions of the Department of Defense. Like any asset, it is something

More information

Online Banking Customer Awareness and Education Program

Online Banking Customer Awareness and Education Program Online Banking Customer Awareness and Education Program Electronic Fund Transfers: Your Rights and Responsibilities (Regulation E Disclosure) Indicated below are types of Electronic Fund Transfers we are

More information

Ethical Considerations for Lawyers Using the Cloud

Ethical Considerations for Lawyers Using the Cloud Ethical Considerations for Lawyers Using the Cloud Presentation by Peter J. Guffin, Esq. Pierce Atwood LLP pguffin@pierceatwood.com (207) 791-1199 Maine State Bar Association Summer Meeting June 22, 2012

More information

Business Internet Banking / Cash Management Fraud Prevention Best Practices

Business Internet Banking / Cash Management Fraud Prevention Best Practices Business Internet Banking / Cash Management Fraud Prevention Best Practices This document provides fraud prevention best practices that can be used as a training tool to educate new Users within your organization

More information

Information Security It s Everyone s Responsibility

Information Security It s Everyone s Responsibility Information Security It s Everyone s Responsibility Developed By The University of Texas at Dallas (ISO) Purpose of Training As an employee, you are often the first line of defense protecting valuable

More information

Cloud Computing Governance & Security. Security Risks in the Cloud

Cloud Computing Governance & Security. Security Risks in the Cloud Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud

More information

PRIVACY POLICY. Introduction

PRIVACY POLICY. Introduction PRIVACY POLICY Introduction Thomas & Darden Inc. ( Company or We ) respects your privacy and is committed to protecting it through our compliance with this policy. This policy describes the types of information

More information

Privacy Policy. Peeptrade LLC ( Company or We ) respect your privacy and are committed to protecting it through our compliance with this policy.

Privacy Policy. Peeptrade LLC ( Company or We ) respect your privacy and are committed to protecting it through our compliance with this policy. Privacy Policy Introduction Peeptrade LLC ( Company or We ) respect your privacy and are committed to protecting it through our compliance with this policy. This policy describes the types of information

More information

Privacy Impact Assessment for TRUFONE Inmate Telephone System

Privacy Impact Assessment for TRUFONE Inmate Telephone System Federal Bureau of Prisons Privacy Impact Assessment for TRUFONE Inmate Telephone System Issued by: Sonya D. Thompson Reviewed by: Approved by: Vance E. Hitch, Chief Information Officer, Department of Justice

More information

Moving Therapy Online

Moving Therapy Online Moving Therapy Online What do you have to know to Ethically and Legally bring Technology into your Psychotherapy Practice Presentation by: Martha Ireland PhD, RN, CNS, CEDS, DCC Co-Founder: Virtual Therapy

More information

HIPAA. The Privacy Rule. what you need to know now. A primer for psychologists

HIPAA. The Privacy Rule. what you need to know now. A primer for psychologists HIPAA what you need to know now The Privacy Rule A primer for psychologists Updated 2013 This publication answers basic questions that psychologists often ask about the Health Insurance Portability and

More information

GoldKey Software. User s Manual. Revision 7.12. WideBand Corporation www.goldkey.com. Copyright 2007-2014 WideBand Corporation. All Rights Reserved.

GoldKey Software. User s Manual. Revision 7.12. WideBand Corporation www.goldkey.com. Copyright 2007-2014 WideBand Corporation. All Rights Reserved. GoldKey Software User s Manual Revision 7.12 WideBand Corporation www.goldkey.com 1 Table of Contents GoldKey Installation and Quick Start... 5 Initial Personalization... 5 Creating a Primary Secure Drive...

More information

What is the Cloud? Computer Basics Web Apps and the Cloud. Page 1

What is the Cloud? Computer Basics Web Apps and the Cloud. Page 1 Computer Basics Web Apps and the Cloud What is the Cloud? You may have heard people using terms like the cloud, cloud computing, or cloud storage. But what exactly is the cloud? Basically, the cloud is

More information

Caldwell Community College and Technical Institute

Caldwell Community College and Technical Institute Caldwell Community College and Technical Institute Employee Computer Usage Policies and Procedures I. PURPOSE: The purpose of this section is to define the policies and procedures for using the administrative

More information

Introduction. Purpose. Reference. Applicability. HIPAA Policy 7.1. Safeguards to Protect the Privacy of PHI

Introduction. Purpose. Reference. Applicability. HIPAA Policy 7.1. Safeguards to Protect the Privacy of PHI Office of Regulatory Compliance 13001 E. 17 th Place, Suite W1124 Mail Stop F497 Aurora, CO 80045 Main Office: 303-724-1010 Main Fax: 303-724-1019 HIPAA Policy 7.1 Title: Source: Prepared by: Approved

More information

Connecticut Carpenters Health Fund Privacy Notice

Connecticut Carpenters Health Fund Privacy Notice Connecticut Carpenters Health Fund Privacy Notice THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

More information

THE BLUENOSE SECURITY FRAMEWORK

THE BLUENOSE SECURITY FRAMEWORK THE BLUENOSE SECURITY FRAMEWORK Bluenose Analytics, Inc. All rights reserved TABLE OF CONTENTS Bluenose Analytics, Inc. Security Whitepaper ISO 27001/27002 / 1 The Four Pillars of Our Security Program

More information

The Bishop s Stortford High School Internet Use and Data Security Policy

The Bishop s Stortford High School Internet Use and Data Security Policy Internet Acceptance Use and Data Security Policy Last Updated: 08/10/2012 Date of Next Review: 08/10/2015 Approved by GB: 10/10/2012 Responsible Committee: Student Welfare and Development Internet Acceptable

More information

ADULT REGISTRATION FORM. Last Name First Name Middle Initial. Date of Birth Age Identified Gender. Street Address. City State Zip Code

ADULT REGISTRATION FORM. Last Name First Name Middle Initial. Date of Birth Age Identified Gender. Street Address. City State Zip Code ADULT REGISTRATION FORM Last Name First Name Middle Initial Date of Birth Age Identified Gender Street Address City State Zip Code Home Phone Cell Phone FINANCIALLY RESPONSIBLE PARTY (If different from

More information