In 2012, privacy breaches exposed the confidential health data of 22.5 million U.S. citizens. Ensuring clients' privacy is essential in clinical psychology, and a task that has become increasingly complex as technology has evolved. Many current professional guidelines for clinical practice do not consider issues pertaining to potential privacy breaches from sources such as human error, malicious acts, metadata, and surveillance (e.g., APA, 2007, http://www.apa.org/practice/guidelines/record-keeping.pdf; APS, 2013, http://www.psychology.org.au/Assets/Files/2013-APS-psychological-services-framework-for-public-sector-NGO%20.pdf; BPS, 2011, http://www.bps.org.uk/sites/default/files/documents/electronic_health_records_final.pdf). We review potential sources of privacy breaches arising from electronic storage and communications use. We conclude with best practice recommendations regarding electronic storage and communication, software choices, and spyware removal designed to minimize privacy risk in mental health care. These recommendations need to be regularly reviewed to continue to minimize the risk of privacy-related breaches in the context of ongoing technological development.
- Best practice
- Mental health care