A Few Words on Security

Technology is an amazing and wonderful thing. Stop for a minute and think about the fact that the computer (smartphone) you’re holding in the palm of your hand probably has more processing power, RAM, and storage than the eight pound laptop you had 10 years ago. I was just thinking the other day that my 20 month old son no longer needs the motor coordination to use a mouse in order to master the use of a computer – he can turn on an iPad and pick his app, at least when he can get one finger to the screen instead of his whole hand. The potential of these devices as the use of a tool in therapy is amazing.

However, think about the last time you or a colleague lost a smartphone or tablet – even for a minute. Then think about how much worse it would feel if there was any sort of client information accessible on that device. Always keep in mind that the combination of tiny, fragile computers, HIPAA, and ethics can make these devices a significant liability if they are not managed properly. Many of the apps I talk about here keep some sort of data on your device; most of them only allow you to manually wipe data. There are some otherwise secure ways to access client files on your phone or tablet if you are out of the office – but if any random person can access your phone, then you can be in significant trouble.

You’ll need to remember one rule: there is no electronic security that is ever 100% risk-free. Every day we see about a shopping site, or a bank, or a gaming company that gets hacked. It’s just a reality that we have to account for, and in an odd turn of events, both ethics and law understand that electronic security is never going to be an absolute thing. There are three things that you need to do in order to limit the dangers to confidentiality and privacy inherent in these devices:

  1. Implement a device-level passcode of some sort. Apple products allow you to create a PIN that is required to access the device. Android products also let you use a PIN. Most Android products also have the ability to create a pattern-based passcode that even the FBI can’t crack. (UPDATE August 2012: Not anymore).
  2. Disable auto-login on any software that can access data that is best kept private (yours or the client’s. It’s just good practice).
  3. Make sure that clients are aware of the unique risks of lugging around data on their phone that they might want to keep private, and advise them of these security features. While paper homework that you give clients might be pretty safe, kids, friends, and partners regularly pick up someone else’s phone. (Keep in mind that a partner could become worried if a person suddenly puts a passcode on their phone, and be ready to defuse that).

A final important point: neither law or ethics codes have kept up with the fast pace of technology or the widespread use of insecure communication tools. SMS (text messaging) is a currently relevant example. If you are going to use SMS or similarly insecure methods to communicate with a client (like some really cool recent research in the medical and mental health fields), make sure that they are aware of the risks involved. Most likely, they’ll want to have these tools available to them anyway.


An Introduction

Hi there!

While this blog is conceptualized as a resource for professionals, I understand that a number of non-professional individuals are going to happen across this site, either by chance, or because they want to find a review of an app that they found on the iTunes or Play store. That’s great, and I’m happy to see all of you!

For those of you who are not mental health professionals: before you get too far into the other material on this site, I want to make something clear. One of the things that I teach my graduate students is that they should never say anything to a client without knowing why they are saying it. Put briefly, this means that there is a combination of science and art behind successful therapy, and there is no science to using any self-help tool on its own.

Don’t  get me wrong – I believe that there are many excellent self-help tools, and sometimes all you need is a little self-organized kick to right the ship. However, some people are looking for tools like this because they are desperate or in another way genuinely need help. I also believe that these tools work exponentially better when there is a professional to help frame the use of these tools. As I try to remind my readers as often as possible, nothing that I review here is a replacement for help from a qualified, licensed professional.

For mental health professionals: I decided to start this blog one day when I was demonstrating a cool CBT-based Android app to a colleague. After this, I searched for a blog like this and found that while there are many standalone stories on blogs and other websites about “therapy apps,” there is no single repository to seek opinions about this or that tool on any app store. I have long used a blog like this to find apps for my young son to play with, and thought it would be useful to have a similar tool for mental health practitioners.

As I noted above to the non-professionals, it’s important to remember that there is little or no science behind the use of these tools in therapy. I don’t see anything that I will ever review as being a standalone treatment tool, or even a replacement for a treatment manual if you tend to use that sort of thing. I see these apps as modern homework rather than anything else (although I view homework as a central piece of treatment).