10 Guidelines for Maintaining Confidentiality in the Digital Age

(Maintaining Confidentiality of Student’s Records and Personal Data for School Counselors)

 

Counselors have an ethical obligation when obtaining informed consent to make sure confidentiality protections and limitations are explained and understood. While various ethical codes extensively address confidentiality, little is specifically mentioned regarding the security of electronically stored and transmitted counseling related information. The purpose of this resource is to further inform the practices of school counselors in the digital age.

Kumoba Pond in Karuizawa, Nagano

Ethical Standards

 

As basic guidance ASCA’s Ethical Standards for School Counselors (2011) states that professional school counselors:
Protect the confidentiality of students’ records and release personal data in accordance with prescribed federal and state laws and school policies including the laws within the Family Education Rights and Privacy Act (FERPA). Student information stored and transmitted electronically is treated with the same care as traditional student records. Recognize the vulnerability of confidentiality in electronic communications…
American Psychological Association (2010):
Psychologists maintain confidentiality in creating, storing, accessing, transferring, and disposing of records under their control, whether these are written, automated, or in any other medium.
Canadian Psychological Association (2000):
Ensure, in the process of obtaining informed consent, that “confidentiality protections and limitations” are understood.

 

Ten Guidelines

 

Guideline #1 – Use a Secure Password

Use strong passwords for the email accounts and filing systems that you use to communicate about and store information regarding clients.

Useful resources on creating strong passwords- (Link 1) (Link 2) (Link 3)

Guideline #2 – Still use the phone

Convey critical information to other schools/ practitioners through personal contact such as a face to face meeting or a phone call.

Guideline #3 – Ensure Untraceable Identity

Only transmit information electronically in a way that is untraceable to a students’ identity. It is often possible to communicate about students via email, for instance, in a manner that both facilitates communication and also protects the identify of the student. It is particularly critical not to include identifying information in the email subject line since this may be seen in an open email client window.

Guideline #4 – Understand File Sharing

Be very familiar with how the sharing/collaborative functions work in electronic file storage systems so you can take effective precautions to protect confidential information stored in that medium. Take the time to familiarize yourself with specific application security settings and select the most restrictive.

Guideline #5 – Check Service Provider Security

Be familiar with the security measures taken by your service provider to know you are working in an electronic environment that minimizes any risk of breach of confidentiality.

Useful Resources – Google SecurityEvernote Security

Guideline #6 – Beware of and do not open free virus scanning services.

If you grant access to these programs you may open your computer up to “spyware” or “adware” that may track your computer activity or worse record your passwords granting access to your accounts.

Guideline #7 – Don’t fall for “phishing” schemes.

These typically appear as legitimate or not so legitimate email or pop-ups that ask you to verify your account or update your account information. If you are concerned about missing a legitimate request you can always contact the service provider via their website. Do not reply to the original email but go through a separate and direct means of contacting the company.

Take this phishing awareness test (click) to see how attuned you are to these schemes.

Guideline #8 – Configure Automatic Password Managers

Be familiar with the automatic password manager of your individual operating system and configure it with a secure master password and to require automatic login when your computer is left unattended. Here are two useful resources about the keychain on Mac and Automatic Logon for Windows. Useful tip – Configure multiple keychains on a Mac to keep it generally user friendly but with increased security for certain applications and/or websites.

Useful Resources about Password Managers – (Link 1) (Link 2)

Guideline #9 – Habitually Log Out

Log out of your computer before you leave your computer unattended. This will require it to be logged back into before it can be used or applications opened. On a Mac this can be as simple as Shift-Command-Q or on Windows CRTL+ALT+DEL. You can also configure both operating systems with custom shortcuts to log out.

Useful Resource on Mac Shortcuts (click).

Guideline #10 – Beware of rogue USB thumb drives.

Malware or Spyware can be loaded onto the USB thumb drives that automatically launch when plugged into a computer. As Paul Zimsky from Lumension IT Security firm states, “If someone loads malware on a USB drive and drops it in a parking lot, it’s human nature to want to use this thing,” Zimski said. “You don’t think of it as a threat.” In reality, this could be the very thing that exposes your computer to a breach of confidentiality.

Interesting article on USB drives and Spyware (click)

Well before the proliferation of digital storage, effective protocol was required so that student records and case notes would be kept secure and handled by school personnel in a manner that would maintain confidentiality. In today’s schools, electronic filing systems and correspondence of or about confidential matters related to school counseling have become more common and in the case of communication, nearly universal.

In addition to strategies ensuring the physical protection of computers and devices linked to electonic files, counselors will benefit from familiarity with recommendations regarding account password security, identity protection, security measures in place by service providers like Google or Evernote, and fundamental defensive awareness to keep client information secure. Arguably, only with an adequate understanding of these 21st century technological factors will counselors be able to recognize and explain the vulnerability of confidentiality and maintain it from a more informed perspective. – AC

Additional Resources

Another Computer Age Nuisance: Spyware
APA – Code of Ethics
ASCA – Ethical Standards for School Counselors
CPA – Code of Ethics
SANS –  Security Awarenes Tip of the Day
Familiy Education Rights and Privacy