Should private practice therapists avoid storing data about therapy clients in the cloud?
Storing data in the cloud has become a privacy risk for private practice therapists because often the same data is stored in more than one place. It is common to have an automatic back-up system which makes a copy of the information stored on local computers.
Many companies in Canada outsource data processing to the US. Lots of cloud-based programs are stored on US servers.
In general, data can be stored on:
- local computers, in the RAM and on the drive
- external drives, USB flash drives, memory cards
- servers
- the browser you are using to access internet sites, the sites you visit and the software you are accessing online.
Storing your Data on US Servers
The US passed the Patriot Act shortly after the terrorist attacks on Sept 11, 2001. It allows the US government to eavesdrop on face to face, telephone and electronic communication without cause. This includes banking information and employee records, essentially any personal information. The critical point is that any information stored on servers in the US is available for surveillance by the FBI without the person’s knowledge or consent.
Here in Canada, that level of surveillance makes our government uncomfortable. If you have worked for a provincial agency that collects information from the public, you have probably noticed that there are strict rules about data storage. I'm not saying that private practice therapists can be sloppy, be we are legally allowed to keep our data in the cloud. We are allowed to use software programs that run on global servers. At a minimum, make sure your data is kept behind a secure login and password.
A Few Terms you Should Know
Server: A server is a computer program that provides a service to other computer programs. In a data centre, the physical computer which runs the server program is also frequently referred to as a server. If you work for a school district, health authority or hospital, your organization will have servers in specific locations and you will be able to store information on one of those servers rather than on your local computer.
LAN: A local area network is a computer network within a small geographical area such as a home, school, computer laboratory, office building or group of buildings. If your place of employment has a LAN, you will have inter-connected workstations and personal computers which are each capable of accessing and sharing data and devices such as printers, scanners and a central server.
Internet: The Internet can best be understood as a community of computers that are allowed to connect to each other, and any computer on the Internet can connect to any other computer at any time it wishes. Through infrastructure that spans the globe, there is one single, unified Internet that all computers connect to, allowing anyone connected to share and access all the information that they choose to. Thus, this open availability of data creates a huge privacy risk.
You might have heard that Canadians are particularly concerned about the FBI in the US gaining access to data about a client.
Cloud-Based: This is a term that refers to applications, services or resources made available to users on demand via the Internet from a cloud computing provider's server.
Global Server Load Balancing (GSLB): This is the practice of distributing Internet traffic amongst a large number of connected servers dispersed around the world. The benefits of GSLB include increased reliability and reductions in latency. For example, email programs like Gmail, Hotmail, and Yahoo run from global servers.