Data Security, AI, and Over-Stepping Apps as a Threat to Therapist-Client Confidentiality

Shaylynn Hayes-Raymond Psychotherapy Counselling and Coaching Canada and Worldwide New Brunswick

If you think you’re safe from data security breaches or from social media apps trying to link you with clients, you might be wrong…

When scrolling through Tik Tok one day I had an incredibly uncomfortable feeling as a practitioner. Right there in my suggested followers was a client of mine. To make matters incredibly worse in my eyes, that follower was a teenage client. Now, I will say that this particular Tik Tok account (luckily) is a public-facing advocacy Tik Tok in the mental health genre. This is not some personal account, and yet, it felt wildly inappropriate even though both the client and the account were dedicated to professional endeavours.

The reality of these apps is that most of them request access to your phone contacts in order to work. This, of course, is what led to my horrific experience. I am not American, so HIPAA doesn’t apply, and yet I still felt like this was a violating experience for myself, and potentially for clients who are suggested their therapist as a social media friend or follower.

Of course, the first solution is to never use your phone or text message account on the same device that you have social media installed. However, with the cost of devices these days, this might not be practical for all. There are apps like Burner or other VOIP (voice over internet protocol) devices that are better for conversing with clients even if it’s quick notifications. I would even suggest getting a second phone number that cannot be traced—both Burner and VOIP serve this purpose. In these cases you must use a third-party app for your contacts to keep them completely hidden.

In all apps like Facebook, Tik Tok, Instagram (and even shopping apps), make sure that your settings are completely locked down, private, and that there is no access to contact data or messages. Any form of tracking can, in-theory, provided access to information that you’d rather not allow out there.

If you think you’re safe because you’re in person with a client—think again! There is no evidence that phones listen to your conversations without consent, but the horrific truth is that they don’t have to. Instead, our phones are collecting so much data that they would never need to spy on you! Many of us are logged into Google accounts, Microsoft Accounts, and social media across devices. These apps and websites are collecting data across all of your use cases, including your phone and home computer, tablet, etc. If you’ve connected to a device, most privacy settings generally are so lax by default that it’s likely that you’re being tracked no matter how much security you have. Even creepier, many apps (including the shopping app TEMU) even collect your device ID specifically, so they can always tie data to you regardless of you deleting your account and creating a new one… which is terrifying.

Source: Lifehacker

All of this is incredibly concerning especially as psychotherapists, psychologists, and other counselling positions move further into either telehealth, or simply have physical devices in their offices that may be interacting with a client device. I believe this is the part where most therapists are going to be surprised—the fact that even if you never talk to or about your client on social media, simply having your devices together can tell your phones you likely know one another. This to me, is an insanely egregious violation of public trust. At this point, it seems like a faraday cage might be the best way to limit liability (I’m kidding, kind of).

I personally think every single practitioner should have data breach and cyber security insurance, even if their practice is in person. Do you bill online? Do you use a computer with internet to interact with documents and claims? That, in my opinion, is enough to warrant the highest level of cyber insurance for your practice.

This problem is getting even worse… Google, Meta, OpenAi, and even Apple (who is integrating OpenAI at a hardware level) are now bringing artificial intelligence and learning models to your personal devices and social media. How are they training these machines? With your data. Have a google account for your private practice? Well, unfortunately everything you’ve now searched is training google. Everything we do on the internet whether in the privacy of our own homes or not, is now becoming more aggregated by these tech giants. Some allow you to opt out, but others have been unceremoniously changing their terms and conditions quietly over night. Unfortunately, this is not a solutions-based article, it’s more of a tornado siren. Check your devices, check your apps, and turn on the highest level of privacy – EVEN IF THIS DEVICE NEVER INTERACTS WITH A CLIENT DIRECTLY. I also suggest using a VPN on your phone so that the location is now shown while with clients, or simply turning the device off so it cannot interact. If you do go the VPN route, pay for one, free is cheap for a reason.

I have worked as a web, graphic, and print designer for 10 years and hold an Honours Diploma in Creative Digital Media. I have a Bachelor’s Degree in Political Science and was heavily interested in cyberpolitics and security during this degree. I am not a licensed counsellor in New Brunswick. I offer consultation and advice for therapists here.


Leave a Reply

Your email address will not be published. Required fields are marked *


Request Therapy Services

Your Name(Required)
Where are you located?(Required)
Please note: Shaylynn is located in New Brunswick, Canada and offers this service via Zoom.
Any questions or concerns?