By Samuel D. Lustgarten
Professional Psychology: Research and Practice, Apr 27 , 2015. http://dx.doi.org/10.1037/pro0000018
In June 2013, Edward Snowden released top-secret intelligence documents that detailed a domestic U.S. spying apparatus. This article reviews and contends that current APA ethics and record-keeping guidelines, the Health Insurance Portability and Accountability Act, and the Health Information Technology for Economic and Clinical Health Act do not adequately account for this new information and other emerging threats to client confidentiality. As psychologists bear the responsibility for being informed, protecting and maintaining client records, and preventing breaches, it is vital that the field establish specific best practices and present regular security updates to colleagues.
Here is an excerpt:
Unfortunately, on top of data-mining practices, most cloud storage and communication providers do not provide adequate information about data-retention policies. Google's Drive cloud storage service for personal users (not Google Apps) offers no specific data-retention policy (Google, 2014c). This amorphous data-retention policy stands in contrast to APA's (2007) record-keeping guidelines, which suggest that client records and data may be destroyed after 7 years in the absence of superseding legal requirements. It also calls into question a practitioner's ability to maintain and provide confidentiality and proper informed consent when using certain corporate providers. Moreover, it is questionable whether practitioners could ever believe that records had been deleted if the cloud provider did not clearly and publicly state its data-retention standards.
The entire article is here.