Report of the IPA Confidentiality Committee (English)

that is being actively pursued by the International New Groups Committee. In this process, increasing numbers of individual IPA members are finding themselves drawn towards engaging in some form of remote working. On the other hand, IPA members are committed by the IPA Ethics Code to protecting patient confidentiality. 10 For the IPA as an organisation there are risks in not addressing this problem. If a recording of a psychoanalytic session, or information derived from such a recording, were to be published on the Internet the consequences could be severe. The confidence of large numbers of patients in their analysts’ capacity to maintain confidentiality could be undermined, and the reputational damage to the IPA and its component institutes could be massive, sudden, and enduring. The IPA can wait until this happens, hoping that it might never happen, or it can anticipate the eventuality by advising its members accordingly. The latter course of action would offer some protection to IPA members by informing them of a risk that they might otherwise overlook. It would also mean that if an aggrieved patient were to seek redress through litigation, the IPA as a professional body would not have been negligent through failure to issue appropriate advice to its members. The IPA recently obtained detailed legal advice regarding the question of informed consent (Proops, 2017). This advice includes consideration of “the use of VOIP 11 technologies to share information relating to patients (e.g. clinical sessions which take place over Skype) (‘the VOIP Issue’)” (pp. 26-29, paragraphs 59-63). Although in places equivocal concerning the risks, this advice is broadly consistent with the analysis presented here. However, in some respects Proops makes some dubious assumptions, including that: “…it seems likely that ‘the big players’ in this area (e.g. Skype) would have in place extremely high levels of anti-hack security” (p. 28). This particular assumption has been undermined by numerous reports in recent years. 12 At the same time, she prudently refrains from advising whether the security offered by individual VoIP providers would be sufficient to enable psychoanalysts to meet “their own obligations to process data consistent with the seventh data protection principle” (i.e. securely 13 ) (pp. 27-28, paragraph 63). For individual IPA members there will be no simple solutions that will suit everyone. Some will choose not to engage in remote working, or will abandon it if already begun. Others, 10 In connection with the protection of privacy as a human right by paragraph 1 of the Ethical Code , it is relevant to note that in recent years the Office of the High Commissioner for Human Rights (OHCHR), which is the principal UN body mandated to promote and protect human rights, has been actively concerned about mass surveillance and in 2014 produced a major report on ‘The right to privacy in the digital age’ (OHCHR, 2014). 11 VOIP (or VoIP), Voice over Internet Protocol, refers to all forms of telephony mediated by the Internet. 12 For examples see: Symantec, 2009; National Security Agency, 2012; Sergina et al., 2013; Risen & Wingfield, 2013; Spiegel Staff, 2014; see also Lombard, 2011-2016. 13 ‘Seventh data protection principle’ is a reference to the United Kingdom’s Data Protection Act (1998), which states: “Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.”

21

Made with FlippingBook interactive PDF creator