4.7 Measures which only appear to address the problem One measure that is sometimes suggested as a way of addressing the problem of insecure telecommunication is the obtaining of ‘informed consent’ from patients at the beginning of treatment. Unfortunately, the difficulties concerning this notion, which exist for psychoanalysis generally due to the transference (see 3.1, above), are particularly acute in the case of telecommunicative settings because neither party is generally well-informed about the technology. If the shared ignorance and uncertainty continues, obtaining explicit consent could have the effect of introducing a permanent parameter which is inaccessible to psychoanalytic work. 17 In practical terms, in the context of a psychoanalytic relationship, psychoanalysts cannot make patients responsible for ensuring that their own hardware and software are safe and that the privacy of consultation is protected by their own equipment or by the network. Nor are psychoanalysts usually in a position to take this responsibility upon themselves. Another measure that is often cited, particularly in the USA, is HIPAA 18 compliance. The Security Rule 19 of HIPAA defines administrative, physical, and technical security standards for Electronic Protected Health Information (e-PHI). A number of providers of telehealth systems advertise their products as “HIPAA-compliant”, and some psychotherapists and psychoanalysts advertise that they use such products. However, it is clear from the detailed provisions of the Security Rule that genuine compliance would require far more than simply using equipment which carries the label , and few if any psychoanalysts would be able to comply in full for the same reasons as we have discussed above regarding endpoint security. Also, the definition of e-PHI excludes some forms of live oral communication such as video teleconferencing (and, by implication, telephone conversations) where “…the information being exchanged did not exist in electronic form before the transmission”. 20 Promises by specialist suppliers of conferencing systems to ‘erase’ data should be viewed with caution. With the development of large-scale ‘data mining’ and the aggregation of large datasets, for at least some suppliers the potential commercial advantages of 17 See Eissler (1953), p. 113: “Thus a fourth proposition must be introduced in order to delineate the conditions which a parameter must fulfill if the technique is to remain within the scope of psychoanalysis: The effect of the parameter on the transference relationship must never be such that it cannot be abolished by interpretation.” 18 Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191, U.S. Congress). https://www.hhs.gov/hipaa/for-professionals/index.html 19 https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html 20 https://www.hhs.gov/hipaa/for-professionals/faq/2010/does-the-security-rule-apply-to-written-and-oral- communications/index.html This appears to be a ‘grey area’ in the standards, but inspection of advertising material for ‘HIPAA-compliant’ systems aimed at healthcare professionals suggests that such questions of endpoint security are rarely mentioned, still less discussed.
23
Made with FlippingBook - professional solution for displaying marketing and sales documents online