As virtual services become more prevalent in all aspects of our lives, College members are using, or considering the use of, different types of communication technology in their practice. Members frequently ask the College’s Professional Practice Department about the type of communication technology and the specific platforms that they should choose when providing virtual services. Communication technology is a broad term which may refer to texting, email, video chat platforms, social media platforms, websites, or other types of online communication.
The range of communication technologies may seem daunting at first. Technology options are extensive and may include online platforms such as websites, “apps” and social media sites. Different communication devices (such as computer, tablet, phone or wearable technologies) may also confound the process, which may be made even more challenging because of the fast pace of change in technology. The College cannot recommend a specific platform or type of virtual service; however, there are six key elements that members may wish to consider when choosing an online platform:
- Do clients understand the confidentiality risks associated with virtual services?
- Are clients aware that confidentiality may be compromised as a result of the use of a specific platform or type of virtual service?
- Does the collection, use and storage of client information when using the relevant platform or virtual service comply with applicable privacy legislation and the Standards of Practice?
- Is there a process for archiving and destroying (not just deleting) information?
- Is information stored in a jurisdiction where the laws are Ontario/Canadian privacy laws or consistent with those laws?
2. Security of information sharing
- Is information transmitted in a secure manner which facilitates confidentiality?
- Is encryption used? Is the encryption sufficiently strong? Check for bank-level, end-to-end encryption for the most security.
- Are passwords and/or two-step verification required for client confirmation?
- Do members and their clients have a private physical space from which to use virtual technology?
- Will public Wi-Fi be used and if so, is it sufficiently secure?
- Do different types of software provide a better client experience?
- Does the use of particular software result in other, intentional or unintentional, uses of client information/data?
- Is the software difficult to navigate? Are there costs for the member and/or the client?
- What plans are in place if/when there is an upgrade to the software?
- What is the risk of hardware (including cell phones or wearable technology) being stolen, lost or damaged?
- Does the virtual technology require hardware with additional memory or storage?
- Do clients have access to the internet and to the hardware needed for service?
- When new hardware is purchased, how will the information stored in the old hardware be managed and safely transferred?
- Does relevant hardware involve the use of wireless technology? If so, has the security of the wireless aspect been addressed?
5. Technological competence
- Is there up-to-date antivirus and anti-malware software?
- Has phishing protection been implemented?
- Are updates to browsers and operating systems implemented regularly?
- Are portable storage devices and other storage locations being used for back up purposes, and if so, are they encrypted and/or safely stored?
- Can mobile devices be locked and wiped of information if necessary?
6. Do clients understand the limits and risks associated with a member’s provision of virtual services?
- How are these limits and risks communicated to the client?
- Does the member have a record reflecting that such limits and risks have been communicated to the client?
- Does that record reflect that the client accepts the limits and risks associated with virtual services?
- Has that record been stored so that it can be retrieved if ever needed?
Providing virtual services is an approach that is flexible, but not without risk. It can also be unfamiliar territory for both members and clients. Before members use communication technology in their practice, they must ensure that they are competent to provide such services. By carefully considering the six elements described above, it is anticipated that members will minimize risk involved with the provision of virtual services.
If you have questions about this issue or other practice concerns, please contact the Professional Practice Department at email@example.com.