Therapist Locator Risks

Website developers know that a therapist locator site touches significant information provided by the public. The public may reasonably believe that therapist search information is protected or at least private; not for distribution, sale or publication.

The Therapist Locator Service linked from OregonCounseling.org is HIPAA secure and clinicians who list their practices on it have a Business Associate Agreement which assures them that client/patient information is protected.

Unfortunately, many Therapist Locator services, including services provided internationally by Psychology Today, do not make their security processes understandable to members of the public who use them or to the professionals who list their services. In light of growing awareness of international website and data system hacking concern is valid.

Therapists must bear some responsibility to vet the businesses they employ to help them market their services and facilitate communication between therapists and the public.

Every IP address, MAC Id, cursor movement, keystroke, click, or file opened in a therapist locator system, can be time stamped, viewed, digitally recorded and saved using the system’s hosting platform. All that data could be aggregated, correlated, analyzed, viewed, saved, published and sold; legitimately or not.

According to software developers and the US Department of Health and Human Services, one small piece of data can be a key to identifying a person as the patient of a specific provider. Virtual private networks are not enough to keep PII and PHI private.

Knowing this, a website therapist locator service should be designed so that security procedures and organizational policy keeps private and secure Personally Identifiable Information (PII) and Protected Health Information (PHI) gathered implicitly and explicitly from the public.