If you are like many professionals who are toying with the idea of practicing online, you’ve probably been giving consideration to whether or not Skype meets requirements for security. You may know about the type of security required for electronic contact tith or about patients Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II). You might know about the HITech Act. While it is true that we are under a mandate to protect patient confidentiality, and that HIPAA is the law that pertains to those requirements for protecting the privacy and confidentiality of our patients or clients, the truth is that HIPAA is so vague that many professionals are simply unclear about the requirements, or how they relate to online counseling, telecounseling or online therapy.
The bigger question is about Skype and whether it is adequately secure for the needs of any licensed professional inpatients who wants to use it for online counseling. The biggest problem with Skype is that it is proprietary technology, and as such it is not open source, so it is not subject to scrutiny by outsiders. While the Skype website does make mention of security, and claims that Skype is indeed encrypted using a 264-bit encryption technique, there’s no assurance of the objectivity of that single report on the Skype website.
While some might also doubt the accuracy of websites such as Wikipedia, there is a particularly interesting and relevant entry related to “Skype security“. The last section of this particular Wikipedia entry goes into some detail about “bugs”, “history files” that are saved in the user’s machine to record authentication between users, and how “traffic on the network can be monitored by other parties in the network”, as well as specific “security flaws” of Skype. Frankly, my reading of it left me cold. Those are my views. What are yours? Please comment below.