Hello! I’m Roy of Person Centered Tech. We know that you want to focus on your clients, so we provide articles, tools, and continuing education on how to best serve clients in the digital world.

(Sign up for other free articles addressing topics such as: telemental health, HIPAA, and practical technology tools!)


Smartphone screen with a photo of a staircase going down

Photo by Jonas Lee on Unsplash

It was revealed recently that mental health pros who use an Android phone for their practices, and have also used Facebook Instant Messenger on that Android phone for some time, may have suffered a breach of privacy from Facebook that impacts clients. There could be a need to report this privacy breach to affected clients, and there’s a small chance it might also need to be reported to Health and Human Services.

We did some consulting with mental health counselor and HIPAA attorney, Eric Strom, to get guidance on this issue. Roy’s video conversation with Eric is below.

Knowing What Happened

Ars Technica reported recently that for some Android phone users who run Facebook Messenger, Facebook Messenger has been accessing the phone call and text message logs on their phones.

For those professionals so affected, Facebook may have retained records of calls and texts exchanged with some of their clients. These records contain client phone numbers and whatever name was given to them in the clinician’s contact book. So we know that these records identify the clients being communicated with.

Finding Who Was Affected

You can download a copy of all the data that Facebook has collected about you. Facebook provides instructions for doing that here. We recommend that everyone who thinks they might have been affected by this incident download their data and see if there is any client information in it.

  1. If you use an Android phone to call or text clients, and have (or previously had) Facebook Messenger installed on it, your clients may have been impacted. You can check for sure by downloading your Facebook data and looking for client information in it.
  2. If you have never called or texted clients with an Android phone on which Facebook Messenger was installed, this did not impact your clients.
  3. If you never opted in to allow Facebook Messenger to access the contact book on your Android phone, this might not have impacted your clients.
  4. iPhones are not affected at all by this particular issue.

This free, informative article is brought to you by Hushmail,
who is offering our readers 15% off for life!
Wondering why this is here? See our sponsorship policy for details.

Hushmail Image

Roy with coffee mugRoy says: Hushmail is one of several secure email options that serves health care practitioners like us. Hushmail is highly trusted, affordable, includes secure forms for your web page, and has earned a recommendation from us for use by mental health professionals. Learn more about Hushmail for Healthcare and get 15% off for life.
(Disclosure: Roy now does a small amount of consulting for Hushmail to make their product better for mental health professionals.)

If you discover that logs of calls or texts with clients are, in fact, in your Facebook data, then it would be wise to take some action to prevent more data gathering by Facebook going forward. Preventing more data gathering is likely as simple as deleting Facebook Messenger (if not all Facebook apps) from your Android phone.

You can also request that Facebook remove call, text, and contact data from your account. Instructions are here. Do note, however, that some journalists report that these requests don’t seem to be consistently honored. So check to make sure your request was completed before assuming that call and text logs have been removed from your Facebook data.

Reporting the Incident

If you discover any client call or text logs in your Facebook data, it would be wise to tell any affected clients about their presence in those logs. There is also a small chance that you might need to report this incident to the federal Department of Health and Human Services.

This is where many therapists are likely to have a lot of questions. So instead of worrying alone, we decided to contact mental health counselor and attorney, Eric Strom, to help answer questions and provide guidance. Following is Roy’s interview with Eric on the topic. If you prefer to read rather than watch, you can click the button below the video to view a transcript of it. Some resources for following up on this incident are below the video!

Resources

We are having a LIVE REPLAY of our 1-hour CE presentation on HIPAA-compliant risk analysis, which is a process we use to help us avoid incidents like this one. CE credit is free for all. It will be on April 26th at 3PM Pacific / 6PM Eastern. Get more info and register here.

1) We have a free article that describes how HIPAA breach notification works. Find it here.

2) Download your full set of personal data held by Facebook using the instructions here.

3) Get call, text, and contact info removed from your Facebook personal data using the instructions here.

4) The Person Centered Tech membership includes multiple levels of risk management support and tools to help mental health professionals stop these kinds of incidents before they start. Click here to check it out.

 

Kiddo with hand on tablet screenJoin Our Telemental Health Certificate Program For The Best Standards-Based Training Available

Get certification of completing a standards-based telemental health program taught by one of the top experts in the nation.

Learn More


Person Centered Tech: we will demystify the legal and technical topics that are required of your profession and provide you with education and tools required to help make your business successful for you, and digitally safe for your clients. PCT is here to help you achieve your personal gold standard of client-centered care in privacy and security.


Person Centered Tech’s membership filters the noise of technology through education, customizable tools, expert consulting with direct answers and tried and tested recommendations to provide you with a clear, manageable pathway to provide excellence in care — all while you get your CE hours!


Get Our Articles and Free Resources by Email

green arrow pointing down Sign up to get authoritative articles in your Inbox, our whole collection of mental health private practice forms for tech ethics and HIPAA, consent forms for email and texting, 2 free CE hours, and much more!