Cybertherapy is defined as providing therapeutic counseling for emotional issues via the Web.
Trust
When dealing with Cypertherapy and digital commerce a central issue is trust. A patient looking for a therapist has the right to know if the therapist is licensed in the state he is providing the service, if the therapist has ever been disciplined by the licensing board or had any law suits made against him, especially if he lost the law suit. This is important online and face to face.
When we are communicating electronically we must establish trust without having ever met. The way that we do this is by having someone vouch for the integrity of one or both parties.
Unless the online therapy is encrypted there is a danger that private information can quickly become public. The Federal Government has a list of laws whose purpose it is to protect patient privacy. These laws are called HIPPA. It is imperative that every new doctor and therapist a patient visits be given a copy of those laws that must be read and signed by the patient. Without encryption, there is no way anyone can guarantee privacy. It is extremely unpleasant to think of very personal information becoming public information that is available to everyone, including strangers, friends, relatives and employers.
Digital Signatures and Public Key Encryption
What is a digital signature?
A digital signature is the electronic equivalent of a handwritten signature, verifying the authenticity of electronic documents. In fact, digital signatures provide even more security than their handwritten counterparts.
Some banks and package delivery companies use a system for electronically recording handwritten signatures. Some even go so far as to use biometric analysis to record the speed with which you write and even how hard you press down, ensuring the authenticity of the signature. However, this is not what is usually meant by digital signatures — a great relief to those of us with limited budgets and resources.
Often a digital signature uses a system of public key encryption to verify that a document has not been altered.
What is public key encryption?
Public key encryption (PKE) uses a system of two keys:
- a private key, which only you use (and of course protect with a well-chosen, carefully protected passphrase); and
- a public key, which other people use. Public keys are often stored on public key servers.
A document that is encrypted with one of these keys can be decrypted only with the other key in the pair.
For example, let’s say that Alice wants to send a message to Bob using PGP (a popular public key encryption system). She encrypts the message with Bob’s public key and sends it using her favorite email program. Once the message is encrypted with Bob’s public key, only Bob can decrypt the message using his private key. Even major governments using supercomputers would have to work for a very long time to decrypt this message without the private key.
Encrypt Your Data
Keep your browser secure. To guard your online transactions, use encryption software that scrambles information you send over the internet. A “lock” icon on the status bar of your internet browser means your information will be safe when it’s transmitted. Look for the lock before you send personal, financial or medical information online.
Check the SSL Certificate
Look at the URL of the website. If it begins with “https” instead of “http” it means the site is secured using an SSL Certificate (the s stands for secure). Certificates secure all your data as it is passed from your browser to the website’s server. To get an SSL Certificate, the company must go through a validation process.
However, there are a few different levels of validation—and some of them are easier to get through than others. The lowest level of validation, Domain Validation (DV), simply validates ownership of the domain and not the legitimacy of the organization requesting the certificate. In other words, if you bought the domain “amaz0n.com” and requested a certificate for it, you would get the certificate because you own the domain.
The highest level of validation, Extended Validation (EV), is the safest and most extensive. With Extended Validation the company requesting the certificate has to prove their identity as well as their legitimacy as a business. You can tell if a site has an EV certificate by looking at the address bar. Browsers show a green address bar with a lock icon for websites with EV certificates, as shown in the picture below.
References
- Barak, A., & Grohol, J. M. Current and future trends in internet-supported mental health interventions. Journal of Technology in Human Services, 29, 155-196.
- Buchanan, Sam (2002). Commentary: Digital Signatures and Public Key Encryption, Accessed 5/30/2018, http://afongen.com/
- Cicarelli, S. K., & White, J. N. (2015). Psychology, 5th edition. Upper Saddle River, NJ: Pearson.
- Hochbaum, G. (1958). Public participation in medical screening programs. (DHEW Publication No. 572, Public Health Service). Washington D. C.: US Government Printing Office.
- Pfleeger, Charles P., Pfleeger, Shari L. and Margulies, Jonathan (2015). Security in Computing, 5th Edition. Prentice Hall, Massachusetts
- Rosenstock, I. M. (1974). Historical origins of the health belief model. Health Education Monographs, 2, 328-335.
- Schwartz, Allan (2012). Commentary: The Dangers of Online Therapy, Accessed 5/30/2018, https://www.mentalhelp.net/blogs/the-dangers-of-online-therapy/