Monday, June 02, 2025

Data and Device security for Spiritual Companions

 ๐Ÿ” SD’s iPhone Security Checklist for U.S. Travel

NOTE: this blog post is in progress. Assumes an IPhone, and largely sourced from chatGPT, so far. Hoping to augment/correct with further useful advice for Spiritual Companions who don’t have HIPPA-compliant software but want to care for client data.

Purpose: Protect client confidentiality, comply with ethics, and limit personal exposure during potential device search/seizure at the U.S. border (aware that the border extends significantly inland, South, and North, to include large cities like Portland and Boston.)

The simple solution: purchase a burner and use that. 

๐Ÿงน Before You Travel: Scrub & Simplify

✅ 1. Fully Back Up and Then Factory Reset

  • Back up your iPhone to encrypted local backup via iTunes/Finder (not iCloud, which can be accessed with Apple ID credentials).
  • Do a full factory reset:
    Settings > General > Transfer or Reset iPhone > Erase All Content and Settings

✅ 2. Do Not Carry Client Data

  • Ensure no therapy notes, email, messaging history, or calendar appointments involving clients remain on the device.
  • Log out and delete all accounts associated with client info: Google, ProtonMail, Dropbox, etc.

✅ 3. Delete Secure Communication Apps

  • Delete all apps you use for confidential messaging:
    • Signal- or just set to delete all messages after 1 minute
    • WhatsApp
    • ProtonMail
    • Google apps (Docs, Calendar, Drive, Photos, Gmail)

✅ 4. Turn Off iCloud Sync for Contacts, Messages, etc.

  • Settings > [your name] > iCloud
    Turn off sync for:
    • Messages
    • Contacts
    • Notes
    • Mail
    • Keychain
  • Then delete any residual data from the device manually.

๐Ÿงผ About Facebook Messenger

Facebook is public-facing, but Messenger still contains private conversations.

Most secure method to retain access without device exposure:

  1. Download your Facebook data (including chat logs) to encrypted storage on your home computer.
    • Settings > Your Facebook Information > Download Your Information > Select only “Messages”
    • Store in encrypted folder (e.g., with VeraCrypt)
  2. Delete the Messenger app from your iPhone before travel.
  3. Log in via browser only if necessary, and do so only after arrival and on VPN.
  4. To minimize metadata:
    • Go to Settings > Privacy > Off-Facebook Activity and clear history
    • Consider toggling off “active status” under Messenger settings

This approach keeps your Messenger content technically accessible post-travel, while protecting it from device-based searches.

๐Ÿงฐ Prepare a Minimal Travel Setup

✅ 5. Use a Clean Apple ID

  • Set up a new Apple ID for travel. Avoid syncing anything personal.
  • No iCloud keychain, no Messages, no Photos.

✅  6. Use a Basic Email for Travel Only

  • Create a throwaway ProtonMail or Tutanota account for basic comms.
  • Only log in after arrival, via VPN.

✅  7. Only Keep Essential Apps

  • Navigation (Maps), transit, basic tools. Avoid social media, banking, client comms.
  • Optional: Download VPN app (e.g. NordVPN, ProtonVPN) but don’t log in until you’re through border control.

✈️ At the Border: Best Practices

✅ 8. Power Down Before Arrival

  • Turn off your phone before customs or security, to require PIN (not Face ID) if asked to unlock.

✅ 9. Use Strong Passcode Only

  • Settings > Face ID & Passcode
    Disable Face ID & Touch ID for unlock
    Set a 6+ digit numeric or alphanumeric passcode

✅ 10. Know Your Professional Limits

  • Say clearly:
    “I am a mental health professional and bound by legal confidentiality. I cannot allow access to communications or client-related information.”

While not guaranteed to stop a search, this can sometimes discourage deeper inspection, especially if your phone contains no obvious client data.

๐Ÿ“ฒ After Arrival: Cautious Reconnection

✅ 11. Reinstall Only What’s Necessary

  • If needed, reinstall:
    • Signal or WhatsApp
    • ProtonMail
    • Practice management apps
  • Do so only after VPN is active.

✅ 12. Keep Data Cloud-Based, Not Local

  • Even after travel, do not download sensitive client data to the phone.

๐Ÿง˜ Ethical and Practical Notes

  • Inform clients in advance if you’ll be out of secure communication temporarily.
  • Document your process (in supervision notes, if needed) to show ethical due diligence.
  • Avoid assumptions that Apple/iCloud is secure by default — data in the cloud is more accessible to third parties than locally encrypted files.

Therapist’s Ethical Perspective

Apps may unintentionally compromise HIPAA-aligned or ethics-compliant privacy if:

  • Client appointment details are cached.
  • Notifications pop up on your screen (even from “private” apps).
  • You’re not fully logged out when you think you are.

A browser session — deliberately opened, used briefly, and closed — is a contained, auditable interaction. It respects your ethical obligation to minimize client data exposure.

✅ Summary: Use Browser Instead of App Because…

Feature

Mobile App

Browser (Incognito)

Stays Logged In?

Usually yes

No

Local Data Stored?

Yes (caches, tokens)

No (or easily cleared)

Notifications?

Often yes

No

Can Inspect & Clear Data?

No

Yes

Safe to Access at Border?

Risky

Safer (if cleared)

Therapist/Ethical Angle

Even if your VPN is used solely for client protection and data security, at the border, it may be perceived as suspicious. Logging in preemptively — while ethical — can look like obstruction, which might paradoxically increase the risk of data seizure or delay.

Staying logged out, wiping credentials, and only reconnecting post-clearance keeps your clients and yourself safest in both practical and ethical terms.


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)