American Journal of Computer Science and Technology

Submit a Manuscript

Publishing with us to make your research visible to the widest possible audience.

Propose a Special Issue

Building a community of authors and readers to discuss the latest research and develop new ideas.

Research Article |

Securing Well-Being: Exploring Security Protocols and Mitigating Risks in AI-Driven Mental Health Chatbots for Employees

In today's workplace, mental health is gaining importance. As a result, AI-powered mental health chatbots have emerged as first-aid solutions to support employees. However, there are concerns regarding privacy and security risks, such as spoofing, tampering, and information disclosure, that need to be addressed for their implementation. The objective of this study is to explore and establish privacy protocols and risk mitigation strategies specifically designed for AI-driven mental health chatbots in corporate environments. These protocols aim to ensure the ethical usage of these chatbots. To achieve this goal, the research analyses aspects of security, including authentication, authorisation, end-to-end encryption (E2EE), compliance with regulations like GDPR (General Data Protection Regulation) along with the new Digital Services Act (DSA) and Data Governance Act (DGA). This analysis combines evaluation with policy review to provide comprehensive insights. The findings highlight strategies that can enhance the security and privacy of interactions with these chatbots. Organisations are incorporating heightened security measures, including the adoption of Two-factor Authentication (2FA) and Multi-Factor Authentication (MFA), integrating end-to-end encryption (E2EE), and employing self-destructing messages. Emphasising the significance of compliance, these measures collectively contribute to a robust security framework. The study underscores the critical importance of maintaining a balance between innovative advancements in AI-driven mental health chatbots and the stringent safeguarding of user data. It concludes that establishing comprehensive privacy protocols is essential for the successful integration of these chatbots into workplace environments. These chatbots, while offering significant avenues for mental health support, necessitate effective handling of privacy and security concerns to ensure ethical usage and efficacy. Future research directions include advancing privacy protection measures, conducting longitudinal impact studies to assess long-term effects, optimising user experience and interface, expanding multilingual and cultural capabilities, and integrating these tools with other wellness programs. Additionally, continual updates to ethical guidelines and compliance with regulatory standards are imperative. Research into leveraging AI advancements for personalised support and understanding the impact on organisational culture will further enhance the effectiveness and acceptance of these mental health solutions in the corporate sector.

AI-Driven Mental Health Chatbots, Privacy Protocols, Security Threats, GDPR Compliance, Corporate Mental Health, Risk Mitigation, Data Security

APA Style

Banerjee, S., Agarwal, A., Bar, A. K. (2024). Securing Well-Being: Exploring Security Protocols and Mitigating Risks in AI-Driven Mental Health Chatbots for Employees. American Journal of Computer Science and Technology, 7(1), 1-8. https://doi.org/10.11648/j.ajcst.20240701.11

ACS Style

Banerjee, S.; Agarwal, A.; Bar, A. K. Securing Well-Being: Exploring Security Protocols and Mitigating Risks in AI-Driven Mental Health Chatbots for Employees. Am. J. Comput. Sci. Technol. 2024, 7(1), 1-8. doi: 10.11648/j.ajcst.20240701.11

AMA Style

Banerjee S, Agarwal A, Bar AK. Securing Well-Being: Exploring Security Protocols and Mitigating Risks in AI-Driven Mental Health Chatbots for Employees. Am J Comput Sci Technol. 2024;7(1):1-8. doi: 10.11648/j.ajcst.20240701.11

Copyright © 2024 Authors retain the copyright of this article.
This article is an open access article distributed under the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0/) which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

1. Bassett, C. (2018, February 21). The computational therapeutic: exploring Weizenbaum’s ELIZA as a history of the present. AI & SOCIETY, 34(4), 803–812. https://doi.org/10.1007/s00146-018-0825-9
2. C. (2022, April 26). Heart Disease and Mental Health Disorders | cdc.gov. Centers for Disease Control and Prevention. https://www.cdc.gov/heartdisease/mentalhealth.htm
3. Catapano, P., Cipolla, S., Sampogna, G., Perris, F., Luciano, M., Catapano, F., & Fiorillo, A. (2023, October 20). Organizational and Individual Interventions for Managing Work-Related Stress in Healthcare Professionals: A Systematic Review. Medicina, 59(10), 1866. https://doi.org/10.3390/medicina59101866
4. Centers for Disease Control and Prevention. (2023, April 25). About Mental Health. https://www.cdc.gov/mentalhealth/learn/index.htm
5. Chisholm, D., Sweeny, K., Sheehan, P., Rasmussen, B., Smit, F., Cuijpers, P., & Saxena, S. (2016, May). Scaling-up treatment of depression and anxiety: a global return on investment analysis. The Lancet Psychiatry, 3(5), 415–424. https://doi.org/10.1016/s2215-0366(16)30024-4
6. Deng, M., Wuyts, K., Scandariato, R., Preneel, B., & Joosen, W. (2010, November 16). A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requirements Engineering, 16(1), 3–32. https://doi.org/10.1007/s00766-010-0115-7
7. GDPR.eu. (2018, November 14). Art. 17 GDPR - Right to erasure ('right to be forgotten’) - GDPR.eu. https://gdpr.eu/article-17-right-to-be-forgotten/
8. GDPR.eu. (2018, November 14). Art. 32 GDPR - Security of processing - GDPR.eu. https://gdpr.eu/article-32-security-of-processing/
9. GDPR.eu. (2018, November 14). Art. 5 GDPR - Principles relating to processing of personal data - GDPR.eu. https://gdpr.eu/article-5-how-to-process-personal-data/
10. GDPR.eu. (2018, November 7). What is GDPR, the EU’s new data protection law? - GDPR.eu. https://gdpr.eu/what-is-gdpr/
11. Grayson, N. R. (2023). Cybersecurity Framework Profile for Electric Vehicle Extreme Fast Charging Infrastructure. https://doi.org/10.6028/nist.ir.8473
12. Hamberg-van Reenen, H. H., Proper, K. I., & van den Berg, M. (2012, August 3). Worksite mental health interventions: a systematic review of economic evaluations. Occupational and Environmental Medicine, 69(11), 837–845. https://doi.org/10.1136/oemed-2012-100668
13. Hasal, M., Nowaková, J., Ahmed Saghair, K., Abdulla, H., Snášel, V., & Ogiela, L. (2021, June 3). Chatbots: Security, privacy, data protection, and social aspects. Concurrency and Computation: Practice and Experience, 33(19). https://doi.org/10.1002/cpe.6426
14. Kaspersky. (2023, April 19). Chatbots are everywhere, but do they pose privacy concerns? www.kaspersky.com. https://www.kaspersky.com/resource-center/preemptive-safety/chatbots
15. National Institute for Health and Care Excellence. (2022, March 2). Recommendations | Mental wellbeing at work | Guidance | NICE. https://www.nice.org.uk/guidance/ng212/chapter/Recommendations
16. Nicole Sette, J. C. (2023, March 23). Emerging Chatbot Security Concerns | Kroll. https://www.kroll.com/en/insights/publications/cyber/emerging-chatbot-security-concerns
17. Sebastian, G. (2023). Privacy and Data Protection in ChatGPT and Other AI Chatbots: Strategies for Securing User Information. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.4454761
18. Tariq, U., Ahmed, I., Bashir, A. K., & Shaukat, K. (2023, April 19). A Critical Cybersecurity Analysis and Future Research Directions for the Internet of Things: A Comprehensive Review. Sensors, 23(8), 4117. https://doi.org/10.3390/s23084117
19. U.S. Health Resources & Services Administration. (2019, August 2). Guide to Privacy and Security of Health Information. https://www.hrsa.gov/behavioral-health/guide-privacy-and-security-health-information
20. United States Department of Health and Human Services (HHS). (2009, November 20). Summary of the HIPAA Security Rule. HHS.gov. https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html
21. World Health Organization. (2016, April 13). Investing in treatment for depression and anxiety leads to fourfold return. https://www.who.int/news/item/13-04-2016-investing-in-treatment-for-depression-and-anxiety-leads-to-fourfold-return
22. World Health Organization. (2022, September 28). Guidelines on mental health at work. https://www.who.int/publications/i/item/9789240053052
23. Zagorski, N. (2022, May 1). Popularity of Mental Health Chatbots Grows. Psychiatric News, 57(5). https://doi.org/10.1176/appi.pn.2022.05.4.50
24. Goetzel, R. Z., Roemer, E. C., Holingue, C., Fallin, M. D., McCleary, K., Eaton, W., Agnew, J., Azocar, F., Ballard, D., Bartlett, J., Braga, M., Conway, H., Crighton, K. A., Frank, R., Jinnett, K., Keller-Greene, D., Rauch, S. M., Safeer, R., Saporito, D., . . . Mattingly, C. R. (2018, April). Mental Health in the Workplace. Journal of Occupational & Environmental Medicine, 60(4), 322–330. https://doi.org/10.1097/jom.0000000000001271
25. The White House. (2023, November 22). Blueprint for an AI Bill of Rights | OSTP | The White House. Retrieved December 10, 2023, from https://www.whitehouse.gov/ostp/ai-bill-of-rights
26. European Commission. (2023, December 15). The Digital Services Act package. Shaping Europe’s Digital Future. https://digital-strategy.ec.europa.eu/en/policies/digital-services-act-package
27. European Commission. (2023, December 14). European Data Governance Act. Shaping Europe’s Digital Future. https://digital-strategy.ec.europa.eu/en/policies/data-governance-act
28. House, W. (2023, October 30). FACT SHEET: President Biden Issues Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence. The White House. https://www.whitehouse.gov/briefing-room/statements-releases/2023/10/30/fact-sheet-president-biden-issues-executive-order-on-safe-secure-and-trustworthy-artificial-intelligence/