Protecting Privacy

If you take seriously your responsibility to safeguard your e-patients confidentiality, you must provide some form of security encryption for your communications with them. There is too great a risk that unencrypted e-mail will be seen by eyes other than those for whom it was intended.

The free applications below use web messaging; e-mails are not saved on your computer or your e-patients'. Although this is very secure (and free), some people prefer to have access to past e-mails. A low-cost application like ZixMail allows you to save your correspondence in an encrypted form.

• ZixMail - secure e-mail application ($24); also free secure web messaging
• HushMail - free secure web messaging
• Zip-Lip - free secure web messaging

All the available encryption methods are less convenient than regular e-mail, but not too bad. It's a necessary inconvenience. This is why you need them:

1. E-mail in transit is vulnerable. Although it's unlikely, an e-mail traveling between you and your patient can easily be intercepted and read by people at any computers along the way (including AOL or your ISP); by NSA security programs; and by system administrators on a workplace network.

2. E-mail on your computer (or your patient's computer) is vulnerable. Unless you take precautions, it can be read by other persons for whom it was not intended.

1. Protect e-mail in transit by using encryption.

   1. Option 1: install and use an encryption program. They are inexpensive and reasonably easy to use. (ZixMail)

   2. Option 2: instead of e-mail, use secure web-based messaging. Messages never leave the server and so cannot be intercepted, and nothing is stored on your computer or your patient's. These applications are slower than the two listed above. (HushMail, Zip-Lip)

2. Protect e-mail on your computer from being seen by others.

   1. Never leave your computer unattended while it is running - especially while connected to the Internet. If you walk away from your desk, engage a password-protected screen saver.

   2. Make sure no one else can sit down at your computer and send or receive e-mail. ("But they would never read my e-mail" doesn't cut it. Make sure they cannot.) Do not store your e-mail password in your e-mail program; set up your e-mail so that you must type your password every time to send or receive e-mail.

   3. Password-protect your computer. If you share your computer with anyone else (including family members, staff or other therapists), password-protect files containing patient communications. Move old e-mail onto diskettes, encrypt them, and store under lock and key.

   4. For passwords, select a meaningless string of characters, not a word. Use punctuation characters if possible. A good password looks like this: j47!K4%u

   5. Double-check every e-mail before sending it, to make sure it is correctly addressed.

   6. If you print e-mail on paper, safeguard the paper adequately.

   7. If you use a laptop, be very careful to avoid its theft.

   8. If you employ system administrators with access to your computers, make them sign a legal agreement that they will not read e-mail. Otherwise they will, because they can.

   9. Caution your patients to follow similar precautions.