Jason Zack writes a regular column for TILT Magazine ~ Therapeutic Innovations in Light of Technology ~ and his column entitled Legal Briefs, gives insight into legal issues related to conducting online therapy. His most recent column Does HIPAA Require that Communication with Clients/Patients be Encrypted? states that HIPAA does not necessarily required encryption, but practitioners should take reasonable efforts.
What I have found is that many practitioners do not want to necessarily discuss the issue unless it is about what one MUST do. But if one is to engage in best practice, or said differently, offer the best standard of care, encrypted communication only makes ethical sense.
To further the discussion, consider this post:
Comcast Can Read Your E-mails, But Swears They Aren’t
For our readers who reside outside the United States ~
HIPAA is a Federal Law about medical record privacy.
Comcast is a company that offers phone and cable services.
Consider that even if your jurisdiction does not require that you use encryption with clients, doesn’t it seem like the best thing to do? Even if you are not required as a healthcare provider (perhaps you are a coach) encryption only makes sense.
If you are looking for easy applications consider Hushmail.
Take a look at Breakthrough.com as well if you are seeking additional encrypted applications other than email.
If you are mental health practitioner in the United States and you want an easy way to sort through encryption options, consider only utilizing an encryption product provided you can obtain a HIPAA Business Associate Agreement with the company. Everyone is all abuzz about Skype because of encryption but will Skype offer you a HIPAA Business Associate Agreement? Doubtful- if you do pull that off do let us know! It is a reasonable assumption that Skype is not in the business of healthcare!