Confidential and Secure Online Communication,
Encrypted Email, Chat and Forums.
The Online Therapy Institute”s Ethical Frameworks state that all practicing mental health professionals use encrypted services when communicating with clients. Encryption is as easy as setting up a free account with a program such as Hushmail. This is a secure email system that provides unparalleled privacy protection. Using the Secure Sockets Layer protocol and server encryption, Hushmail offers the highest possible protection for email, file attachments and chat room conversations. Many programs and platforms exist that meet encryption needs. Most encryption standards require at least 256 encryption algorithm which has been available for years so 256 encryption algorithm is not new technology.
There are two general ways “emails” can be exchanged. With a program like Hushmail, each person sets up a Hushmail account. The emails sent from one to the other are encrypted as they pass through cyberspace. The other way to send exchanges is through a platform. In this case, both parties logon to a website that is secure and encrypted and exchanges are passed within the website’s server. The exchange does not got out into cyberspace but it should still be encrypted. This works much like a forum or a bulletin board that is password protected.
It should be noted that forums or bulletin boards that are used for therapeutic purposes with clients or for peer supervision and case consultation should not only be password protected but encrypted as well.
If your website utilizes a form or questionnaire to screen clients or to obtain information, the form should be hosted on a a secure and encrypted page so that client information is protected. Many companies offer secure form development. The Online Therapy Institute recommends Hushmail’s form feature, Secure-Quotes.com or for HIPAA compliant forms, Medforward.com..
Firewall Protection and Virus Protection.
Mental health professionals should use both hardware and software firewalls to prevent unauthorized external access to computers. Concerned about privacy can be dimished by adding a firewall. A popular and effective software firewall for personal use is available at no charge from Zone Alarm. Firewalls are also included in many virus protection programs such as AVG.which offers a free version..
Mental health professionals should password protect computers and encourage clients to password protect as well. If others have access to the computer, a password can be used to stop them from viewing documents and other information that may be stored on the hard-drive. We also recommend any session information or personal journaling stored on the hard drive be encrypted. Consider Cryptainer, free software that secures data and ensures absolute privacy. You may also encrypt individual files before sending to someone else. This works much like password protecting a Word document with the difference being that the file is encrypted. The file can be sent through regular email channels but the person who receives the file must have a password to open the encrypted file. Many programs exist for this purpose. A free version is available through AxCrypt..
Workplace Computers/Email Privacy.
Since employers usually have a legal right to view data on company computers, Mental health professionals should advise clients to protect their privacy by avoiding the use of workplace computers for online counseling..
Other Privacy Considerations: Domestic Violence.
If your client is in a relationship that is abusive or privacy is being violated by a live-in or family member, please be aware that the same programs employers use to view data on employee computers is available to individuals as well. These programs record every keystroke made on the computer even if a program such as Hushmail is being utilized. If you have reason to suspect your client may be at risk, then online counseling may not be a suitable option at this time. Read this article about domestic violence and technology: https://www.onlinetherapyinstitute.com/domestic-violence/.
Is Encryption Required under HIPAA?.
There is much confusion about what HIPAA actually requires with regard to privacy, security and encryption. The American Medical Association offers answers to this and similar questions. While these FAQ are related to a compliance law in the U.S., the answer can assist in creating a worldwide standard. The short answer is that all entities should take reasonable precautions to protect confidential information. What makes a precaution reasonable includes issues related to cost and implementation. The Online Therapy Institute’s Ethical Frameworks state that all therapeutic correspondence should be encrypted because cost-effective programs and software such as the aforementioned are now available..
What about signing on with an E-Clinic?.
Be sure you understand the E-Clinic’s privacy policies, encryption measures and file storage procedures. See this blog post about joining E-Clinics: https://www.onlinetherapyinstitute.com/2009/10/so-you-want-to-join-an-e-clinic/ Check out this comparison chart regarding e-clinics: http://www.telementalhealthcomparisons.com/