I am a strong advocate for privacy and confidentiality, for both myself and my clients.
We hear all the time that email and messaging isn’t as a secure as we might think it is. A common piece of advice is to assume that your email or text message is safe as something written on the back of a postcard. However, this is not practical in the area of medical records and doctor-patient and therapist-client communications. The Health Insurance Portability and Accountability Act (HIPAA) requires extra safeguards in technology.
In thinking about your confidentiality I employ two secure methods of communication. Protonmail and Spruce Health. Both of them are HIPAA complaint I will explain what each of these do.
Confidentiality via email
Protonmail is a privacy-oriented email company based in Switzerland, which has very strict privacy laws compared to the rest of Europe and the world. A competitor many of my colleagues use Hushmail. It’s a good service, too, but Switzerland has stricter privacy laws than Canada–stricter, in fact, than most parts of the world. Protonmail is very dedicated to privacy and keeps on developing new ways to protect it.
You should know how your confidentiality is protected is not protected by these services–sometimes it can be a little misleading when mental health providers talk about “secure email.” Protonmail does not have access to any emails, and they are encrypted once they go through Protonmail’s servers. I even have an app on my computer that encrypts and decrypts email as it enters and leaves my computer. Only I would have access to it, and what I do with the information is subject to HIPAA laws.
Whereas, even on its “confidential mode” Google can still see the contents of your emails. Not that humans at Google read every single one, but they have the capability of reading any email they wanted to or were ordered to turn over to authorities.
But you should know that this means that any emails between you and I won’t be fully encrypted unless you have Protonmail or use end to end encryption. This is true of any other HIPAA compliant email service, including Hushmail. However, it is possible to encrypt emails from both ends. If you were to email me and ask to set up an encrypted mail exchange, we could do that. You can request this by contacting me through this site or firstname.lastname@example.org.
Even more confidentiality with communication
Established clients can connect me online through an app called Spruce. Right now this is the way I connect with clients via video. I have seldom had problems with video reception through this app, and my clients almost never have complaints about how it functions on their end. If you have MyChart through a local health provider, this has some similarities in that all communications between you and healthcare providers are kept confidential and can’t be intercepted like normal email.
Please note, however, that as a Wisconsin social worker, I am by law required to report instances where I have reason to suspect that someone’s life or health might be at risk. Nevertheless, I take privacy very seriously and will do my utmost to defend it. Please note, however, that as a Wisconsin social worker, I am by law required to report instances where I have reason to suspect that someone’s life or health might be at risk. Nevertheless, I take privacy very seriously and will do my utmost to defend it.