There has been a fiery discussion about the need of using encryption by online therapists going on on one of the lists I follow closely.
Maybe not everyody is completely clear on what encryption is. If I work online with clients I will use a special email adress like hushmail or safe-mail because I know they are encrypted so they are less easy to hack. For chatsessions I will also use a medium that is encrypted so others do not listen in on what we are talking about. In my country there are no laws yet that online counsellors have to do this. But those therapists working f2f are used to having to secure their data safely by law. They have to have a locked cabinet in their rooms where they keep all their sensitive data. Why should online work be any different? For me that means that I keep my client info and emails on a password protected USB stick and that the stick is kept in the locked cabinet.
Not all therapists think encryption is neccesary, basically because it means we ask clients to do more before therapy can commence. We will ask them to set up for an encrypted email account, or to learn how encrypted word documents work. Some therapists are afraid that this will scare clients off, and who would want to steal emails anyway? On the one hand you may say, they have a point. But who would want to steal your medical data from your doctor’s office? Yet would you feel comfortable if they did not take precautions to keep your data safe? I think clients are smart enough to set up an email account. Most people do have gmail or hotmail already and it is not more complicated than that. And we occasionally might have to spend a little extra time explaining something. I for one do not mind that.
What I also urge is that clients take care of where they keep their own emails and chat session transcripts. Almost everything that goes on in therapy is very confidential and not something you might want to share with others. So if you share a computer [at work or at home] investing in a simple password protected USB stick is always a good idea.
I would welcome one clear rule that covers Europe on online work, some way that clients can see who they can trust. I have insured this as much as possible by getting verified at the online therapy institute. This is an international website that any therapist can join. And some go the extra mile by getting verified. The online therapy institute check your website and make sure that you meet their standards for working ethically online and that includes using encryption.
Please share your views on this post. I would like to hear what others think about this whole debate.