Guest post: Secure Online Communication

Many therapists have mixed feelings when it comes to technology. It offers numerous ways to communicate with clients, but sometimes it’s a struggle to find secure communication tools. This is especially worrisome when new data breaches come to light almost daily.

HIPAA government policy states that therapists must “Ensure the confidentiality, integrity, and availability of all electronic protected health information the covered entity or business associate creates, receives, maintains, or transmits.”

While that statement doesn’t specify exactly what safeguards must be in place, we can offer some suggestions. After a lot of research, including a clinician survey, we’ve compiled a handful of best practices that are helping our counselors maintain HIPAA compliance while instilling confidence in their clients. As an affiliate, we may receive a commission from some of these companies. However, we can fully vouch for the effectiveness of their services as these are products we love and use in our own practice.

1. Use a secure fax line for file transmissions. If you don’t have an actual fax machine, we recommend SRFax.com for secure faxing. They also have a plan specifically for healthcare providers, and at only $7 a month, it’s an easy investment to keep communication secure. If you’re taking insurance, this is a quick and easy way to send in your claims and maintain HIPAA compliance.
2. Look into an online client management system that includes a client portal. There are a number of such services that are very helpful to therapists.
3. Consider a HIPAA compliant email for electronic communication. We recommend Hushmail, which offers a stand-alone encrypted email service with an account specifically for healthcare providers. If you’re emailing another Hushmail user, the message is automatically encrypted. This is perfect at my group practice when I send new client information to other clinicians. If you’re emailing someone who doesn’t use Hushmail, they will read the message on a secure webpage.
4. Include a technology statement in the informed consent you give your clients. Specifically explain that while no technology is completely secure, you have certain precautions in place. Also address your social media policy in your informed consent.
5. Include a statement on your email (unless it’s a HIPAA-compliant, encrypted email service) and website so people know their communication is not considered confidential if they’re communicating through technology. This is something I also tell clients in our initial session so they are aware of the limits of secure communication.

Technology will continue to change, often more quickly than we expect. The best way to maintain security and peace of mind is by protecting our online communication. By following the five steps outlined above, you will go a long way toward decreasing liability and increasing security.