• Important Stuff with the Word “Policy” in It, post 3: Electronic Communication

    [Read intro explaining this series]

    In today’s post about my Office Policies document you sign before your first session, I will review use of technology and the privacy issues surrounding it. First, the wording right out of the policies document itself.


    E–MAILS, CELL PHONES, COMPUTERS, AND FAXES: It is important to be aware that computers and unencrypted email, texts, and e-faxes communication (which are part of the clinical records) can be relatively easily accessed by unauthorized people and hence can compromise the privacy and confidentiality of such communication. Emails, texts, and e-faxes are vulnerable to such unauthorized access due to the fact that servers or communication companies may have unlimited and direct access to all emails, texts and e-faxes that go through them. While data on my computer is encrypted, emails, texts and e-fax are not. It is always a possibility that e-faxes, texts, and email can be sent erroneously to the wrong address and computers. I use therapy practice management software that is HIPAA-compliant (called SimplePractice), and super secure passwords. Please be aware that phone messages are sometimes electronically transcribed and sent to me via unencrypted emails. Please notify me if you decide to avoid or limit, in any way, the use of email, texts, cell phones calls, phone messages, or e-faxes. If you communicate confidential or private information via unencrypted email, texts or e-fax or via phone messages, I will assume that you have made an informed decision, will view it as your agreement to take the risk that such communication may be intercepted, and I will honor your desire to communicate on such matters. Never use texts, email, voicemail, or faxes for emergencies.


    What I most want to make sure you understand here is, first, that I nearly always use encrypted technologies. The text messages I send you are encrypted and HIPAA-secure. Every email I send you through the Simple Practice web portal is HIPAA-secure. All other emails I send you are encrypted if they contain any HIPAA-protected patient information. Faxes from standard fax machines are inherently secure because they are not digital. My fax number is a digital one and all faxes I send through it are HIPAA-secure.

    Second, this explains that although I am constrained by HIPAA and bound to follow it, you as my client are not. You are free to text or email me a message using standard non-secure messaging containing incredibly sensitive information about yourself and your treatment. I certainly don’t recommend it, but HIPAA applies to healthcare providers, not patients. This section of the policy makes you aware that I use private means of communicating, suggests that you consider doing so as well, and informs you that you are free to communicate with me any way you choose to. If you send me a non-secure email containing protected information, I will take that as your giving me permission to reply using non-secure communication also (though I almost never will).

    Third and finally, this states the importance of making sure you know that email, voicemail, and faxes (whether secure or not) should never be used if you are in crisis

    As important as this information is and as much as I want you to be familiar with it, it’s pretty boring isn’t it?! I might take a break from this series and post some more interesting material before going back to this.