How Do You Secure Electronic Patient Data and Communications?

Have you thought about the security of your electronic mental health communications and records? In The Journal of Clinical Psychiatry, B. Christopher Frueh, PhD, and I offered practical suggestions to mental health clinicians for safeguarding patient data and communications. After all, we so often learn in the news media about electronic data breaches, hacking incidents, and identity theft.

I fear that mental health care clinicians are not adequately securing their electronic data and communications with their patients. A recent study I published with my collaborator Brian J. Hall, PhD, revealed that mental health clinicians are taking numerous digital risks, thereby compromising their patients’ anonymity and confidentiality.

The practical suggestions from Dr Frueh and I are numerous and comprehensive and could be overwhelming to some clinicians. So, here, let me be brief—and also more emphatic—about what clinicians need to do right now that they’re almost certainly not doing despite serious potential risks.

First, download and install a virtual private network (VPN) app on any devices you use on public WiFi networks (eg, coffee shops, hotels). Try a VPN service such as Cloak or others, and pay a few dollars a month for the peace of mind that your data and communications will be safe on public networks. VPN services are easy to use, inexpensive, and make the difference between securing your data and communications versus having your data leak to any snooping person on a public network who has even mild technological knowledge.

Second, don’t use unsecured email or text messaging with patients. Download and install a secure messaging app such as Wickr or Whatsapp. These apps are free and very easy to use. Both of these services use end-to-end encrypted messaging. Because of their technical infrastructure, they are so secure that even the companies who developed them cannot get access to your data. Inform your patients that you will only message with them through one of these apps (this means that they also have to use the app to send/receive messages with you).

Staying safe online is so very important in our modern digital information era. As mental health care professionals, we owe it to our patients to honor their privacy and security.

Financial disclosure:Dr Elhai recently served as a research consultant with Menninger Clinic, is an occasional expert witness on PTSD cases, is Associate Editor for Journal of Anxiety Disorders, and receives royalties from Elsevier and John Wiley and Sons for published books. He has no connections with the VPN and messaging app companies mentioned above.​