Best Practices in eTherapy
Confidentiality and PrivacyJohn M. Grohol, Psy.D.
April 8, 1999 rev.3
Technical Limits to Confidentiality in the Real World
Confidentiality is not an absolute. It never has been in the real world, nor should it be held up to an impossible or ideal standard in the online world. Every area below is an area which I am personally familiar with; other areas may exist but are not included here. Confidentiality is broken under specific circumstances, both legitimately and illegitimately:
- By a court order - The therapist/client relationship is not
well-protected in most courts (only the lawyer/client relationship
is absolute). Most therapists honor subpoenas, but try and keep
as much information confidential as possible when responding to it.
- Life or death - When the client's life is in danger, or the client
threatens to harm someone else, the clients rights to confidentiality are
Life is more important than a person's right to privacy in this equation.
- Abuse - Our society no longer tolerates child, elder, or any
other kind of abuse. Therapists often break confidentiality when they
become aware of such an issue, either to protect the client, or to
protect the victim.
- Peeking at the records - Secretaries and other office personnel
often have to handle a client's entire chart even though all they are
concerned with are billing or appointment issues. CConfidentiality is often inadvertently broken in this manner.
Doctors, therapists, and nurses who are not directly treating the client may
also look at that client's chart in most facilities and organizations without
being questioned about their activity.
Obtaining unauthorized access to a client's chart may be as simple as going into an unlocked or loosely-monitored filing room and browsing through the files. In larger organizations, this activity can go unquestioned and unnoticed by other staff. In some hospitals, access to confidential chart material can be gained by wearing a doctor's white coat and by simply looking like you know what you're doing. Never underestimate the power of attitude.
The problem with authorized access by staff or clinic personnel examining parts of a client's record in which they have no valid purpose doing so may present a more commonplace and troublesome breech of confidentiality.
- Overheard conversations - I've worked in facilities which were less
than ideal. People's conversations could regularly be heard through
paper-thin walls. Sound machines were employed to try and reduce this
problem, but I honestly don't believe they worked as well as some
would believe (and not everyone used them). I've sat in waiting rooms
where I could clearly hear what was being discussed in a next-door
- No proper authorization -
Informal conversations about patients occur frequently between members of the staff
and colleagues at the same organization. Unless they are done in the context
of formal supervision, a case conference, or a formal consultation, however, such
conversations are usually forbidden by law and ethics codes.
Conversations which are okay may include consulting with a supervisor
or another therapist without necessarily revealing identifying information,
or the presentation of a case with the client's written, informed consent.
Conversations which can cross the line are those where identifying information
is often the first thing revealed when discussing a case with a colleague
or staff person. This is a gray area in real-world confidentiality, and
one which is often misunderstood and abused.
- Failure to remove identifying information - When presenting a case
in a case conference or staff meeting, clinicians sometimes fail to remove
sufficient identifying information so that the client's identity is
inadvertently revealed to the staff members. Since different professions
have different ethical standards in regards to confidentiality, such
accidental information may be then further disseminated amongst the
- Seeing a person walk into a mental health clinic or clinician's office -
Confidentiality and privacy are very much lost when anyone can observe the
public comings and goings of an individual as they make their way to or
from a mental health clinic or a therapist's office. The therapist or office
staff never have to say a word to anyone -- the whole world can see that
Person H is in therapy or has an appointment with a psychiatrist.
Technical Limits to Confidentiality in the Online World
- Contact information - The same areas of legitimate limits to confidentiality exist
online as much as they do in the real world. The main differentiating
factor is that, whereas clinicians in the real world are relatively
confident of having accurate contact information (although the
validity of that confidence may only be tested when a therapist
goes to contact a person for whatever reason and finds the information
to be false), clinicians in the online world may have not gathered
or verified such contact information.
Best practice dictates that real-world contact information is imperative, however, to ensure an emergency situation can be properly handled. (Putting off obtaining or verifying such information is not recommended; the nature of an emergency is that it is unexpected and traumatic, so you cannot count on gaining that information at that later moment.)
- Accidental recipient - A client or therapist may accidentally send
a confidential e-mail to an unintended recipient.
This is done all the time on electronic mailing lists (or listservs). Someone replies
to someone else in what they thought was private e-mail, but it actually
ends up on the mailing list for all hundreds of subscribers to read. One can
imagine this is a legitimate concern and risk in the area of
electronic communication (a much higher risk than unauthorized interception
of one's electronic communication).
One solution to this problem is to emphasize the importance of double-checking one's recipient list in the e-mail before pressing the Send button.
- Unauthorized access to your e-mail - Another legitimate risk is the unauthorized access to your e-mail
by either another member of your staff, the public, or your family.
People share computing resources all the time. The most popular
operating system in use today, Windows 3.x/95/98, has pitiful
to non-existent user-based security, if it's even used at all.
So it is quite possible -- and some would argue even likely -- that if
an individual uses e-mail from a family PC at home, their privacy
or confidentiality of electronic communications cannot be easily
One solution to this problem is for the client to use a Web-based e-mail system, such as Hotmail or Freemail. While this may solve this kind of unauthorized access to your e-mail by the users sharing your computer, it may open you up to additional illegitmate risks in confidentiality (noted below). Such systems are also not usually capable of using encryption.
- E-mail snooping - Some professionals have rightfully noted that
e-mail is not a secure medium. Compared with regular paper mail or
telephone calls, there is currently no federal penalty in the U.S.
for prying open someone's e-mail and reading its contents. In fact,
if you receive e-mail at work, it is quite possible your employer already
does this. (Employers should have an Internet policy in place if they
grant Internet access to their employees; an aspect of this policy
is the reminder that computer equipment, and everything on that computer
equipment, is the ownership of the company. That includes your work
e-mail, your bookmarks at work, and the record of what sites you
visit on the Web.)
Others make the claim that your Internet service provider (ISP) regularly snoops through your personal e-mail (e.g., America Online, or your local provider). This is a pretty outrageous claim. It assumes many things, such as that your ISP is inherently dishonest and untrustworthy (they are a business; dishonesty and untrustworthiness do not appear to be good business attributes to have). The claim also assumes that technically it can be done (it can), but that a person would bother doing it. Most ISP have thousands, if not tens-of-thousands of customers. To sit there and sort through the thousands of e-mails which pass through one's ISP is to imagine someone with a lot more time on their hands than anyone I know. While a filtering program could be setup to look for keywords (who's going to look for "depression"?!), again, it speaks to the business's lack of honesty and untrustworthiness. If such a business practice ever got out (and it would, since most ISPs are run by a staff of people), they would quickly go out of business.
The other possibility is the interception of e-mail as it makes its way through the vast network of the Internet. Again, this is possible, but only remotely so. Millions of e-mails pass through the Internet daily. While you could imagine someone who wants to monitor them (some claim the FBI, CIA, and NSA all do!), it would be a tremendous task. People who are on networks like America Online, with 14 million other members, would have even greater security (because of the size of their internal network).
According to figures quoted in the Feb. 8, 1999 issue of InternetWeek, 3.4 trillion e-mail messages were delivered in the U.S. in 1998. 2.1 billion e-mail messages are sent daily by U.S. users. Unless you are doing so from your place of employment, interception of your e-mail by an unauthorized user appears to be an incredibly small risk. It would be impossible to ensure absolutely no risk in such a transaction (just as a real-world therapist cannot ensure absolutely no risk in a real-world transaction, e.g., because they do not know their therapy office has been bugged or a patient's record has been tampered with).
All e-mail based risks can be virtually eliminated through the use of readily available technology. Encryption is available for most newer e-mail clients. If clients are informed of the benefits of encryption (which protects against legitimate and illegitimate access to their e-mail communications), it may be worth it to them to acquire such technology and install it on their computer or cause to have it installed.
As a test, a psychiatrist colleague of mine and myself wanted to see whether we could easily use encryption in an e-mail to one another. We both had encryption technology installed in our e-mail programs already, so it was just a matter of registering our public keys and sending the message. This was a virtually painless process we worked out in just a message or two. While we were both computer-literate individuals, we were in fact using different types of computers and programs to send and receive this e-mail. If you cannot figure out how to do this yourself, or your e-mail software doesn't support encryption, I strongly urge you to consult with someone who can install it for you, or switch to an e-mail program which supports encryption.
Encryption is a recommended technology which should be utilized when conducting online therapeutic interventions. At this time, however, it may not be considered a best practice because of the limitations in encryption technology (e.g., difficulty installing and registering, limits on U.S. encryption standards, usability questions, etc.). For instance, if you are emotionally distraught, the additional steps needed to read and send encrypted messages may simply be too much hassle. I still don't know of anyone who uses encrypted e-mail on a regular basis for any type of business.
This article outlined some of the common risk factors associated with confidentiality and privacy, comparing the real-world risks to the online world. While the online world does indeed offer its fair share of risks to a client's confidentiality and privacy, it is not readily apparent that these risks are significantly or inherently greater than similar risks already taken in real-world therapy sessions.
There may be a tendency amongst professionals used to operating in the real world to overlook or virtually ignore the real, everyday risks associated with their practice, or to dismiss them as irrelevant or minimal. Yet these same professionals will loudly point out the risks of e-mail based interventions without placing such risks into any type of useful context. Context is everything. Understanding the potential dangers is the first step toward giving a client truly informed consent, and taking measures to reduce these risks.
This is the first in a series of articles I hope to write in the upcoming months about various aspects of cybertherapy (often called "online therapy"). I hope they will act as a guide and starting point for anyone interested in practicing in this medium.
For more information about e-therapy, I suggest reading the other essays in the Best Practices in e-Therapy series.
The author is grateful to Craig Childress for editorial remarks made on an earlier draft of this article.