Encryption and the Security of Counselling by Email
Because security, privacy and confidentiality are central to the counselling process, this section specifically addresses encryption and security with a focus on the context of email counselling.
The Risk of Email Interception
Given that several trillion emails travel around the globe every year, I believe there is a relatively low probability of any given email being intercepted by an eavesdropper wishing to compromise the confidentiality of online counselling sessions by email. However, you should be aware that emails which are not encrypted may be read by anyone who does intercept them. That is why online therapists should offer full support for encrypted communications (and certainly I always did at my own online therapy practice).
In my view, it is also essential to find out whether your choice of online therapist can guarantee that all emails, once received locally on the therapist’s computer, will also be stored in encrypted form — regardless of whether they were originally sent in encrypted form. In my experience, very few online therapists even grasp the reason why this should be done in the first place — namely, that without encryption, all material is fully available to anyone with physical or remote access to the machine — and far fewer actually do it. Not encrypting local email storage is a bit like leaving all your paper files open on a desk. If you ask about encrypted storage of client information like emails, and your online therapist tells you something like “don’t worry, I have a firewall, and I keep my antivirus software regularly updated”, or “I have all the latest software updates on my computer”, what should you do? Worry. They don’t get it.
Securing Counselling Emails in Transit With Strong Encryption
A competing standard, called S/MIME (for “Secure/Multipurpose Internet Mail Extensions”), achieves essentially the same end result using public key cryptography. For email clients which support it, S/MIME can provide a much more seamless experience, with transparent behind-the-scenes key management and slick automatic encryption of outgoing emails as compared to the typically manual process of encrypting outgoing emails. (Recent versions of PGP include an automatic encryption option, but the implementation is so bloated and unreliable that to my knowledge, very few people actually use it.)
Protecting Your Communications With the Therapist’s Server
Any form-based questionnaire which you are asked to complete as part of getting started with online counselling should be protected by SSL encryption. However, this is actually sufficiently tricky that we’ve dedicated a special page to it — please see our separate article “Secure Web Forms: Are They Really?”.
In This Section
- About Counselling and Psychotherapy
- Counselling, Psychotherapy & Mental Health Bibliography
- Mental Health News
- Online Therapy and Online Counselling
- Advantages of Email Counselling and Online Therapy in General
- Assessing Suitability of Email Counselling and Online Therapy
- Disadvantages of Email Counselling and Online Therapy in General
- Encryption and Security of Online Therapy
- Ethics, Security and Real Therapy, Online
- Hints, Tips and Caveats for Effective Emailing
- Secure Web Forms: Are They Really?
- Talk to a Counselor or Therapist Online via Chat or Email
- Self-Help and Overviews
- Symptoms, Diagnostics, and Medications
- Types of Counselling and Psychotherapy
- Web Resources in Counselling, Psychotherapy and Mental Health
All clinical material on this site is peer reviewed by one or more clinical psychologists or other qualified mental health professionals. This specific article was originally published by Dr Greg Mulhauser, Managing Editor on .on and was last reviewed or updated by