Encryption and the Security of Counselling by Email

Because security, privacy and confidentiality are central to the counselling process, this section specifically addresses encryption and security in the context of email counselling.

Encrypting Our Email Communications, and Stored Messages

All email communications with TryCounselling.com can be fully protected with strong encryption. If you would like to secure individual counselling emails, one option is to install PGP, considered by many security specialists to be the ‘gold standard’ of encryption software. Alternatively, a web-based email solution, which is fully interoperable with the PGP standard, is available from Hushmail in both paid and free versions. PGP and Hushmail employ a combination of standard strong encryption and public key cryptography, which enables us to communicate securely by first exchanging ‘public keys’ with one another; these keys enable our software to encrypt messages specifically for the other person’s email address. Once received, we each use a corresponding ‘private key’ — which only we have access to — to decrypt the messages which were encrypted with the public key.

The Getting Started process for email-based counselling includes a space for specifying your public key if you would like to encrypt messages, and you can specify a public key at any time in the future, even if you don’t do this as part of the initial process. You are not by any means required to encrypt our email communications, but the option is always available to you if you would like to do so.

Regardless of whether you choose to encrypt messages while they are in transit, all emails will be stored in encrypted form once I have received them.

Protecting Your Communications With Our Server

The welcome questionnaire which you will be asked to complete as part of the Getting Started process for email-based counselling is protected by full 128-bit or 256-bit (depending on the capabilities of your browser) SSL encryption, so that all details entered on the form will be secured during transmission to our server.

Shared Environments, Web-Based Systems, and ‘Secure Servers’

CounsellingResource.com provides a guide to encryption and security in online therapy, which I would encourage all potential clients to read. It includes a section about special considerations when you’re undertaking online counselling or therapy from work or while using a computer that you share with other people, and it warns about the inherent risks of centralised, web-based systems for communicating with mental health practitioners. It also explores and explains the term ‘secure server’ as it is usually used and highlights the fact that once information has been received by a server, it is usually not encrypted — despite what some practitioners might claim about their ‘secure server’.