14 May 2026
I am often asked whether email is “secure enough” for clinical work. The truth is that most privacy problems with email are not caused by failures in the technical continuum, but from ordinary human moments — forwarding the wrong message, including too much detail, sending sensitive information to the wrong address, or assuming an email is more private than it really is. Over the years, I have settled on a few practical rules that help reduce those risks while still allowing email to remain useful in day-to-day clinical practice.
1. As a rule of thumb, avoid emailing anything you wouldn’t comfortably say in a crowded room
Email feels private because we usually read it alone. Technically, though, messages are copied across many systems and devices. It is wise to assume there may eventually be more readers than intended.
2. Attachments deserve more caution than the email itself.
A short email can become highly sensitive the moment a report, intake form or assessment is attached. Once downloaded or forwarded, you may lose visibility over where that document ends up.
3. Be especially careful when discussing other people
Most privacy problems arise not from discussing ourselves, but from casually sharing details about clients, patients, colleagues or family members. Once somebody else’s information enters an email thread, you lose control over where it turns up.
4. Think before sending
Breaches are often just people being busy. Wrong attachments, autofill mistakes, reply-all accidents and messages sent to the wrong “John” are far more common than sophisticated hacking.
5. Treat your inbox like part of your records system
Professionals often think carefully about securing databases and practice management systems while years of sensitive conversations quietly accumulate inside inboxes across laptops, phones and tablets. Email deserves the same level of thought as any other client record. The same is true in reverse. Signing onto a sophisticated email encryption service is worthless if you don’t know how to handle your keys.
6. Remember that good habits often matter more than technology
Strong passwords, multi-factor authentication, secure devices and sensible judgement will usually protect people far more effectively than complicated security tools they do not fully understand or consistently use.
